ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BJ Freeman <bjf...@free-man.net>
Subject Re: how to set security and permissions precedence
Date Sun, 03 Aug 2008 23:40:17 GMT
bug was fix the news rev works.

Milind W sent the following on 8/3/2008 4:27 PM:
> Just tried "ant clean" it made no difference.
> I can proceed to main without being redirected to login with rev#679258.
> 
> 
> Relevant log for rev#679258
> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
> [RequestHandler.java:243:INFO ] [Processing Request]: main
> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a
> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
> [RequestHandler.java:584:INFO ] servletName=control, view=main
> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [     UtilJ2eeCompat.java:69
> :INFO ] serverInfo: apache tomcat/6.0.16
> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [     UtilJ2eeCompat.java:78
> :INFO ] Apache Tomcat detected, using response.getWriter to write text out
> instead of response.getOutputStream
> 
> and with rev#677863
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
> RequestHandler.java:236:INFO ] [Processing Request]: main
> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [       
> LoginWorker.java:262:INFO ] reqParams Map: []
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [       
> LoginWorker.java:263:INFO ] queryString:
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [       
> LoginWorker.java:273:INFO ] checkLogin: queryString=
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [       
> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a
> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
> RequestHandler.java:578:INFO ] servletName=control, view=login
> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20
> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using
> response.getWriter to write text out instead of response.getOutputStream
> 
> The loginworker seems to be invoked with rev#677863 and not with rev#679258.
> Any Idea?
> 
>> Did you try an "ant clean" ? There have been some changes recently that
>> implie this cleanup.
>>
>> Jacques
>>
>> From: "Milind W" <mailinglist@mymunshi.com>
>>> Looks like I have a problem making this example work with
>>> revision#679258
>>>
>>> It worked fine (i.e I was redirected to login screen before I could get
>>> to
>>> main) with rev#677863
>>>
>>> Looks like the view
>>> <view-map name="login" type="screen"
>>> page="component://marketing/widget/CommonScreens.xml#login" />
>>> is part of the problem. The CommonScreens.xml has moved and does no
>>> longer
>>> seem to have the 'login' screen.
>>>
>>> I tried finding another screen with the 'login' view. I found another
>>> one
>>> in the 'common' component and modified my hello controller to point to
>>> <view-map name="login" type="screen"
>>> page="component://common/widget/CommonScreens.xml#login"/>
>>> but it is no acting the same as previously.
>>>
>>> Please let me know what is missing (or any suggestion how best to
>>> illustrate login) so I can complete and contribute my tutorial for
>>> security. Would hate to create a tutorial that worked with one specific
>>> build.
>>>
>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results
>>>
>>> Thanks
>>> -Milind
>>>
>>>> hi,
>>>> I got login to work by adding the changes below to my controller using
>>>> ofbiz4.0.
>>>> I don't think I follow the reason with OFBTOOLS base persmission not
>>>> taking effect in the ofbiz-component as explained in OFBIZ-829.
>>>> But I agree with Si Chen on OFBIZ-829
>>>> "The right way is to assume no permission until one of the list of
>>>> permissions is met." Seems more intitutive.
>>>> For now I can workaround it so thanks all.
>>>> -Milind
>>>>
>>>>
>>>>
>>>> <preprocessor>
>>>>         <!-- Events to run on every request before security (chains
>>>> exempt) -->
>>>>         <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent"
>>>> invoke="test"/> -->
>>>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>>>> invoke="checkExternalLoginKey"/>
>>>>     </preprocessor>
>>>>
>>>> <!-- Request Mappings -->
>>>>
>>>>   <request-map uri="checkLogin" edit="false">
>>>>         <description>Verify a user is logged in.</description>
>>>>         <security https="false" auth="false"/>
>>>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>>>> invoke="checkLogin" />
>>>>         <response name="success" type="view" value="main" />
>>>>         <response name="error" type="view" value="login" />
>>>>     </request-map>
>>>>
>>>>     <request-map uri="login">
>>>>         <security https="false" auth="false"/>
>>>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>>>> invoke="login"/>
>>>>         <response name="success" type="view" value="main"/>
>>>>         <response name="error" type="view" value="login"/>
>>>>     </request-map>
>>>>
>>>>
>>>> <request-map uri="main">
>>>> <security https="false" auth="true" />
>>>> <response name="success" type="view" value="main"/>
>>>> </request-map>
>>>>
>>>> <view-map name="login" type="screen"
>>>> page="component://marketing/widget/CommonScreens.xml#login" />
>>>>
>>>>
>>>>> Not with a direct link to the comment where is the explanation ;p
>>>>> Actually it was more a didactic post
>>>>>
>>>>> Jacques
>>>>>
>>>>> From: "BJ Freeman" <bjfree@free-man.net>
>>>>>> LOL
>>>>>> that was the first link I sent on this thread.
