Hi guys and gals,
My case is that I need to make the default ecommerce app to be accesible to authenticated users only. Don't ask why, it is a weird requirement. I don't want to go and make every request-map in the specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with <security auth="true"; there are just too many of them there. Is there a more elegant way to deny public access of all and every part of the ecommerce application? Any help or suggestion is much appreatiated, you could spare me a lot of pain here. Thanks! |
You may try to setup a base permission, check the ofbiz-component.xml file from any application component and look especially at the base-permission element under the webapp tag. For each user you want to give access should have this permission.
Regards Vikas On Apr 4, 2012, at 12:15 AM, Boris Hamanov wrote: > Hi guys and gals, > > My case is that I need to make the default ecommerce app to be accesible to authenticated users only. Don't ask why, it is a weird requirement. > I don't want to go and make every request-map in the specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with <security auth="true"; there are just too many of them there. > Is there a more elegant way to deny public access of all and every part of the ecommerce application? > > Any help or suggestion is much appreatiated, you could spare me a lot of pain here. Thanks! |
I wasn't quite right as this works only when auth="true".
Vikas On Apr 4, 2012, at 12:51 PM, Vikas Mayur wrote: > You may try to setup a base permission, check the ofbiz-component.xml file from any application component and look especially at the base-permission element under the webapp tag. For each user you want to give access should have this permission. > > Regards > Vikas > > On Apr 4, 2012, at 12:15 AM, Boris Hamanov wrote: > >> Hi guys and gals, >> >> My case is that I need to make the default ecommerce app to be accesible to authenticated users only. Don't ask why, it is a weird requirement. >> I don't want to go and make every request-map in the specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with <security auth="true"; there are just too many of them there. >> Is there a more elegant way to deny public access of all and every part of the ecommerce application? >> >> Any help or suggestion is much appreatiated, you could spare me a lot of pain here. Thanks! > |
In reply to this post by Boris Hamanov
Hi Boris,
You could consider implementing a custom preprocessor event that does its own auth check and redirects as appropriate. Regards Scott On 4/04/2012, at 6:45 AM, Boris Hamanov wrote: > Hi guys and gals, > > My case is that I need to make the default ecommerce app to be accesible to authenticated users only. Don't ask why, it is a weird requirement. > I don't want to go and make every request-map in the specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with <security auth="true"; there are just too many of them there. > Is there a more elegant way to deny public access of all and every part of the ecommerce application? > > Any help or suggestion is much appreatiated, you could spare me a lot of pain here. Thanks! |
Hi,
Thanks everyone, I solved it by extending the ecommerce controller.xml like in the eclone web app and then redefining there around ten request maps with auth=true. Not the perfect solution, but it works for now and it has the advantage to allow some requests that I choose not to block. Like login for example. But that about the preprocessor is valuable idea. Thanks again! -----Original Message----- From: Scott Gray Date: 04 април 2012 г. 12:10 ч. To: [hidden email] Subject: Re: Default security or how to make all request to a web app to require security by default. Hi Boris, You could consider implementing a custom preprocessor event that does its own auth check and redirects as appropriate. Regards Scott On 4/04/2012, at 6:45 AM, Boris Hamanov wrote: > Hi guys and gals, > > My case is that I need to make the default ecommerce app to be accesible > to authenticated users only. Don't ask why, it is a weird requirement. > I don't want to go and make every request-map in the > specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with > <security auth="true"; there are just too many of them there. > Is there a more elegant way to deny public access of all and every part of > the ecommerce application? > > Any help or suggestion is much appreatiated, you could spare me a lot of > pain here. Thanks! |
Free forum by Nabble | Edit this page |