Re: how to set security and permissions precedence

Wed, 30 Jul 2008 14:19:43 -0700 

OFBiz Wiki is your friend. Just look for OFBTOOLS.

You would have get 
http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615

Jacques
----- Original Message ----- From: "Milind W" <[EMAIL PROTECTED]> 
To: <[email protected]>
Sent: Wednesday, July 30, 2008 8:31 PM
Subject: Re: how to set security and permissions precedence



Let me try to break up questions.
Should'nt adding
base-permission="OFBTOOLS"
to the ofbiz-entity.xml force the user to login with a user id that is
associated to the OFBTOOLS security group?
I can see the application I created and the line seems to have no effect.
What is the purpose of the line?
Thanks
-Milind


Please not that opentaps is not at the same level of revision that ofbiz
it
there have been  changes to security.
there are examples in the
framework/example
and
framework/exampleext
I believe this to better tutorial
since they work already.


Balaji Sundar sent the following on 7/29/2008 9:40 PM:



BJ Freeman wrote:

http://docs.ofbiz.org/display/OFBTECH/OFBiz+security

Milind W sent the following on 7/29/2008 7:58 PM:

hi,
Security Permissions
I am using ofbiz rev.79258
I want to understand how security works so I made the following
modifications to hello1
1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml
I could still see the application I was assuming the application would
as
me to login or prevent me from seeing the page.
2)I added <security> to the main request
<request-map uri="main">
<security https="false" auth="true"/>
<response name="success" type="view" value="main"/>
</request-map>
This displays "java.lang.NullPointerException" in the browser.
How do permissions precedence work starting from the UI to the entity
layer.
Help appreciated.
Thanks
-Milind

Here is the log
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestHandler.java:243:INFO ] [Processing Request]: main
sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of
event
for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of
event
for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:172:WARN ] [RequestManager.getEventMethod] Method
of
event for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
ControlServlet.java:205:ERROR]
---- runtime exception report
--------------------------------------------------
Error in request handler:
Exception: java.lang.NullPointerException
Message: null
---- stack trace
---------------------------------------------------------------
java.lang.NullPointerException
javolution.util.FastMap.getEntry(Unknown Source)
javolution.util.FastMap.containsKey(Unknown Source)
org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Thread.java:595)
--------------------------------------------------------------------------------










http://www.opensourcestrategies.com/ofbiz/security.php
http://www.opensourcestrategies.com/ofbiz/security.php

Reply via email to