sorry forgot one link good discussion http://mail-archives.apache.org/mod_mbox/ofbiz-dev/200710.mbox/[EMAIL PROTECTED]
BJ Freeman sent the following on 7/30/2008 1:13 PM: > http://lists.ofbiz.org/pipermail/jira/2006-April/003536.html > should help. > also look at > https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 > for how permission are grouped together > the list of permission in ofbiz > https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=SecurityPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 > > > Milind W sent the following on 7/30/2008 11:31 AM: >> Let me try to break up questions. >> Should'nt adding >> base-permission="OFBTOOLS" >> to the ofbiz-entity.xml force the user to login with a user id that is >> associated to the OFBTOOLS security group? >> I can see the application I created and the line seems to have no effect. >> What is the purpose of the line? >> Thanks >> -Milind >> >>> Please not that opentaps is not at the same level of revision that ofbiz >>> it >>> there have been changes to security. >>> there are examples in the >>> framework/example >>> and >>> framework/exampleext >>> I believe this to better tutorial >>> since they work already. >>> >>> >>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>> BJ Freeman wrote: >>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>> >>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>> hi, >>>>>> Security Permissions >>>>>> I am using ofbiz rev.79258 >>>>>> I want to understand how security works so I made the following >>>>>> modifications to hello1 >>>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml >>>>>> I could still see the application I was assuming the application would >>>>>> as >>>>>> me to login or prevent me from seeing the page. >>>>>> 2)I added <security> to the main request >>>>>> <request-map uri="main"> >>>>>> <security https="false" auth="true"/> >>>>>> <response name="success" type="view" value="main"/> >>>>>> </request-map> >>>>>> This displays "java.lang.NullPointerException" in the browser. >>>>>> How do permissions precedence work starting from the UI to the entity >>>>>> layer. >>>>>> Help appreciated. >>>>>> Thanks >>>>>> -Milind >>>>>> >>>>>> Here is the log >>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of >>>>>> event >>>>>> for request "checkLogin" not found >>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of >>>>>> event >>>>>> for request "checkLogin" not found >>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod] Method >>>>>> of >>>>>> event for request "checkLogin" not found >>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>> ControlServlet.java:205:ERROR] >>>>>> ---- runtime exception report >>>>>> -------------------------------------------------- >>>>>> Error in request handler: >>>>>> Exception: java.lang.NullPointerException >>>>>> Message: null >>>>>> ---- stack trace >>>>>> --------------------------------------------------------------- >>>>>> java.lang.NullPointerException >>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>> java.lang.Thread.run(Thread.java:595) >>>>>> -------------------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>> http://www.opensourcestrategies.com/ofbiz/security.php >> >> >> >> > > > >
