Return-Path: Delivered-To: apmail-ofbiz-user-archive@www.apache.org Received: (qmail 66778 invoked from network); 3 Aug 2008 22:48:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Aug 2008 22:48:41 -0000 Received: (qmail 22061 invoked by uid 500); 3 Aug 2008 22:48:39 -0000 Delivered-To: apmail-ofbiz-user-archive@ofbiz.apache.org Received: (qmail 22046 invoked by uid 500); 3 Aug 2008 22:48:39 -0000 Mailing-List: contact user-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@ofbiz.apache.org Delivered-To: mailing list user@ofbiz.apache.org Received: (qmail 22035 invoked by uid 99); 3 Aug 2008 22:48:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Aug 2008 15:48:39 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [84.96.92.120] (HELO neuf-infra-smtp-out-sp604007av.neufgp.fr) (84.96.92.120) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Aug 2008 22:47:41 +0000 Received: from neuf-infra-smtp-out-sp604001av.neufgp.fr ([10.110.56.120]) by neuf-infra-smtp-out-sp604007av.neufgp.fr with neuf telecom id xhh91Z0012bdnoS07ynvr6; Mon, 04 Aug 2008 00:47:55 +0200 Received: from Dimension5000 ([84.100.250.115]) by neuf-infra-smtp-out-sp604001av.neufgp.fr with neuf telecom id xynu1Z0022W8H5Q01ynuf8; Mon, 04 Aug 2008 00:47:55 +0200 Message-ID: <011f01c8f5ba$f61a73b0$0402a8c0@Dimension5000> Reply-To: "Jacques Le Roux" From: "Jacques Le Roux" To: References: <43518.74.220.195.249.1217386738.squirrel@login.hostmonster.com> <488FDEF0.5070005@free-man.net> <18726014.post@talk.nabble.com> <4890119E.80706@free-man.net> <43404.74.220.195.249.1217442666.squirrel@login.hostmonster.com> <021901c8f289$e0e82250$0402a8c0@Dimension5000> <4890E077.4090402@free-man.net> <006101c8f2d4$72290aa0$0402a8c0@Dimension5000> <5597.71.80.181.85.1217626662.squirrel@mail.mymunshi.com> <14169.71.80.181.85.1217801427.squirrel@mail.mymunshi.com> Subject: Re: how to set security and permissions precedence Date: Mon, 4 Aug 2008 00:47:50 +0200 Organization: Les Arts Informatiques MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 X-Virus-Checked: Checked by ClamAV on apache.org Did you try an "ant clean" ? There have been some changes recently that implie this cleanup. Jacques From: "Milind W" > Looks like I have a problem making this example work with revision#679258 > > It worked fine (i.e I was redirected to login screen before I could get to > main) with rev#677863 > > Looks like the view > page="component://marketing/widget/CommonScreens.xml#login" /> > is part of the problem. The CommonScreens.xml has moved and does no longer > seem to have the 'login' screen. > > I tried finding another screen with the 'login' view. I found another one > in the 'common' component and modified my hello controller to point to > page="component://common/widget/CommonScreens.xml#login"/> > but it is no acting the same as previously. > > Please let me know what is missing (or any suggestion how best to > illustrate login) so I can complete and contribute my tutorial for > security. Would hate to create a tutorial that worked with one specific > build. > > http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results > > Thanks > -Milind > >> hi, >> I got login to work by adding the changes below to my controller using >> ofbiz4.0. >> I don't think I follow the reason with OFBTOOLS base persmission not >> taking effect in the ofbiz-component as explained in OFBIZ-829. >> But I agree with Si Chen on OFBIZ-829 >> "The right way is to assume no permission until one of the list of >> permissions is met." Seems more intitutive. >> For now I can workaround it so thanks all. >> -Milind >> >> >> >> >> >> >> > invoke="checkExternalLoginKey"/> >> >> >> >> >> >> Verify a user is logged in. >> >> > invoke="checkLogin" /> >> >> >> >> >> >> >> > invoke="login"/> >> >> >> >> >> >> >> >> >> >> >> > page="component://marketing/widget/CommonScreens.xml#login" /> >> >> >>> Not with a direct link to the comment where is the explanation ;p >>> Actually it was more a didactic post >>> >>> Jacques >>> >>> From: "BJ Freeman" >>>> LOL >>>> that was the first link I sent on this thread. >>>> >>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>> >>>>> You would have get >>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>> >>>>> >>>>> Jacques >>>>> >>>>> ----- Original Message ----- From: "Milind W" >>>>> >>>>> To: >>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>> Subject: Re: how to set security and permissions precedence >>>>> >>>>> >>>>>> Let me try to break up questions. >>>>>> Should'nt adding >>>>>> base-permission="OFBTOOLS" >>>>>> to the ofbiz-entity.xml force the user to login with a user id that >>>>>> is >>>>>> associated to the OFBTOOLS security group? >>>>>> I can see the application I created and the line seems to have no >>>>>> effect. >>>>>> What is the purpose of the line? >>>>>> Thanks >>>>>> -Milind >>>>>> >>>>>>> Please not that opentaps is not at the same level of revision that >>>>>>> ofbiz >>>>>>> it >>>>>>> there have been changes to security. >>>>>>> there are examples in the >>>>>>> framework/example >>>>>>> and >>>>>>> framework/exampleext >>>>>>> I believe this to better tutorial >>>>>>> since they work already. >>>>>>> >>>>>>> >>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>> >>>>>>>> >>>>>>>> BJ Freeman wrote: >>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>> >>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>> hi, >>>>>>>>>> Security Permissions >>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>> I want to understand how security works so I made the following >>>>>>>>>> modifications to hello1 >>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml >>>>>>>>>> I could still see the application I was assuming the application >>>>>>>>>> would >>>>>>>>>> as >>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>> 2)I added to the main request >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> This displays "java.lang.NullPointerException" in the browser. >>>>>>>>>> How do permissions precedence work starting from the UI to the >>>>>>>>>> entity >>>>>>>>>> layer. >>>>>>>>>> Help appreciated. >>>>>>>>>> Thanks >>>>>>>>>> -Milind >>>>>>>>>> >>>>>>>>>> Here is the log >>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] Type >>>>>>>>>> of >>>>>>>>>> event >>>>>>>>>> for request "checkLogin" not found >>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path >>>>>>>>>> of >>>>>>>>>> event >>>>>>>>>> for request "checkLogin" not found >>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod] >>>>>>>>>> Method >>>>>>>>>> of >>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>> ---- runtime exception report >>>>>>>>>> -------------------------------------------------- >>>>>>>>>> Error in request handler: >>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>> Message: null >>>>>>>>>> ---- stack trace >>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>> java.lang.NullPointerException >>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>> >>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>> >>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>> >>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>> >>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>> >>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>> >>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>> >>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>> >>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>> >>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>> >>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>> >>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>> >>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>> >>> >> >> > >