Just tried "ant clean" it made no difference. I can proceed to main without being redirected to login with rev#679258.
Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? > Did you try an "ant clean" ? There have been some changes recently that > implie this cleanup. > > Jacques > > From: "Milind W" <[EMAIL PROTECTED]> >> Looks like I have a problem making this example work with >> revision#679258 >> >> It worked fine (i.e I was redirected to login screen before I could get >> to >> main) with rev#677863 >> >> Looks like the view >> <view-map name="login" type="screen" >> page="component://marketing/widget/CommonScreens.xml#login" /> >> is part of the problem. The CommonScreens.xml has moved and does no >> longer >> seem to have the 'login' screen. >> >> I tried finding another screen with the 'login' view. I found another >> one >> in the 'common' component and modified my hello controller to point to >> <view-map name="login" type="screen" >> page="component://common/widget/CommonScreens.xml#login"/> >> but it is no acting the same as previously. >> >> Please let me know what is missing (or any suggestion how best to >> illustrate login) so I can complete and contribute my tutorial for >> security. Would hate to create a tutorial that worked with one specific >> build. >> >> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >> >> Thanks >> -Milind >> >>> hi, >>> I got login to work by adding the changes below to my controller using >>> ofbiz4.0. >>> I don't think I follow the reason with OFBTOOLS base persmission not >>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>> But I agree with Si Chen on OFBIZ-829 >>> "The right way is to assume no permission until one of the list of >>> permissions is met." Seems more intitutive. >>> For now I can workaround it so thanks all. >>> -Milind >>> >>> >>> >>> <preprocessor> >>> <!-- Events to run on every request before security (chains >>> exempt) --> >>> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" >>> invoke="test"/> --> >>> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" >>> invoke="checkExternalLoginKey"/> >>> </preprocessor> >>> >>> <!-- Request Mappings --> >>> >>> <request-map uri="checkLogin" edit="false"> >>> <description>Verify a user is logged in.</description> >>> <security https="false" auth="false"/> >>> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" >>> invoke="checkLogin" /> >>> <response name="success" type="view" value="main" /> >>> <response name="error" type="view" value="login" /> >>> </request-map> >>> >>> <request-map uri="login"> >>> <security https="false" auth="false"/> >>> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" >>> invoke="login"/> >>> <response name="success" type="view" value="main"/> >>> <response name="error" type="view" value="login"/> >>> </request-map> >>> >>> >>> <request-map uri="main"> >>> <security https="false" auth="true" /> >>> <response name="success" type="view" value="main"/> >>> </request-map> >>> >>> <view-map name="login" type="screen" >>> page="component://marketing/widget/CommonScreens.xml#login" /> >>> >>> >>>> Not with a direct link to the comment where is the explanation ;p >>>> Actually it was more a didactic post >>>> >>>> Jacques >>>> >>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>> LOL >>>>> that was the first link I sent on this thread. >>>>> >>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>> >>>>>> You would have get >>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>> >>>>>> >>>>>> Jacques >>>>>> >>>>>> ----- Original Message ----- From: "Milind W" >>>>>> <[EMAIL PROTECTED]> >>>>>> To: <[email protected]> >>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>> Subject: Re: how to set security and permissions precedence >>>>>> >>>>>> >>>>>>> Let me try to break up questions. >>>>>>> Should'nt adding >>>>>>> base-permission="OFBTOOLS" >>>>>>> to the ofbiz-entity.xml force the user to login with a user id that >>>>>>> is >>>>>>> associated to the OFBTOOLS security group? >>>>>>> I can see the application I created and the line seems to have no >>>>>>> effect. >>>>>>> What is the purpose of the line? >>>>>>> Thanks >>>>>>> -Milind >>>>>>> >>>>>>>> Please not that opentaps is not at the same level of revision that >>>>>>>> ofbiz >>>>>>>> it >>>>>>>> there have been changes to security. >>>>>>>> there are examples in the >>>>>>>> framework/example >>>>>>>> and >>>>>>>> framework/exampleext >>>>>>>> I believe this to better tutorial >>>>>>>> since they work already. >>>>>>>> >>>>>>>> >>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>> >>>>>>>>> >>>>>>>>> BJ Freeman wrote: >>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>> >>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>> hi, >>>>>>>>>>> Security Permissions >>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>> I want to understand how security works so I made the following >>>>>>>>>>> modifications to hello1 >>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml >>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>> application >>>>>>>>>>> would >>>>>>>>>>> as >>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>> </request-map> >>>>>>>>>>> This displays "java.lang.NullPointerException" in the browser. >>>>>>>>>>> How do permissions precedence work starting from the UI to the >>>>>>>>>>> entity >>>>>>>>>>> layer. >>>>>>>>>>> Help appreciated. >>>>>>>>>>> Thanks >>>>>>>>>>> -Milind >>>>>>>>>>> >>>>>>>>>>> Here is the log >>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] >>>>>>>>>>> Type >>>>>>>>>>> of >>>>>>>>>>> event >>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] >>>>>>>>>>> Path >>>>>>>>>>> of >>>>>>>>>>> event >>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod] >>>>>>>>>>> Method >>>>>>>>>>> of >>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>> ---- runtime exception report >>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>> Error in request handler: >>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>> Message: null >>>>>>>>>>> ---- stack trace >>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>> >>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>> >>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>> >>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>> >>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>> >>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>> >>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>> >>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>> >>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>> >>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>> >>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>> >>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>> >>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >>> >> >> >
