ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BJ Freeman <bjf...@free-man.net>
Subject Re: how to set security and permissions precedence
Date Mon, 04 Aug 2008 10:17:59 GMT
this is where using the example, exampleext, and the
wiki startup example will help.
this is where ofbiz is different than opentaps.
and the links to the information that has been give you in the past come
into play.
there is no quick way to learn ofbiz.
:)
error is saying the main decorator has not been defined in the web.xml
parms.

you should check you complete component against the framework/example.

Milind W sent the following on 8/3/2008 11:07 PM:
> I changed my controller to conform with the example controller.xml.
> Now it does attempt to send me to the login screen but get the following
> error.
> 
> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen
> [component://common/widget/CommonScreens.xml#login]:
> java.lang.IllegalArgumentException: Could not find screen with name
> [main-decorator] in the same file as the screen with name [login] (Could
> not find screen with name [main-decorator] in the same file as the screen
> with name [login])
> 
> Help!
>> your controller does not conform to the current svn controllers.
>> please review them.
>>
>>
>> Milind W sent the following on 8/3/2008 5:35 PM:
>>> I got the updated files.
>>> Did ant clean and then a new build.
>>> I still see the SAME behavior described in my previous email.
>>> I am attaching my controller.xml
>>>
>>>> here is the fix
>>>> http://svn.apache.org/viewvc?rev=682228&view=rev
>>>>
>>>> Milind W sent the following on 8/3/2008 4:27 PM:
>>>>> Just tried "ant clean" it made no difference.
>>>>> I can proceed to main without being redirected to login with
>>>>> rev#679258.
>>>>>
>>>>>
>>>>> Relevant log for rev#679258
>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main
>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response
>>>>> is
>>>>> a
>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main
>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
>>>>> UtilJ2eeCompat.java:69
>>>>> :INFO ] serverInfo: apache tomcat/6.0.16
>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
>>>>> UtilJ2eeCompat.java:78
>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write text
>>>>> out
>>>>> instead of response.getOutputStream
>>>>>
>>>>> and with rev#677863
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main
>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> LoginWorker.java:262:INFO ] reqParams Map: []
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> LoginWorker.java:263:INFO ] queryString:
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString=
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is
>>>>> a
>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login
>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20
>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using
>>>>> response.getWriter to write text out instead of
>>>>> response.getOutputStream
>>>>>
>>>>> The loginworker seems to be invoked with rev#677863 and not with
>>>>> rev#679258.
>>>>> Any Idea?
>>>>>
>>>>>> Did you try an "ant clean" ? There have been some changes recently
>>>>>> that
>>>>>> implie this cleanup.
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>> From: "Milind W" <mailinglist@mymunshi.com>
>>>>>>> Looks like I have a problem making this example work with
>>>>>>> revision#679258
>>>>>>>
>>>>>>> It worked fine (i.e I was redirected to login screen before I
could
>>>>>>> get
>>>>>>> to
>>>>>>> main) with rev#677863
>>>>>>>
>>>>>>> Looks like the view
>>>>>>> <view-map name="login" type="screen"
>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" />
>>>>>>> is part of the problem. The CommonScreens.xml has moved and does
no
>>>>>>> longer
>>>>>>> seem to have the 'login' screen.
>>>>>>>
>>>>>>> I tried finding another screen with the 'login' view. I found
>>>>>>> another
>>>>>>> one
>>>>>>> in the 'common' component and modified my hello controller to
point
>>>>>>> to
>>>>>>> <view-map name="login" type="screen"
>>>>>>> page="component://common/widget/CommonScreens.xml#login"/>
>>>>>>> but it is no acting the same as previously.
>>>>>>>
>>>>>>> Please let me know what is missing (or any suggestion how best
to
>>>>>>> illustrate login) so I can complete and contribute my tutorial
for
>>>>>>> security. Would hate to create a tutorial that worked with one
>>>>>>> specific
>>>>>>> build.
>>>>>>>
>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results
>>>>>>>
>>>>>>> Thanks
>>>>>>> -Milind
>>>>>>>
>>>>>>>> hi,
>>>>>>>> I got login to work by adding the changes below to my controller
>>>>>>>> using
>>>>>>>> ofbiz4.0.
>>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission
>>>>>>>> not
>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829.
>>>>>>>> But I agree with Si Chen on OFBIZ-829
>>>>>>>> "The right way is to assume no permission until one of the
list of
>>>>>>>> permissions is met." Seems more intitutive.
>>>>>>>> For now I can workaround it so thanks all.
>>>>>>>> -Milind
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <preprocessor>
>>>>>>>>         <!-- Events to run on every request before security
(chains
>>>>>>>> exempt) -->
>>>>>>>>         <!-- <event type="java"
>>>>>>>> path="org.ofbiz.webapp.event.TestEvent"
>>>>>>>> invoke="test"/> -->
>>>>>>>>         <event type="java"
>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>>>>> invoke="checkExternalLoginKey"/>
>>>>>>>>     </preprocessor>
>>>>>>>>
>>>>>>>> <!-- Request Mappings -->
>>>>>>>>
>>>>>>>>   <request-map uri="checkLogin" edit="false">
>>>>>>>>         <description>Verify a user is logged in.</description>
>>>>>>>>         <security https="false" auth="false"/>
>>>>>>>>         <event type="java"
>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>>>>> invoke="checkLogin" />
