I changed my controller to conform with the example controller.xml. Now it does attempt to send me to the login screen but get the following error.
org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen [component://common/widget/CommonScreens.xml#login]: java.lang.IllegalArgumentException: Could not find screen with name [main-decorator] in the same file as the screen with name [login] (Could not find screen with name [main-decorator] in the same file as the screen with name [login]) Help! > your controller does not conform to the current svn controllers. > please review them. > > > Milind W sent the following on 8/3/2008 5:35 PM: >> I got the updated files. >> Did ant clean and then a new build. >> I still see the SAME behavior described in my previous email. >> I am attaching my controller.xml >> >>> here is the fix >>> http://svn.apache.org/viewvc?rev=682228&view=rev >>> >>> Milind W sent the following on 8/3/2008 4:27 PM: >>>> Just tried "ant clean" it made no difference. >>>> I can proceed to main without being redirected to login with >>>> rev#679258. >>>> >>>> >>>> Relevant log for rev#679258 >>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response >>>> is >>>> a >>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>> UtilJ2eeCompat.java:69 >>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>> UtilJ2eeCompat.java:78 >>>> :INFO ] Apache Tomcat detected, using response.getWriter to write text >>>> out >>>> instead of response.getOutputStream >>>> >>>> and with rev#677863 >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> LoginWorker.java:263:INFO ] queryString: >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is >>>> a >>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>> response.getWriter to write text out instead of >>>> response.getOutputStream >>>> >>>> The loginworker seems to be invoked with rev#677863 and not with >>>> rev#679258. >>>> Any Idea? >>>> >>>>> Did you try an "ant clean" ? There have been some changes recently >>>>> that >>>>> implie this cleanup. >>>>> >>>>> Jacques >>>>> >>>>> From: "Milind W" <[EMAIL PROTECTED]> >>>>>> Looks like I have a problem making this example work with >>>>>> revision#679258 >>>>>> >>>>>> It worked fine (i.e I was redirected to login screen before I could >>>>>> get >>>>>> to >>>>>> main) with rev#677863 >>>>>> >>>>>> Looks like the view >>>>>> <view-map name="login" type="screen" >>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>> is part of the problem. The CommonScreens.xml has moved and does no >>>>>> longer >>>>>> seem to have the 'login' screen. >>>>>> >>>>>> I tried finding another screen with the 'login' view. I found >>>>>> another >>>>>> one >>>>>> in the 'common' component and modified my hello controller to point >>>>>> to >>>>>> <view-map name="login" type="screen" >>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>> but it is no acting the same as previously. >>>>>> >>>>>> Please let me know what is missing (or any suggestion how best to >>>>>> illustrate login) so I can complete and contribute my tutorial for >>>>>> security. Would hate to create a tutorial that worked with one >>>>>> specific >>>>>> build. >>>>>> >>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>> >>>>>> Thanks >>>>>> -Milind >>>>>> >>>>>>> hi, >>>>>>> I got login to work by adding the changes below to my controller >>>>>>> using >>>>>>> ofbiz4.0. >>>>>>> I don't think I follow the reason with OFBTOOLS base persmission >>>>>>> not >>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>> "The right way is to assume no permission until one of the list of >>>>>>> permissions is met." Seems more intitutive. >>>>>>> For now I can workaround it so thanks all. >>>>>>> -Milind >>>>>>> >>>>>>> >>>>>>> >>>>>>> <preprocessor> >>>>>>> <!-- Events to run on every request before security (chains >>>>>>> exempt) --> >>>>>>> <!-- <event type="java" >>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>> invoke="test"/> --> >>>>>>> <event type="java" >>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>> invoke="checkExternalLoginKey"/> >>>>>>> </preprocessor> >>>>>>> >>>>>>> <!-- Request Mappings --> >>>>>>> >>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>> <description>Verify a user is logged in.</description> >>>>>>> <security https="false" auth="false"/> >>>>>>> <event type="java" >>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>> invoke="checkLogin" /> >>>>>>> <response name="success" type="view" value="main" /> >>>>>>> <response name="error" type="view" value="login" /> >>>>>>> </request-map> >>>>>>> >>>>>>> <request-map uri="login"> >>>>>>> <security https="false" auth="false"/> >>>>>>> <event type="java" >>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>> invoke="login"/> >>>>>>> <response name="success" type="view" value="main"/> >>>>>>> <response name="error" type="view" value="login"/> >>>>>>> </request-map> >>>>>>> >>>>>>> >>>>>>> <request-map uri="main"> >>>>>>> <security https="false" auth="true" /> >>>>>>> <response name="success" type="view" value="main"/> >>>>>>> </request-map> >>>>>>> >>>>>>> <view-map name="login" type="screen" >>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>> >>>>>>> >>>>>>>> Not with a direct link to the comment where is the explanation ;p >>>>>>>> Actually it was more a didactic post >>>>>>>> >>>>>>>> Jacques >>>>>>>> >>>>>>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>>>>>> LOL >>>>>>>>> that was the first link I sent on this thread. >>>>>>>>> >>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>> >>>>>>>>>> You would have get >>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Jacques >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>> <[EMAIL PROTECTED]> >>>>>>>>>> To: <[email protected]> >>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>> Should'nt adding >>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user id >>>>>>>>>>> that >>>>>>>>>>> is >>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>> I can see the application I created and the line seems to have >>>>>>>>>>> no >>>>>>>>>>> effect. >>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>> Thanks >>>>>>>>>>> -Milind >>>>>>>>>>> >>>>>>>>>>>> Please not that opentaps is not at the same level of revision >>>>>>>>>>>> that >>>>>>>>>>>> ofbiz >>>>>>>>>>>> it >>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>> there are examples in the >>>>>>>>>>>> framework/example >>>>>>>>>>>> and >>>>>>>>>>>> framework/exampleext >>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>> since they work already. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>> >>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>> following >>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>> application >>>>>>>>>>>>>>> would >>>>>>>>>>>>>>> as >>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>> How do permissions precedence work starting from the UI to >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>> of >>>>>>>>>>>>>>> event >>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>> of >>>>>>>>>>>>>>> event >>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>> of >>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>> >>>> >>>> >>>> >>>> >>> > >
