[OFBiz] Dev - RE: Dev Digest, Vol 13, Issue 2
Locked
[OFBiz] Dev - RE: Dev Digest, Vol 13, Issue 2
 
|
Si, David & Chris
Thanks for your feedback. Chris, your suggestions are what I've been using till now. Although I haven't made my own vaildation rotines for requests, the end solution is going to have it. David, I'd have to agree that accountability can be a concern when I'll end up using my proposed solution. But it's good to know that I there are certain options that could be explored depending upon the needs. Thanks guys Ashish Hareet -----Original Message----- From: [hidden email] [mailto:[hidden email]]On Behalf Of [hidden email] Sent: Monday, August 01, 2005 8:58 PM To: [hidden email] Subject: Dev Digest, Vol 13, Issue 2 Send Dev mailing list submissions to [hidden email] To subscribe or unsubscribe via the World Wide Web, visit http://lists.ofbiz.org/mailman/listinfo/dev or, via email, send a message with subject or body 'help' to [hidden email] You can reach the person managing the list at [hidden email] When replying, please edit your Subject line so it is more specific than "Re: Contents of Dev digest..." Today's Topics: 1. System accounts & Service authorization (Ashish Hareet) 2. can required-permissions specify error message (Si Chen) 3. decimal places in form-widget fields (Si Chen) 4. Re: Updated PostgreSQL Driver (J. Eckard) 5. Re: System accounts & Service authorization (Si Chen) 6. RE: Dev Digest, Vol 12, Issue 33 (Ashish Hareet) 7. System accounts (Chris Howe) 8. Re: RE: Dev Digest, Vol 12, Issue 33 (Si Chen) 9. Re: Updated PostgreSQL Driver (David E. Jones) ---------------------------------------------------------------------- Message: 1 Date: Mon, 1 Aug 2005 13:57:51 -0500 From: "Ashish Hareet" <[hidden email]> Subject: [OFBiz] Dev - System accounts & Service authorization To: <[hidden email]> Message-ID: <[hidden email]> Content-Type: text/plain; charset="iso-8859-1" Thanks Si for explaining this to me. But, my problem arises from the fact that I need to keep the core as-is & build a bunch of apps around it. For instance, I have an order entry app that will let users enter sales orders & create customers. Now in this app, if I end up using OfBiz services I have to give the corresponding permissions for the services used to whoever is logged in. This would mean that I end up giving permissions to cretain other areas aswell which we don't want these users to have. Also, the custom apps we're developing are entirely differnt apps(from OFBiz prespective). One possible solution(from a post long ago) was to restrict the links/forms/data available to a user based on roles, but that in effect was not enough, cause then somebody could type a URL & possibly get to a restricted part or we'd have to make sure that all our pages had some level of security/role-authorization in the ftl. This part I came across seems very interesting cause it makes it possible for me to push in a login for services only, which makes it possible to build my own security defs using the existing framework & yet be able to use the existing services. Appreciate any thoughts or feedback Ashish Hareet ------------------------------ Message: 2 Date: Mon, 01 Aug 2005 12:46:28 -0700 From: Si Chen <[hidden email]> Subject: [OFBiz] Dev - can required-permissions specify error message To: OFBiz Development <[hidden email]> Message-ID: <[hidden email]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi. Can the <required-permissions ...> tag in services.xml specify its error message? Right now, I'm just getting "You do not have permission to invoke this service". Si ------------------------------ Message: 3 Date: Mon, 01 Aug 2005 13:10:14 -0700 From: Si Chen <[hidden email]> Subject: [OFBiz] Dev - decimal places in form-widget fields To: OFBiz Development <[hidden email]> Message-ID: <[hidden email]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi. Anyway to change the number of decimal places for fields displayed with the form-widget? I'm using the <text/> tag. Thanks, Si ------------------------------ Message: 4 Date: Mon, 1 Aug 2005 17:01:39 -0400 From: "J. Eckard" <[hidden email]> Subject: Re: [OFBiz] Dev - Updated PostgreSQL Driver To: OFBiz Project Development Discussion <[hidden email]> Message-ID: <[hidden email]> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Finally found an answer on this one... when you attempt to store a null in a BYTEA column with a current postgresql JDBC driver, you'll get an exception. From the following message to the pgsql-jdbc list, it looks like we may need to update the fieldtype defs for postgres to use OID instead of BYTEA for blobs. (from http://archives.postgresql.org/pgsql-jdbc/2005-08/msg00003.php ) On Mon, 1 Aug 2005, Andrus Adamchik wrote: > Just tested it with build 312 and the original problem went away. Now > I am seeing a new problem with null BLOBs only: > > java.sql.SQLException: ERROR: column "blob_col" is of type bytea but > expression is of type oid bytea is not the correct type to use when storing Blobs. You need to use oid as the underlying type, or if you want to use bytea you need to use setBytes or setNull(x, Types.BINARY). Kris Jurka On Jul 21, 2005, at 6:26 PM, Kasubaski, Matt wrote: > I think this may be caused by a mismatch between how the DB was built > and how OfBiz is configured. The error looks like the database has the > wrong column type than what is expected. > > Entitymodel_shipment.xml defines "labelimage" as: > <entity entity-name="ShipmentPackageRouteSeg" ...