http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
Milind W sent the following on 7/29/2008 7:58 PM: > hi, > Security Permissions > I am using ofbiz rev.79258 > I want to understand how security works so I made the following > modifications to hello1 > 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml > I could still see the application I was assuming the application would as > me to login or prevent me from seeing the page. > 2)I added <security> to the main request > <request-map uri="main"> > <security https="false" auth="true"/> > <response name="success" type="view" value="main"/> > </request-map> > This displays "java.lang.NullPointerException" in the browser. > How do permissions precedence work starting from the UI to the entity layer. > Help appreciated. > Thanks > -Milind > > Here is the log > 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ > RequestHandler.java:243:INFO ] [Processing Request]: main > sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 > 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ > RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of event > for request "checkLogin" not found > 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ > RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of event > for request "checkLogin" not found > 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ > RequestManager.java:172:WARN ] [RequestManager.getEventMethod] Method of > event for request "checkLogin" not found > 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ > ControlServlet.java:205:ERROR] > ---- runtime exception report > -------------------------------------------------- > Error in request handler: > Exception: java.lang.NullPointerException > Message: null > ---- stack trace > --------------------------------------------------------------- > java.lang.NullPointerException > javolution.util.FastMap.getEntry(Unknown Source) > javolution.util.FastMap.containsKey(Unknown Source) > org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) > org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) > org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) > org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) > org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) > org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) > javax.servlet.http.HttpServlet.service(HttpServlet.java:690) > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > java.lang.Thread.run(Thread.java:595) > -------------------------------------------------------------------------------- > > > > >