>>>>>>>>         <response name="success" type="view" value="main"
/>
>>>>>>>>         <response name="error" type="view" value="login"
/>
>>>>>>>>     </request-map>
>>>>>>>>
>>>>>>>>     <request-map uri="login">
>>>>>>>>         <security https="false" auth="false"/>
>>>>>>>>         <event type="java"
>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>>>>> invoke="login"/>
>>>>>>>>         <response name="success" type="view" value="main"/>
>>>>>>>>         <response name="error" type="view" value="login"/>
>>>>>>>>     </request-map>
>>>>>>>>
>>>>>>>>
>>>>>>>> <request-map uri="main">
>>>>>>>> <security https="false" auth="true" />
>>>>>>>> <response name="success" type="view" value="main"/>
>>>>>>>> </request-map>
>>>>>>>>
>>>>>>>> <view-map name="login" type="screen"
>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login"
/>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Not with a direct link to the comment where is the explanation
;p
>>>>>>>>> Actually it was more a didactic post
>>>>>>>>>
>>>>>>>>> Jacques
>>>>>>>>>
>>>>>>>>> From: "BJ Freeman" <bjfree@free-man.net>
>>>>>>>>>> LOL
>>>>>>>>>> that was the first link I sent on this thread.
>>>>>>>>>>
>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18
PM:
>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS.
>>>>>>>>>>>
>>>>>>>>>>> You would have get
>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Jacques
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message ----- From: "Milind W"
>>>>>>>>>>> <mailinglist@mymunshi.com>
>>>>>>>>>>> To: <user@ofbiz.apache.org>
>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM
>>>>>>>>>>> Subject: Re: how to set security and permissions
precedence
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> Let me try to break up questions.
>>>>>>>>>>>> Should'nt adding
>>>>>>>>>>>> base-permission="OFBTOOLS"
>>>>>>>>>>>> to the ofbiz-entity.xml force the user to
login with a user id
>>>>>>>>>>>> that
>>>>>>>>>>>> is
>>>>>>>>>>>> associated to the OFBTOOLS security group?
>>>>>>>>>>>> I can see the application I created and the
line seems to have
>>>>>>>>>>>> no
>>>>>>>>>>>> effect.
>>>>>>>>>>>> What is the purpose of the line?
>>>>>>>>>>>> Thanks
>>>>>>>>>>>> -Milind
>>>>>>>>>>>>
>>>>>>>>>>>>> Please not that opentaps is not at the
same level of revision
>>>>>>>>>>>>> that
>>>>>>>>>>>>> ofbiz
>>>>>>>>>>>>> it
>>>>>>>>>>>>> there have been  changes to security.
>>>>>>>>>>>>> there are examples in the
>>>>>>>>>>>>> framework/example
>>>>>>>>>>>>> and
>>>>>>>>>>>>> framework/exampleext
>>>>>>>>>>>>> I believe this to better tutorial
>>>>>>>>>>>>> since they work already.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008
9:40 PM:
>>>>>>>>>>>>>> BJ Freeman wrote:
>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Milind W sent the following on
7/29/2008 7:58 PM:
>>>>>>>>>>>>>>>> hi,
>>>>>>>>>>>>>>>> Security Permissions
>>>>>>>>>>>>>>>> I am using ofbiz rev.79258
>>>>>>>>>>>>>>>> I want to understand how
security works so I made the
>>>>>>>>>>>>>>>> following
>>>>>>>>>>>>>>>> modifications to hello1
>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS"
to the
>>>>>>>>>>>>>>>> ofbiz-component.xml
>>>>>>>>>>>>>>>> I could still see the application
I was assuming the
>>>>>>>>>>>>>>>> application
>>>>>>>>>>>>>>>> would
>>>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>>> me to login or prevent me
from seeing the page.
>>>>>>>>>>>>>>>> 2)I added <security>
to the main request
>>>>>>>>>>>>>>>> <request-map uri="main">
>>>>>>>>>>>>>>>> <security https="false"
auth="true"/>
>>>>>>>>>>>>>>>> <response name="success"
type="view" value="main"/>
>>>>>>>>>>>>>>>> </request-map>
>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException"
in the
>>>>>>>>>>>>>>>> browser.
>>>>>>>>>>>>>>>> How do permissions precedence
work starting from the UI to
>>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>>> entity
>>>>>>>>>>>>>>>> layer.
>>>>>>>>>>>>>>>> Help appreciated.
>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>> -Milind
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Here is the log
>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO
] [Processing Request]: main
>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>>> RequestManager.java:159:WARN
]
>>>>>>>>>>>>>>>> [RequestManager.getEventType]
>>>>>>>>>>>>>>>> Type
>>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>>> event
>>>>>>>>>>>>>>>> for request "checkLogin"
not found
>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>>> RequestManager.java:146:WARN
]
>>>>>>>>>>>>>>>> [RequestManager.getEventPath]
>>>>>>>>>>>>>>>> Path
>>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>>> event
>>>>>>>>>>>>>>>> for request "checkLogin"
not found
>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>>> RequestManager.java:172:WARN
]
>>>>>>>>>>>>>>>> [RequestManager.getEventMethod]
>>>>>>>>>>>>>>>> Method
>>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>>> event for request "checkLogin"
not found
>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR]
>>>>>>>>>>>>>>>> ---- runtime exception report
>>>>>>>>>>>>>>>> --------------------------------------------------
>>>>>>>>>>>>>>>> Error in request handler:
>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException
>>>>>>>>>>>>>>>> Message: null
>>>>>>>>>>>>>>>> ---- stack trace
>>>>>>>>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>>>>>>>>> java.lang.NullPointerException
>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown
Source)
>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown
Source)
>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595)
>>>>>>>>>>>>>>>> --------------------------------------------------------------------------------
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>
>>>>>
>>>>>
>>
> 
> 
> 
> 
> 


Mime
View raw message