Please see my other comment i send, before i could read the info below.
The security data consist out of security data, but in there is also a
part 'seed' data what always will be required even if the component
security data is not loaded. I moved that in the security and service
component back to seed.
With this change the default is now : no access to any component instead
of the default access to all components
To be backwards compatible one can load all security data and the
situation is then the same as before this change and nothing is broken
when that is done.
To make the system operate without any errors in the log with only
seed/extseed we need this extra securitygroup 'SYSTEM'
When the community agrees to that , i can implement that in a few hours.
Regards,
Hans
On 06/16/2012 11:16 AM, Jacopo Cappellato wrote:
Hans,
I have a few concerns about your recent work on seed/security data:
1) in this commit you moved data in the wrong file only to support the new mechanism; the
data you moved is really "security" data, even if it is needed by the system to
work properly
2) with your recent changes you have broken the contract that says that an instance with seed data
only should work fine (all the data "hardcoded" in source code should be shipped as seed,
and the "system" user is an example of this); see for example: OFBIZ-4936
3) you clearly didn't fully test the impact of your changes in all the
scenarios and you are doing this by trial and error in several commits
I am really tempted to ask you to revert all the recent work you did in this
area and rediscuss with the community... what do other think about this topic?
Kind regards,
Jacopo
On Jun 16, 2012, at 4:51 AM, [email protected] wrote:
Author: hansbak
Date: Sat Jun 16 02:51:18 2012
New Revision: 1350843
URL: http://svn.apache.org/viewvc?rev=1350843&view=rev
Log:
move service security data to seed data
Removed:
ofbiz/trunk/framework/service/data/ServiceSecurityData.xml
Modified:
ofbiz/trunk/framework/service/data/ServiceSeedData.xml
ofbiz/trunk/framework/service/ofbiz-component.xml
Modified: ofbiz/trunk/framework/service/data/ServiceSeedData.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/data/ServiceSeedData.xml?rev=1350843&r1=1350842&r2=1350843&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/data/ServiceSeedData.xml (original)
+++ ofbiz/trunk/framework/service/data/ServiceSeedData.xml Sat Jun 16 02:51:18
2012
@@ -19,6 +19,11 @@ under the License.
-->
<entity-engine-xml>
+<!-- Remote Service security -->
+<SecurityPermission description="Permission to invoke any service remotely."
permissionId="SERVICE_INVOKE_ANY"/>
+<SecurityGroupPermission groupId="FULLADMIN"
permissionId="SERVICE_INVOKE_ANY"/>
+<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="SERVICE_INVOKE_ANY"/>
+
<!-- Temporal Expression seed data -->
<!-- Pre-define all 60 minutes -->
Modified: ofbiz/trunk/framework/service/ofbiz-component.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/ofbiz-component.xml?rev=1350843&r1=1350842&r2=1350843&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/ofbiz-component.xml (original)
+++ ofbiz/trunk/framework/service/ofbiz-component.xml Sat Jun 16 02:51:18 2012
@@ -31,7 +31,6 @@ under the License.
<entity-resource type="data" reader-name="seed" loader="main"
location="data/ScheduledServiceData.xml"/>
<entity-resource type="data" reader-name="seed-initial" loader="main"
location="data/ScheduledServices.xml"/>
<entity-resource type="data" reader-name="seed" loader="main"
location="data/ServiceSeedData.xml"/>
-<entity-resource type="data" reader-name="security" loader="main"
location="data/ServiceSecurityData.xml"/>
<entity-resource type="data" reader-name="demo" loader="main"
location="data/ServiceDemoData.xml"/>
<service-resource type="model" loader="main"
location="servicedef/services.xml"/>