> > <field name="labelImage" type="blob"></field> > > > Fieldtypepostgres.xml has "blob" defined as: > <field-type-def type="blob" sql-type="OID" > java-type="java.lang.Object"></field-type-def> > > Fieldtypepostgres72.xml has "blob" defined as: > <field-type-def type="blob" sql-type="BYTEA" > java-type="java.lang.Object"></field-type-def> > > It would appear that the database was built using the > fieldtypepostgres.xml, but is now using fieldtypepostgres72.xml. The > older JDBC may not have made a distinction between the two types, but > the new one does. > > My suggestion would be to change the column type to "BYTEA", or > recreate > the database using the new driver. (Use export/import XML if you need > to save data.) > > Matt > > -----Original Message----- > From: [hidden email] [mailto:[hidden email]] > On Behalf Of J. Eckard > Sent: Tuesday, July 12, 2005 5:12 PM > To: OFBiz Project Development Discussion > Subject: [OFBiz] Dev - Updated PostgreSQL Driver > > After updating my local PostgreSQL jdbc driver to the latest version in > > SVN, things seemed ok, but when I tried to quickship an order, I got > the following error: > > ---- exception report > ---------------------------------------------------------- > Exception: org.ofbiz.entity.GenericEntityException > Message: Exception while inserting the following entity: > [GenericEntity:ShipmentPackageRouteSeg][createdTxStamp,2005-07-12 > 17:56: > 18.412(java.sql.Timestamp)][shipmentRouteSegmentId,00001(java.lang.Stri > n > > g)][shipmentId,70026(java.lang.String)][lastUpdatedTxStamp,2005-07-12 > 17:56: > 18.412(java.sql.Timestamp)][shipmentPackageSeqId,00001(java.lang.String > ) > > ][createdStamp,2005-07-12 > 17:56:18.412(java.sql.Timestamp)][lastUpdatedStamp,2005-07-12 > 17:56:18.412(java.sql.Timestamp)] (while inserting: > [GenericEntity:ShipmentPackageRouteSeg][createdTxStamp,2005-07-12 > 17:56: > 18.412(java.sql.Timestamp)][shipmentRouteSegmentId,00001(java.lang.Stri > n > > g)][shipmentId,70026(java.lang.String)][lastUpdatedTxStamp,2005-07-12 > 17:56: > 18.412(java.sql.Timestamp)][shipmentPackageSeqId,00001(java.lang.String > ) > > ][createdStamp,2005-07-12 > 17:56:18.412(java.sql.Timestamp)][lastUpdatedStamp,2005-07-12 > 17:56:18.412(java.sql.Timestamp)] (SQL Exception while executing the > following:INSERT INTO public.SHIPMENT_PACKAGE_ROUTE_SEG (SHIPMENT_ID, > SHIPMENT_PACKAGE_SEQ_ID, SHIPMENT_ROUTE_SEGMENT_ID, TRACKING_CODE, > BOX_NUMBER, LABEL_IMAGE, LABEL_INTL_SIGN_IMAGE, LABEL_HTML, > PACKAGE_TRANSPORT_COST, PACKAGE_SERVICE_COST, PACKAGE_OTHER_COST, > COD_AMOUNT, INSURED_AMOUNT, CURRENCY_UOM_ID, LAST_UPDATED_STAMP, > LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, > ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (ERROR: column > "label_image" is of type bytea but expression is of type oid))) > > This isn't an isolated error, it happens for any order. I have not > updated the PostgreSQL server itself, it is still at 7.4.6. > > Any suggestions for a fix would be greatly appreciated... > > -Joe > > > _______________________________________________ > Dev mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/dev ------------------------------ Message: 5 Date: Mon, 01 Aug 2005 14:09:58 -0700 From: Si Chen <[hidden email]> Subject: Re: [OFBiz] Dev - System accounts & Service authorization To: OFBiz Project Development Discussion <[hidden email]> Message-ID: <[hidden email]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Ashish, Again, just my personal opinion, but I think you've formulated your problem in a way that permits only one answer. If you must keep the core as-is AND you need a different permission structure for their users, then it seems that the way you've done it is the only solution. I still think the better solution would have been to change the permission structure of the core OFBiz applications and try to get those incorporated back into OFBiz. You could have avoided essentially building two security frameworks--one that originally came with OFBiz, one that you built on top of it which relies on pushing in arbitrary user logins. This is one advantage of working with open source--you don't have to keep the core "as is" but can tailor it for your needs or improve upon it. Si Ashish Hareet wrote: >Thanks Si for explaining this to me. > >But, my problem arises from the fact that I need to keep the core as-is & build a bunch of apps >around it. For instance, I have an order entry app that will let users enter sales orders & create >customers. Now in this app, if I end up using OfBiz services I have to give the corresponding >permissions for the services used to whoever is logged in. This would mean that I end up giving >permissions to cretain