This works for sure from r682228, please check you locale instance...
Except of course if we don't speak about the _SAME behavior_ (see my previous posts in ML)
Jacques
From: "Milind W" <[EMAIL PROTECTED]>
I got the updated files.
Did ant clean and then a new build.
I still see the SAME behavior described in my previous email.
I am attaching my controller.xml
here is the fix
http://svn.apache.org/viewvc?rev=682228&view=rev
Milind W sent the following on 8/3/2008 4:27 PM:
Just tried "ant clean" it made no difference.
I can proceed to main without being redirected to login with rev#679258.
Relevant log for rev#679258
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:243:INFO ] [Processing Request]: main
sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is
a
view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:584:INFO ] servletName=control, view=main
sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
UtilJ2eeCompat.java:69
:INFO ] serverInfo: apache tomcat/6.0.16
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
UtilJ2eeCompat.java:78
:INFO ] Apache Tomcat detected, using response.getWriter to write text
out
instead of response.getOutputStream
and with rev#677863
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
RequestHandler.java:236:INFO ] [Processing Request]: main
sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
LoginWorker.java:262:INFO ] reqParams Map: []
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
LoginWorker.java:263:INFO ] queryString:
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
LoginWorker.java:273:INFO ] checkLogin: queryString=
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a
view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
RequestHandler.java:578:INFO ] servletName=control, view=login
sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using
response.getWriter to write text out instead of response.getOutputStream
The loginworker seems to be invoked with rev#677863 and not with
rev#679258.
Any Idea?
Did you try an "ant clean" ? There have been some changes recently that
implie this cleanup.
Jacques
From: "Milind W" <[EMAIL PROTECTED]>
Looks like I have a problem making this example work with
revision#679258
It worked fine (i.e I was redirected to login screen before I could
get
to
main) with rev#677863
Looks like the view
<view-map name="login" type="screen"
page="component://marketing/widget/CommonScreens.xml#login" />
is part of the problem. The CommonScreens.xml has moved and does no
longer
seem to have the 'login' screen.
I tried finding another screen with the 'login' view. I found another
one
in the 'common' component and modified my hello controller to point to
<view-map name="login" type="screen"
page="component://common/widget/CommonScreens.xml#login"/>
but it is no acting the same as previously.
Please let me know what is missing (or any suggestion how best to
illustrate login) so I can complete and contribute my tutorial for
security. Would hate to create a tutorial that worked with one
specific
build.
http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results
Thanks
-Milind
hi,
I got login to work by adding the changes below to my controller
using
ofbiz4.0.
I don't think I follow the reason with OFBTOOLS base persmission not
taking effect in the ofbiz-component as explained in OFBIZ-829.
But I agree with Si Chen on OFBIZ-829
"The right way is to assume no permission until one of the list of
permissions is met." Seems more intitutive.
For now I can workaround it so thanks all.
-Milind
<preprocessor>
<!-- Events to run on every request before security (chains
exempt) -->
<!-- <event type="java"
path="org.ofbiz.webapp.event.TestEvent"
invoke="test"/> -->
<event type="java"
path="org.ofbiz.webapp.control.LoginWorker"
invoke="checkExternalLoginKey"/>
</preprocessor>
<!-- Request Mappings -->
<request-map uri="checkLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="false" auth="false"/>
<event type="java"
path="org.ofbiz.webapp.control.LoginWorker"
invoke="checkLogin" />
<response name="success" type="view" value="main" />
<response name="error" type="view" value="login" />
</request-map>
<request-map uri="login">
<security https="false" auth="false"/>
<event type="java"
path="org.ofbiz.webapp.control.LoginWorker"
invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="main">
<security https="false" auth="true" />
<response name="success" type="view" value="main"/>
</request-map>
<view-map name="login" type="screen"
page="component://marketing/widget/CommonScreens.xml#login" />
Not with a direct link to the comment where is the explanation ;p
Actually it was more a didactic post
Jacques
From: "BJ Freeman" <[EMAIL PROTECTED]>
LOL
that was the first link I sent on this thread.
Jacques Le Roux sent the following on 7/30/2008 2:18 PM:
OFBiz Wiki is your friend. Just look for OFBTOOLS.
You would have get
http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
Jacques
----- Original Message ----- From: "Milind W"
<[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, July 30, 2008 8:31 PM
Subject: Re: how to set security and permissions precedence
Let me try to break up questions.
Should'nt adding
base-permission="OFBTOOLS"
to the ofbiz-entity.xml force the user to login with a user id
that
is
associated to the OFBTOOLS security group?
I can see the application I created and the line seems to have no
effect.
What is the purpose of the line?
Thanks
-Milind
Please not that opentaps is not at the same level of revision
that
ofbiz
it
there have been changes to security.
there are examples in the
framework/example
and
framework/exampleext
I believe this to better tutorial
since they work already.
Balaji Sundar sent the following on 7/29/2008 9:40 PM:
BJ Freeman wrote:
http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
Milind W sent the following on 7/29/2008 7:58 PM:
hi,
Security Permissions
I am using ofbiz rev.79258
I want to understand how security works so I made the
following
modifications to hello1
1)I added base-permission="OFBTOOLS" to the
ofbiz-component.xml
I could still see the application I was assuming the
application
would
as
me to login or prevent me from seeing the page.
2)I added <security> to the main request
<request-map uri="main">
<security https="false" auth="true"/>
<response name="success" type="view" value="main"/>
</request-map>
This displays "java.lang.NullPointerException" in the
browser.
How do permissions precedence work starting from the UI to
the
entity
layer.
Help appreciated.
Thanks
-Milind
Here is the log
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestHandler.java:243:INFO ] [Processing Request]: main
sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:159:WARN ] [RequestManager.getEventType]
Type
of
event
for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:146:WARN ] [RequestManager.getEventPath]
Path
of
event
for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:172:WARN ]
[RequestManager.getEventMethod]
Method
of
event for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
ControlServlet.java:205:ERROR]
---- runtime exception report
--------------------------------------------------
Error in request handler:
Exception: java.lang.NullPointerException
Message: null
---- stack trace
---------------------------------------------------------------
java.lang.NullPointerException
javolution.util.FastMap.getEntry(Unknown Source)
javolution.util.FastMap.containsKey(Unknown Source)
org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Thread.java:595)
--------------------------------------------------------------------------------
http://www.opensourcestrategies.com/ofbiz/security.php
http://www.opensourcestrategies.com/ofbiz/security.php
