From: "David E Jones" <[EMAIL PROTECTED]>
On Aug 4, 2008, at 11:19 PM, Milind W wrote:
hi BJ,
That arrow left the quiver sooner then I would have liked.
But anyways as I said, I definitely agree that people who have written
this have every right to benefit and prosper from their effort, specially
after having given away most of it for free.
Are you referring to the framework training videos? Please... there's no money there. We've barely recovered the creation expense
on those, and the transcript is even available for free now (and has been for months, and it was announced, and we requested
help doing something with this, and nothing has been done):
Correction Sir : nothing has been done yet (and atcually is not even true as I recently used some transcrition snippets somewhere I
don't remember from the top of my head :o)
http://docs.ofbiz.org/display/OFBTECH/Advanced+Framework+Transcription+Work+Plan
I sincerely hope that it happens so we can continue to use and benefit
from this framework.
I continue to hope to find some time to use this invaluable source of knowledge to at least enhance XSD files
annotations/documentation as I done precedently to minilang. Everybody is welcome to help...
Jacques
My primary objective right now is trying to get to a point as quickly as I
can in developing real world applications.
The best thing you can do for your own benefit is to get involved with the community. Would you expect to learn SAP overnight? Or
even something like ATG or Blue Martini on the ecommerce side?
Secondary objective would be to contribute whatever I can to the community
in the process.
Please understand that the attitude and priorities you've just admitted to are the greatest hinderance to the community and how
much you can benefit from it.
-David
So that said do you think the material
http://www.undersunconsulting.com/ecommerce/control/additem/main
is the fastest way know to man to get past the newbie stage?
Can anyone else weigh on this as well if they have have used these tutorials?
How relevant are they with the new versions of ofbiz?
Thanks
-Milind
our documentation is community driven.
and it has significantly grown in the last few years.
the basics are hard to grasp for object, DB driven, programmers.
so a lot of the learning is unlearning.
I struggle with getting my mind around it for a few years.
now it seem so clear.
my dad use to say.
everything cost time or money, sometimes both.
so you ask why I stick with it.
because of all the software out there this seemed the most likely to fit
needs of my clients.
the tutorials are free except for the advance stuff.
open source does not necessarily mean free.
it means you get the source.
just like the years I spent developing the yahoo interface.
I would like to get some of that back before everyone becomes my
competitor.
The people that made this possible have clients that funded the code and
then allowed them to give it to the community. not the other way around.
Milind W sent the following on 8/4/2008 8:46 PM:
hi BJ,
It is sad that there is no quick way to learn ofbiz (still).
What makes it more difficult is the part where you have to reverse
engineer the code or existing configuration to undesrtand how to do
things.
IMHO
1)Reverse engineering and going through existing code has its place but
not as a newbie.
2)The most basic features and capabilities should be easy to learn or at
least there should be tutorials for those ideally these should be free
for
something thats open source.
3)I do understand that people who made this possible have every right to
benefit from this .
3)I guess there are some but nothing that is free so looks like the
practical way to learn the framework is to spend 350$ and
this is where using the example, exampleext, and the
wiki startup example will help.
this is where ofbiz is different than opentaps.
and the links to the information that has been give you in the past
come
into play.
there is no quick way to learn ofbiz.
:)
error is saying the main decorator has not been defined in the web.xml
parms.
you should check you complete component against the framework/ example.
Milind W sent the following on 8/3/2008 11:07 PM:
I changed my controller to conform with the example controller.xml.
Now it does attempt to send me to the login screen but get the
following
error.
org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen
[component://common/widget/CommonScreens.xml#login]:
java.lang.IllegalArgumentException: Could not find screen with name
[main-decorator] in the same file as the screen with name [login]
(Could
not find screen with name [main-decorator] in the same file as the
screen
with name [login])
Help!
your controller does not conform to the current svn controllers.
please review them.
Milind W sent the following on 8/3/2008 5:35 PM:
I got the updated files.
Did ant clean and then a new build.
I still see the SAME behavior described in my previous email.
I am attaching my controller.xml
here is the fix
http://svn.apache.org/viewvc?rev=682228&view=rev
Milind W sent the following on 8/3/2008 4:27 PM:
Just tried "ant clean" it made no difference.
I can proceed to main without being redirected to login with
rev#679258.
