Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863
Looks like the view <view-map name="login" type="screen" page="component://marketing/widget/CommonScreens.xml#login" /> is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to <view-map name="login" type="screen" page="component://common/widget/CommonScreens.xml#login"/> but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind > hi, > I got login to work by adding the changes below to my controller using > ofbiz4.0. > I don't think I follow the reason with OFBTOOLS base persmission not > taking effect in the ofbiz-component as explained in OFBIZ-829. > But I agree with Si Chen on OFBIZ-829 > "The right way is to assume no permission until one of the list of > permissions is met." Seems more intitutive. > For now I can workaround it so thanks all. > -Milind > > > > <preprocessor> > <!-- Events to run on every request before security (chains > exempt) --> > <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" > invoke="test"/> --> > <event type="java" path="org.ofbiz.webapp.control.LoginWorker" > invoke="checkExternalLoginKey"/> > </preprocessor> > > <!-- Request Mappings --> > > <request-map uri="checkLogin" edit="false"> > <description>Verify a user is logged in.</description> > <security https="false" auth="false"/> > <event type="java" path="org.ofbiz.webapp.control.LoginWorker" > invoke="checkLogin" /> > <response name="success" type="view" value="main" /> > <response name="error" type="view" value="login" /> > </request-map> > > <request-map uri="login"> > <security https="false" auth="false"/> > <event type="java" path="org.ofbiz.webapp.control.LoginWorker" > invoke="login"/> > <response name="success" type="view" value="main"/> > <response name="error" type="view" value="login"/> > </request-map> > > > <request-map uri="main"> > <security https="false" auth="true" /> > <response name="success" type="view" value="main"/> > </request-map> > > <view-map name="login" type="screen" > page="component://marketing/widget/CommonScreens.xml#login" /> > > >> Not with a direct link to the comment where is the explanation ;p >> Actually it was more a didactic post >> >> Jacques >> >> From: "BJ Freeman" <[EMAIL PROTECTED]> >>> LOL >>> that was the first link I sent on this thread. >>> >>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>> >>>> You would have get >>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>> >>>> >>>> Jacques >>>> >>>> ----- Original Message ----- From: "Milind W" >>>> <[EMAIL PROTECTED]> >>>> To: <[email protected]> >>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>> Subject: Re: how to set security and permissions precedence >>>> >>>> >>>>> Let me try to break up questions. >>>>> Should'nt adding >>>>> base-permission="OFBTOOLS" >>>>> to the ofbiz-entity.xml force the user to login with a user id that >>>>> is >>>>> associated to the OFBTOOLS security group? >>>>> I can see the application I created and the line seems to have no >>>>> effect. >>>>> What is the purpose of the line? >>>>> Thanks >>>>> -Milind >>>>> >>>>>> Please not that opentaps is not at the same level of revision that >>>>>> ofbiz >>>>>> it >>>>>> there have been changes to security. >>>>>> there are examples in the >>>>>> framework/example >>>>>> and >>>>>> framework/exampleext >>>>>> I believe this to better tutorial >>>>>> since they work already. >>>>>> >>>>>> >>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>> >>>>>>> >>>>>>> BJ Freeman wrote: >>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>> >>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>> hi, >>>>>>>>> Security Permissions >>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>> I want to understand how security works so I made the following >>>>>>>>> modifications to hello1 >>>>>>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml >>>>>>>>> I could still see the application I was assuming the application >>>>>>>>> would >>>>>>>>> as >>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>> 2)I added <security> to the main request >>>>>>>>> <request-map uri="main"> >>>>>>>>> <security https="false" auth="true"/> >>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>> </request-map> >>>>>>>>> This displays "java.lang.NullPointerException" in the browser. >>>>>>>>> How do permissions precedence work starting from the UI to the >>>>>>>>> entity >>>>>>>>> layer. >>>>>>>>> Help appreciated. >>>>>>>>> Thanks >>>>>>>>> -Milind >>>>>>>>> >>>>>>>>> Here is the log >>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] Type >>>>>>>>> of >>>>>>>>> event >>>>>>>>> for request "checkLogin" not found >>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path >>>>>>>>> of >>>>>>>>> event >>>>>>>>> for request "checkLogin" not found >>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod] >>>>>>>>> Method >>>>>>>>> of >>>>>>>>> event for request "checkLogin" not found >>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>> ---- runtime exception report >>>>>>>>> -------------------------------------------------- >>>>>>>>> Error in request handler: >>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>> Message: null >>>>>>>>> ---- stack trace >>>>>>>>> --------------------------------------------------------------- >>>>>>>>> java.lang.NullPointerException >>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>> >>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>> >>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>> >>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>> >>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>> >>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>> >>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>> >>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>> >>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>> >>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>> >>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>> >>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>> >>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>> >>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>> >>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>> >>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>> >>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>> >>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>> >>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>> >>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>> >>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>> >>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>>> >>> >> > >
