Default security or how to make all request to a web app to require security by default.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Default security or how to make all request to a web app to require security by default.

Boris Hamanov
Hi guys and gals,

My case is that I need to make the default ecommerce app to be accesible to authenticated users only. Don't ask why, it is a weird requirement.
I don't want to go and make every request-map in the specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with <security auth="true"; there are just too many of them there.
Is there a more elegant way to deny public access of all and every part of the ecommerce application?

Any help or suggestion is much appreatiated, you could spare me a lot of pain here. Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Default security or how to make all request to a web app to require security by default.

Vikas Mayur-2
You may try to setup a base permission, check the ofbiz-component.xml file from any application component and look especially at the base-permission element under the webapp tag. For each user you want to give access should have this permission.

Regards
Vikas

On Apr 4, 2012, at 12:15 AM, Boris Hamanov wrote:

> Hi guys and gals,
>
> My case is that I need to make the default ecommerce app to be accesible to authenticated users only. Don't ask why, it is a weird requirement.
> I don't want to go and make every request-map in the specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with <security auth="true"; there are just too many of them there.
> Is there a more elegant way to deny public access of all and every part of the ecommerce application?
>
> Any help or suggestion is much appreatiated, you could spare me a lot of pain here. Thanks!

Reply | Threaded
Open this post in threaded view
|

Re: Default security or how to make all request to a web app to require security by default.

Vikas Mayur-2
I wasn't quite right as this works only when auth="true".

Vikas

On Apr 4, 2012, at 12:51 PM, Vikas Mayur wrote:

> You may try to setup a base permission, check the ofbiz-component.xml file from any application component and look especially at the base-permission element under the webapp tag. For each user you want to give access should have this permission.
>
> Regards
> Vikas
>
> On Apr 4, 2012, at 12:15 AM, Boris Hamanov wrote:
>
>> Hi guys and gals,
>>
>> My case is that I need to make the default ecommerce app to be accesible to authenticated users only. Don't ask why, it is a weird requirement.
>> I don't want to go and make every request-map in the specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with <security auth="true"; there are just too many of them there.
>> Is there a more elegant way to deny public access of all and every part of the ecommerce application?
>>
>> Any help or suggestion is much appreatiated, you could spare me a lot of pain here. Thanks!
>

Reply | Threaded
Open this post in threaded view
|

Re: Default security or how to make all request to a web app to require security by default.

Scott Gray-2
In reply to this post by Boris Hamanov
Hi Boris,

You could consider implementing a custom preprocessor event that does its own auth check and redirects as appropriate.

Regards
Scott

On 4/04/2012, at 6:45 AM, Boris Hamanov wrote:

> Hi guys and gals,
>
> My case is that I need to make the default ecommerce app to be accesible to authenticated users only. Don't ask why, it is a weird requirement.
> I don't want to go and make every request-map in the specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with <security auth="true"; there are just too many of them there.
> Is there a more elegant way to deny public access of all and every part of the ecommerce application?
>
> Any help or suggestion is much appreatiated, you could spare me a lot of pain here. Thanks!

Reply | Threaded
Open this post in threaded view
|

Re: Default security or how to make all request to a web app to require security by default.

Boris Hamanov
Hi,

Thanks everyone, I solved it by extending the ecommerce controller.xml like
in the eclone web app and then redefining there around ten request maps with
auth=true. Not the perfect solution, but it works for now and it has the
advantage to allow some requests that I choose not to block. Like login for
example. But that about the preprocessor is valuable idea. Thanks again!

-----Original Message-----
From: Scott Gray
Date: 04 април 2012 г. 12:10 ч.
To: [hidden email]
Subject: Re: Default security or how to make all request to a web app to
require security by default.

Hi Boris,

You could consider implementing a custom preprocessor event that does its
own auth check and redirects as appropriate.

Regards
Scott

On 4/04/2012, at 6:45 AM, Boris Hamanov wrote:

> Hi guys and gals,
>
> My case is that I need to make the default ecommerce app to be accesible
> to authenticated users only. Don't ask why, it is a weird requirement.
> I don't want to go and make every request-map in the
> specialpurpose\ecommerce\webapp\ecommerce\WEB-INF\controller.xml with
> <security auth="true"; there are just too many of them there.
> Is there a more elegant way to deny public access of all and every part of
> the ecommerce application?
>
> Any help or suggestion is much appreatiated, you could spare me a lot of
> pain here. Thanks!