http://lists.ofbiz.org/pipermail/jira/2006-April/003536.html should help. also look at https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 for how permission are grouped together the list of permission in ofbiz https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=SecurityPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0
Milind W sent the following on 7/30/2008 11:31 AM: > Let me try to break up questions. > Should'nt adding > base-permission="OFBTOOLS" > to the ofbiz-entity.xml force the user to login with a user id that is > associated to the OFBTOOLS security group? > I can see the application I created and the line seems to have no effect. > What is the purpose of the line? > Thanks > -Milind > >> Please not that opentaps is not at the same level of revision that ofbiz >> it >> there have been changes to security. >> there are examples in the >> framework/example >> and >> framework/exampleext >> I believe this to better tutorial >> since they work already. >> >> >> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>> >>> BJ Freeman wrote: >>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>> >>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>> hi, >>>>> Security Permissions >>>>> I am using ofbiz rev.79258 >>>>> I want to understand how security works so I made the following >>>>> modifications to hello1 >>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml >>>>> I could still see the application I was assuming the application would >>>>> as >>>>> me to login or prevent me from seeing the page. >>>>> 2)I added <security> to the main request >>>>> <request-map uri="main"> >>>>> <security https="false" auth="true"/> >>>>> <response name="success" type="view" value="main"/> >>>>> </request-map> >>>>> This displays "java.lang.NullPointerException" in the browser. >>>>> How do permissions precedence work starting from the UI to the entity >>>>> layer. >>>>> Help appreciated. >>>>> Thanks >>>>> -Milind >>>>> >>>>> Here is the log >>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of >>>>> event >>>>> for request "checkLogin" not found >>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of >>>>> event >>>>> for request "checkLogin" not found >>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod] Method >>>>> of >>>>> event for request "checkLogin" not found >>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>> ControlServlet.java:205:ERROR] >>>>> ---- runtime exception report >>>>> -------------------------------------------------- >>>>> Error in request handler: >>>>> Exception: java.lang.NullPointerException >>>>> Message: null >>>>> ---- stack trace >>>>> --------------------------------------------------------------- >>>>> java.lang.NullPointerException >>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>> java.lang.Thread.run(Thread.java:595) >>>>> -------------------------------------------------------------------------------- >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>> http://www.opensourcestrategies.com/ofbiz/security.php >>> http://www.opensourcestrategies.com/ofbiz/security.php >> > > > > >