Relevant log for rev#679258
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:243:INFO ] [Processing Request]: main
sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:433:INFO ] [RequestHandler.doRequest]:
Response
is
a
view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:584:INFO ] servletName=control, view=main
sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
UtilJ2eeCompat.java:69
:INFO ] serverInfo: apache tomcat/6.0.16
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
UtilJ2eeCompat.java:78
:INFO ] Apache Tomcat detected, using response.getWriter to write
text
out
instead of response.getOutputStream
and with rev#677863
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
RequestHandler.java:236:INFO ] [Processing Request]: main
sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
LoginWorker.java:262:INFO ] reqParams Map: []
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
LoginWorker.java:263:INFO ] queryString:
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
LoginWorker.java:273:INFO ] checkLogin: queryString=
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
RequestHandler.java:425:INFO ] [RequestHandler.doRequest]:
Response
is
a
view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
RequestHandler.java:578:INFO ] servletName=control, view=login
sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/ 5.5.20
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using
response.getWriter to write text out instead of
response.getOutputStream
The loginworker seems to be invoked with rev#677863 and not with
rev#679258.
Any Idea?
Did you try an "ant clean" ? There have been some changes
recently
that
implie this cleanup.
Jacques
From: "Milind W" <[EMAIL PROTECTED]>
Looks like I have a problem making this example work with
revision#679258
It worked fine (i.e I was redirected to login screen before I
could
get
to
main) with rev#677863
Looks like the view
<view-map name="login" type="screen"
page="component://marketing/widget/ CommonScreens.xml#login" />
is part of the problem. The CommonScreens.xml has moved and does
no
longer
seem to have the 'login' screen.
I tried finding another screen with the 'login' view. I found
another
one
in the 'common' component and modified my hello controller to
point
to
<view-map name="login" type="screen"
page="component://common/widget/CommonScreens.xml#login"/>
but it is no acting the same as previously.
Please let me know what is missing (or any suggestion how best
to
illustrate login) so I can complete and contribute my tutorial
for
security. Would hate to create a tutorial that worked with one
specific
build.
http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind
%20W+page:2+mid:kwgcnrsxjigfilp2+state:results
Thanks
-Milind
hi,
I got login to work by adding the changes below to my
controller
using
ofbiz4.0.
I don't think I follow the reason with OFBTOOLS base
persmission
not
taking effect in the ofbiz-component as explained in OFBIZ-829.
But I agree with Si Chen on OFBIZ-829
"The right way is to assume no permission until one of the list
of
permissions is met." Seems more intitutive.
For now I can workaround it so thanks all.
-Milind
<preprocessor>
<!-- Events to run on every request before security
(chains
exempt) -->
<!-- <event type="java"
path="org.ofbiz.webapp.event.TestEvent"
invoke="test"/> -->
<event type="java"
path="org.ofbiz.webapp.control.LoginWorker"
invoke="checkExternalLoginKey"/>
</preprocessor>
<!-- Request Mappings -->
<request-map uri="checkLogin" edit="false">
<description>Verify a user is logged in.</ description>
<security https="false" auth="false"/>
<event type="java"
path="org.ofbiz.webapp.control.LoginWorker"
invoke="checkLogin" />
<response name="success" type="view" value="main" />
<response name="error" type="view" value="login" />
</request-map>
<request-map uri="login">
<security https="false" auth="false"/>
<event type="java"
path="org.ofbiz.webapp.control.LoginWorker"
invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="main">
<security https="false" auth="true" />
<response name="success" type="view" value="main"/>
</request-map>
<view-map name="login" type="screen"
page="component://marketing/widget/ CommonScreens.xml#login" />
Not with a direct link to the comment where is the explanation
;p
Actually it was more a didactic post
Jacques
From: "BJ Freeman" <[EMAIL PROTECTED]>
LOL
that was the first link I sent on this thread.
Jacques Le Roux sent the following on 7/30/2008 2:18 PM:
OFBiz Wiki is your friend. Just look for OFBTOOLS.
You would have get
http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
Jacques
----- Original Message ----- From: "Milind W"
<[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, July 30, 2008 8:31 PM
Subject: Re: how to set security and permissions precedence
Let me try to break up questions.
