Let me try to break up questions. Should'nt adding base-permission="OFBTOOLS" to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect. What is the purpose of the line? Thanks -Milind
> Please not that opentaps is not at the same level of revision that ofbiz > it > there have been changes to security. > there are examples in the > framework/example > and > framework/exampleext > I believe this to better tutorial > since they work already. > > > Balaji Sundar sent the following on 7/29/2008 9:40 PM: >> >> >> BJ Freeman wrote: >>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>> >>> Milind W sent the following on 7/29/2008 7:58 PM: >>>> hi, >>>> Security Permissions >>>> I am using ofbiz rev.79258 >>>> I want to understand how security works so I made the following >>>> modifications to hello1 >>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml >>>> I could still see the application I was assuming the application would >>>> as >>>> me to login or prevent me from seeing the page. >>>> 2)I added <security> to the main request >>>> <request-map uri="main"> >>>> <security https="false" auth="true"/> >>>> <response name="success" type="view" value="main"/> >>>> </request-map> >>>> This displays "java.lang.NullPointerException" in the browser. >>>> How do permissions precedence work starting from the UI to the entity >>>> layer. >>>> Help appreciated. >>>> Thanks >>>> -Milind >>>> >>>> Here is the log >>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of >>>> event >>>> for request "checkLogin" not found >>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of >>>> event >>>> for request "checkLogin" not found >>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod] Method >>>> of >>>> event for request "checkLogin" not found >>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>> ControlServlet.java:205:ERROR] >>>> ---- runtime exception report >>>> -------------------------------------------------- >>>> Error in request handler: >>>> Exception: java.lang.NullPointerException >>>> Message: null >>>> ---- stack trace >>>> --------------------------------------------------------------- >>>> java.lang.NullPointerException >>>> javolution.util.FastMap.getEntry(Unknown Source) >>>> javolution.util.FastMap.containsKey(Unknown Source) >>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>> java.lang.Thread.run(Thread.java:595) >>>> -------------------------------------------------------------------------------- >>>> >>>> >>>> >>>> >>>> >>> >>> >> >> http://www.opensourcestrategies.com/ofbiz/security.php >> http://www.opensourcestrategies.com/ofbiz/security.php > >
