your controller does not conform to the current svn controllers. please review them.
Milind W sent the following on 8/3/2008 5:35 PM: > I got the updated files. > Did ant clean and then a new build. > I still see the SAME behavior described in my previous email. > I am attaching my controller.xml > >> here is the fix >> http://svn.apache.org/viewvc?rev=682228&view=rev >> >> Milind W sent the following on 8/3/2008 4:27 PM: >>> Just tried "ant clean" it made no difference. >>> I can proceed to main without being redirected to login with rev#679258. >>> >>> >>> Relevant log for rev#679258 >>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is >>> a >>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>> UtilJ2eeCompat.java:69 >>> :INFO ] serverInfo: apache tomcat/6.0.16 >>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>> UtilJ2eeCompat.java:78 >>> :INFO ] Apache Tomcat detected, using response.getWriter to write text >>> out >>> instead of response.getOutputStream >>> >>> and with rev#677863 >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> RequestHandler.java:236:INFO ] [Processing Request]: main >>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> LoginWorker.java:262:INFO ] reqParams Map: [] >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> LoginWorker.java:263:INFO ] queryString: >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a >>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> RequestHandler.java:578:INFO ] servletName=control, view=login >>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>> response.getWriter to write text out instead of response.getOutputStream >>> >>> The loginworker seems to be invoked with rev#677863 and not with >>> rev#679258. >>> Any Idea? >>> >>>> Did you try an "ant clean" ? There have been some changes recently that >>>> implie this cleanup. >>>> >>>> Jacques >>>> >>>> From: "Milind W" <[EMAIL PROTECTED]> >>>>> Looks like I have a problem making this example work with >>>>> revision#679258 >>>>> >>>>> It worked fine (i.e I was redirected to login screen before I could >>>>> get >>>>> to >>>>> main) with rev#677863 >>>>> >>>>> Looks like the view >>>>> <view-map name="login" type="screen" >>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>> is part of the problem. The CommonScreens.xml has moved and does no >>>>> longer >>>>> seem to have the 'login' screen. >>>>> >>>>> I tried finding another screen with the 'login' view. I found another >>>>> one >>>>> in the 'common' component and modified my hello controller to point to >>>>> <view-map name="login" type="screen" >>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>> but it is no acting the same as previously. >>>>> >>>>> Please let me know what is missing (or any suggestion how best to >>>>> illustrate login) so I can complete and contribute my tutorial for >>>>> security. Would hate to create a tutorial that worked with one >>>>> specific >>>>> build. >>>>> >>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>> >>>>> Thanks >>>>> -Milind >>>>> >>>>>> hi, >>>>>> I got login to work by adding the changes below to my controller >>>>>> using >>>>>> ofbiz4.0. >>>>>> I don't think I follow the reason with OFBTOOLS base persmission not >>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>> "The right way is to assume no permission until one of the list of >>>>>> permissions is met." Seems more intitutive. >>>>>> For now I can workaround it so thanks all. >>>>>> -Milind >>>>>> >>>>>> >>>>>> >>>>>> <preprocessor> >>>>>> <!-- Events to run on every request before security (chains >>>>>> exempt) --> >>>>>> <!-- <event type="java" >>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>> invoke="test"/> --> >>>>>> <event type="java" >>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>> invoke="checkExternalLoginKey"/> >>>>>> </preprocessor> >>>>>> >>>>>> <!-- Request Mappings --> >>>>>> >>>>>> <request-map uri="checkLogin" edit="false"> >>>>>> <description>Verify a user is logged in.</description> >>>>>> <security https="false" auth="false"/> >>>>>> <event type="java" >>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>> invoke="checkLogin" /> >>>>>> <response name="success" type="view" value="main" /> >>>>>> <response name="error" type="view" value="login" /> >>>>>> </request-map> >>>>>> >>>>>> <request-map uri="login"> >>>>>> <security https="false" auth="false"/> >>>>>> <event type="java" >>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>> invoke="login"/> >>>>>> <response name="success" type="view" value="main"/> >>>>>> <response name="error" type="view" value="login"/> >>>>>> </request-map> >>>>>> >>>>>> >>>>>> <request-map uri="main"> >>>>>> <security https="false" auth="true" /> >>>>>> <response name="success" type="view" value="main"/> >>>>>> </request-map> >>>>>> >>>>>> <view-map name="login" type="screen" >>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>> >>>>>> >>>>>>> Not with a direct link to the comment where is the explanation ;p >>>>>>> Actually it was more a didactic post >>>>>>> >>>>>>> Jacques >>>>>>> >>>>>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>>>>> LOL >>>>>>>> that was the first link I sent on this thread. >>>>>>>> >>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>> >>>>>>>>> You would have get >>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>> >>>>>>>>> >>>>>>>>> Jacques >>>>>>>>> >>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>> <[EMAIL PROTECTED]> >>>>>>>>> To: <[email protected]> >>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>> >>>>>>>>> >>>>>>>>>> Let me try to break up questions. >>>>>>>>>> Should'nt adding >>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user id >>>>>>>>>> that >>>>>>>>>> is >>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>> I can see the application I created and the line seems to have no >>>>>>>>>> effect. >>>>>>>>>> What is the purpose of the line? >>>>>>>>>> Thanks >>>>>>>>>> -Milind >>>>>>>>>> >>>>>>>>>>> Please not that opentaps is not at the same level of revision >>>>>>>>>>> that >>>>>>>>>>> ofbiz >>>>>>>>>>> it >>>>>>>>>>> there have been changes to security. >>>>>>>>>>> there are examples in the >>>>>>>>>>> framework/example >>>>>>>>>>> and >>>>>>>>>>> framework/exampleext >>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>> since they work already. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>> >>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>> hi, >>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>> following >>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>> application >>>>>>>>>>>>>> would >>>>>>>>>>>>>> as >>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>> browser. >>>>>>>>>>>>>> How do permissions precedence work starting from the UI to >>>>>>>>>>>>>> the >>>>>>>>>>>>>> entity >>>>>>>>>>>>>> layer. >>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>> >>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] >>>>>>>>>>>>>> Type >>>>>>>>>>>>>> of >>>>>>>>>>>>>> event >>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] >>>>>>>>>>>>>> Path >>>>>>>>>>>>>> of >>>>>>>>>>>>>> event >>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>> Method >>>>>>>>>>>>>> of >>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>> >>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>> >>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>> >>> >>> >>> >>> >>