Should'nt adding
base-permission="OFBTOOLS"
to the ofbiz-entity.xml force the user to login with a user
id
that
is
associated to the OFBTOOLS security group?
I can see the application I created and the line seems to
have
no
effect.
What is the purpose of the line?
Thanks
-Milind
Please not that opentaps is not at the same level of
revision
that
ofbiz
it
there have been changes to security.
there are examples in the
framework/example
and
framework/exampleext
I believe this to better tutorial
since they work already.
Balaji Sundar sent the following on 7/29/2008 9:40 PM:
BJ Freeman wrote:
http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
Milind W sent the following on 7/29/2008 7:58 PM:
hi,
Security Permissions
I am using ofbiz rev.79258
I want to understand how security works so I made the
following
modifications to hello1
1)I added base-permission="OFBTOOLS" to the
ofbiz-component.xml
I could still see the application I was assuming the
application
would
as
me to login or prevent me from seeing the page.
2)I added <security> to the main request
<request-map uri="main">
<security https="false" auth="true"/>
<response name="success" type="view" value="main"/>
</request-map>
This displays "java.lang.NullPointerException" in the
browser.
How do permissions precedence work starting from the UI
to
the
entity
layer.
Help appreciated.
Thanks
-Milind
Here is the log
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestHandler.java:243:INFO ] [Processing Request]:
main
sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:159:WARN ]
[RequestManager.getEventType]
Type
of
event
for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:146:WARN ]
[RequestManager.getEventPath]
Path
of
event
for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
RequestManager.java:172:WARN ]
[RequestManager.getEventMethod]
Method
of
event for request "checkLogin" not found
2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
ControlServlet.java:205:ERROR]
---- runtime exception report
--------------------------------------------------
Error in request handler:
Exception: java.lang.NullPointerException
Message: null
---- stack trace
---------------------------------------------------------------
java.lang.NullPointerException
javolution.util.FastMap.getEntry(Unknown Source)
javolution.util.FastMap.containsKey(Unknown Source)
org .ofbiz .webapp .control .RequestManager
.getHandlerClass(RequestManager.java:78)
org .ofbiz .webapp .event .EventFactory.loadEventHandler(EventFactory.java: 102)
org .ofbiz .webapp .event .EventFactory.getEventHandler(EventFactory.java:86)
org .ofbiz .webapp .control .RequestHandler.runEvent(RequestHandler.java:453)
org .ofbiz .webapp .control .RequestHandler.doRequest(RequestHandler.java:259)
org .ofbiz .webapp .control.ControlServlet.doGet(ControlServlet.java: 198)
javax .servlet .http.HttpServlet.service(HttpServlet.java:690)
javax .servlet .http.HttpServlet.service(HttpServlet.java:803)
org .apache .catalina .core .ApplicationFilterChain
.internalDoFilter(ApplicationFilterChain.java:290)
org .apache .catalina .core .ApplicationFilterChain
.doFilter(ApplicationFilterChain.java:206)
org .ofbiz .webapp .control .ContextFilter.doFilter(ContextFilter.java:255)
org .apache .catalina .core .ApplicationFilterChain
.internalDoFilter(ApplicationFilterChain.java:235)
org .apache .catalina .core .ApplicationFilterChain
.doFilter(ApplicationFilterChain.java:206)
org .apache .catalina .core .StandardWrapperValve
.invoke(StandardWrapperValve.java:233)
org .apache .catalina .core .StandardContextValve
.invoke(StandardContextValve.java:175)
org .apache .catalina .core .StandardHostValve.invoke(StandardHostValve.java:
128)
org .apache .catalina .valves
.ErrorReportValve.invoke(ErrorReportValve.java:102)
org .apache .catalina .core .StandardEngineValve
.invoke(StandardEngineValve.java:109)
org .apache .catalina .valves.AccessLogValve.invoke(AccessLogValve.java: 568)
org .apache .catalina .connector .CoyoteAdapter.service(CoyoteAdapter.java:286)
org .apache .coyote .http11 .Http11Processor.process(Http11Processor.java:844)
org.apache.coyote.http11.Http11Protocol $ Http11ConnectionHandler
.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint $Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Thread.java:595)
--------------------------------------------------------------------------------
http://www.opensourcestrategies.com/ofbiz/ security.php
http://www.opensourcestrategies.com/ofbiz/ security.php