>>>>>>
>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM:
>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS.
>>>>>>>
>>>>>>> You would have get
>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
>>>>>>>
>>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>> ----- Original Message ----- From: "Milind W"
>>>>>>> <mailinglist@mymunshi.com>
>>>>>>> To: <user@ofbiz.apache.org>
>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM
>>>>>>> Subject: Re: how to set security and permissions precedence
>>>>>>>
>>>>>>>
>>>>>>>> Let me try to break up questions.
>>>>>>>> Should'nt adding
>>>>>>>> base-permission="OFBTOOLS"
>>>>>>>> to the ofbiz-entity.xml force the user to login with a user
id that
>>>>>>>> is
>>>>>>>> associated to the OFBTOOLS security group?
>>>>>>>> I can see the application I created and the line seems to
have no
>>>>>>>> effect.
>>>>>>>> What is the purpose of the line?
>>>>>>>> Thanks
>>>>>>>> -Milind
>>>>>>>>
>>>>>>>>> Please not that opentaps is not at the same level of
revision that
>>>>>>>>> ofbiz
>>>>>>>>> it
>>>>>>>>> there have been  changes to security.
>>>>>>>>> there are examples in the
>>>>>>>>> framework/example
>>>>>>>>> and
>>>>>>>>> framework/exampleext
>>>>>>>>> I believe this to better tutorial
>>>>>>>>> since they work already.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM:
>>>>>>>>>>
>>>>>>>>>> BJ Freeman wrote:
>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
>>>>>>>>>>>
>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58
PM:
>>>>>>>>>>>> hi,
>>>>>>>>>>>> Security Permissions
>>>>>>>>>>>> I am using ofbiz rev.79258
>>>>>>>>>>>> I want to understand how security works so
I made the following
>>>>>>>>>>>> modifications to hello1
>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the
ofbiz-component.xml
>>>>>>>>>>>> I could still see the application I was assuming
the
>>>>>>>>>>>> application
>>>>>>>>>>>> would
>>>>>>>>>>>> as
>>>>>>>>>>>> me to login or prevent me from seeing the
page.
>>>>>>>>>>>> 2)I added <security> to the main request
>>>>>>>>>>>> <request-map uri="main">
>>>>>>>>>>>> <security https="false" auth="true"/>
>>>>>>>>>>>> <response name="success" type="view" value="main"/>
>>>>>>>>>>>> </request-map>
>>>>>>>>>>>> This displays "java.lang.NullPointerException"
in the browser.
>>>>>>>>>>>> How do permissions precedence work starting
from the UI to the
>>>>>>>>>>>> entity
>>>>>>>>>>>> layer.
>>>>>>>>>>>> Help appreciated.
>>>>>>>>>>>> Thanks
>>>>>>>>>>>> -Milind
>>>>>>>>>>>>
>>>>>>>>>>>> Here is the log
>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing
Request]: main
>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType]
>>>>>>>>>>>> Type
>>>>>>>>>>>> of
>>>>>>>>>>>> event
>>>>>>>>>>>> for request "checkLogin" not found
>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath]
>>>>>>>>>>>> Path
>>>>>>>>>>>> of
>>>>>>>>>>>> event
>>>>>>>>>>>> for request "checkLogin" not found
>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod]
>>>>>>>>>>>> Method
>>>>>>>>>>>> of
>>>>>>>>>>>> event for request "checkLogin" not found
>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>> ControlServlet.java:205:ERROR]
>>>>>>>>>>>> ---- runtime exception report
>>>>>>>>>>>> --------------------------------------------------
>>>>>>>>>>>> Error in request handler:
>>>>>>>>>>>> Exception: java.lang.NullPointerException
>>>>>>>>>>>> Message: null
>>>>>>>>>>>> ---- stack trace
>>>>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>>>>> java.lang.NullPointerException
>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown
Source)
>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown
Source)
>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
>>>>>>>>>>>>
>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
>>>>>>>>>>>>
>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
>>>>>>>>>>>>
>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
>>>>>>>>>>>>
>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
>>>>>>>>>>>>
>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
>>>>>>>>>>>>
>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>>
>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>>>>>>
>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>>>>>>
>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595)
>>>>>>>>>>>> --------------------------------------------------------------------------------
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>
>>>
> 
> 
> 
> 
> 


Mime
View raw message