other areas aswell which we don't want these users to have. Also, the custom apps >we're developing are entirely differnt apps(from OFBiz prespective). > >One possible solution(from a post long ago) was to restrict the links/forms/data available to a user >based on roles, but that in effect was not enough, cause then somebody could type a URL & possibly >get to a restricted part or we'd have to make sure that all our pages had some level of >security/role-authorization in the ftl. This part I came across seems very interesting cause it makes >it possible for me to push in a login for services only, which makes it possible to build my own >security defs using the existing framework & yet be able to use the existing services. > >Appreciate any thoughts or feedback >Ashish Hareet > >_______________________________________________ >Dev mailing list >[hidden email] >http://lists.ofbiz.org/mailman/listinfo/dev > > > ------------------------------ Message: 6 Date: Mon, 1 Aug 2005 17:04:50 -0500 From: "Ashish Hareet" <[hidden email]> Subject: [OFBiz] Dev - RE: Dev Digest, Vol 12, Issue 33 To: <[hidden email]> Message-ID: <[hidden email]> Content-Type: text/plain; charset="iso-8859-1" Si, >...to change the permission structure of the core OFBiz >applications and try to get those incorporated back into OFBiz. As tempting as this idea sounded to me first(when I started tweaking with the security stuff), it wouldn't be the right way to go. For me to push a feature back into the core OfBiz framework, it needs to pass my own scrutiny. The current OfBiz security implementation is just fine & my custom mods are very specific to our client. So I don't see the need to put my security implementation back into OfBiz. Given my situation, I'm sure that the 2 chocies I'm left with are 1. Use system login's for services. There is support already built-in 2. Modify the services I'll be using to use my security principles Si, have a look at LoginServices.userLogin, the code actually does something special with system login's. Let me know what you think. I'm looking for confirmation whether this would be a good way to provide security to services which are not in the realm of the logged in users security principles. Thanks Ashish Hareet -------- Original Message -------- Ashish, Again, just my personal opinion, but I think you've formulated your problem in a way that permits only one answer. If you must keep the core as-is AND you need a different permission structure for their users, then it seems that the way you've done it is the only solution. I still think the better solution would have been to change the permission structure of the core OFBiz applications and try to get those incorporated back into OFBiz. You could have avoided essentially building two security frameworks--one that originally came with OFBiz, one that you built on top of it which relies on pushing in arbitrary user logins. This is one advantage of working with open source--you don't have to keep the core "as is" but can tailor it for your needs or improve upon it. ------------------------------ Message: 7 Date: Mon, 1 Aug 2005 16:23:02 -0700 (PDT) From: Chris Howe <[hidden email]> Subject: [OFBiz] Dev - System accounts To: [hidden email] Message-ID: <[hidden email]> Content-Type: text/plain; charset=iso-8859-1 I'm not sure that I'm following where your issues are but I'll take a stab at it none the less. First, assuming this is a webapp, Your custom application has a mount point (/myapp) myapp will only respond to requests in the form of /myapp/control/uri All of the possible uri are listed in the controller.xml file. If you don't want one of the uri to be called take it out of the uri. If it's not the uri that is the problem, but rather the name-value pairs can get you in trouble by giving someone access to say a catalog that they should have access to, then in the uri have it run a service to validate they should have access to it. Let me know if I've totally missed the crux of your problem ========Ashish wrote: Thanks Si for explaining this to me. But, my problem arises from the fact that I need to keep the core as-is & build a bunch of apps around it. For instance, I have an order entry app that will let users enter sales orders & create customers. Now in this app, if I end up using OfBiz services I have to give the corresponding permissions for the services used to whoever is logged in. This would mean that I end up giving permissions to cretain other areas aswell which we don't want these users to have. Also, the custom apps we're developing are entirely differnt apps(from OFBiz prespective). One possible solution(from a post long ago) was to restrict the links/forms/data available to a user based on roles, but that in effect was not enough, cause then somebody could type a URL & possibly get to a restricted part or we'd have to make sure that all our pages had some level of security/role-authorization in the ftl. This part I came across seems very interesting cause it makes it possible for me to push in a login for services only, which makes it possible to build my own security defs using the existing framework & yet be able to use the existing services. Appreciate any thoughts or feedback Ashish Hareet ------------------------------ Message: 8 Date: Mon, 01 Aug 2005 17:06:41 -0700 From: Si Chen <[hidden email]> Subject: Re: [OFBiz] Dev - RE: Dev Digest, Vol 12, Issue 33 To: OFBiz Project Development Discussion <[hidden email]> Message-ID: <[hidden email]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Ashish, I'm sorry, this is where my knowledge of OFBiz fails me. I'm not sure why there is this special treatment for system logins. It is set to disabled from the seed data, so perhaps it is an older way of doing things. But it's better if David & Andy can weigh in on this. As for your two options, just go with the ones which takes less time. You would know your specific needs best... Si Ashish Hareet wrote: >Si, > > > >>...to change the permission structure of the core OFBiz >>applications and try to get those incorporated back into OFBiz. >> >> > >As tempting as this idea sounded to me first(when I started tweaking with >the security stuff), it wouldn't be the right way to go. For me to push >a feature back into the core OfBiz framework, it needs to pass my own >scrutiny. The current OfBiz security implementation is just fine & >my custom mods are very specific to our client. So I don't see the need >to put my security implementation back into OfBiz. > >Given my situation, I'm sure that the 2 chocies I'm left with are >1. Use system login's for services. There is support already built-in >2. Modify the services I'll be using to use my security principles > >Si, have a look at LoginServices.userLogin, the code actually does >something special with system login's. Let me know what you think. > >I'm looking for confirmation whether this would be a good way to >provide security to services which are not in the realm of the >logged in users security principles. > >Thanks >Ashish Hareet > > > > >-------- Original Message -------- >Ashish, > >Again, just my personal opinion, but I think you've formulated your >problem in a way that permits only one answer. If you must keep the >core as-is AND you need a different permission structure for their >users, then it seems that the way you've done it is the only solution. > >I still think the better solution would have been to change the >permission structure of the core OFBiz applications and try to get those >incorporated back into OFBiz. You could have avoided essentially >building two security frameworks--one that originally came with OFBiz, >one that you built on top of it which relies on pushing in arbitrary >user logins. > >This is one advantage of working with open source--you don't have to >keep the core "as is" but can tailor it for your needs or improve upon it. > >_______________________________________________ >Dev mailing list >[hidden email] >http://lists.ofbiz.org/mailman/listinfo/dev > > > ------------------------------ Message: 9 Date: Mon, 1 Aug 2005 22:25:13 -0600 From: "David E. Jones" <[hidden email]> Subject: Re: [OFBiz] Dev - Updated PostgreSQL Driver To: OFBiz Project Development Discussion <[hidden email]> Message-ID: <[hidden email]> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed I have changed the default from BYTEA to OID in the fieldtypepostgres.xml file. Thanks for the update. -David On Aug 1, 2005, at 3:01 PM, J. Eckard wrote: > Finally found an answer on this one... when you attempt to store a > null in a BYTEA column with a current postgresql JDBC driver, > you'll get an exception. From the following message to the pgsql- > jdbc list, it looks like we may need to update the fieldtype defs > for postgres to use OID instead of BYTEA for blobs. > > (from http://archives.postgresql.org/pgsql-jdbc/2005-08/msg00003.php ) > > On Mon, 1 Aug 2005, Andrus Adamchik wrote: > > > Just tested it with build 312 and the original problem went away. > Now > > I am seeing a new problem with null BLOBs only: > > > > java.sql.SQLException: ERROR: column "blob_col" is of type bytea but > > expression is of type oid > > bytea is not the correct type to use when storing Blobs. You need > to use > oid as the underlying type, or if you want to use bytea you need to > use > setBytes or setNull(x, Types.BINARY). > > Kris Jurka > > On Jul 21, 2005, at 6:26 PM, Kasubaski, Matt wrote: > > >> I think this may be caused by a mismatch between how the DB was built >> and how OfBiz is configured. The error looks like the database >> has the >> wrong column type than what is expected. >> >> Entitymodel_shipment.xml defines "labelimage" as: >> <entity entity-name="ShipmentPackageRouteSeg" ...> >> <field name="labelImage" type="blob"></field> >> >> >> Fieldtypepostgres.xml has "blob" defined as: >> <field-type-def type="blob" sql-type="OID" >> java-type="java.lang.Object"></field-type-def> >> >> Fieldtypepostgres72.xml has "blob" defined as: >> <field-type-def type="blob" sql-type="BYTEA" >> java-type="java.lang.Object"></field-type-def> >> >> It would appear that the database was built using the >> fieldtypepostgres.xml, but is now using fieldtypepostgres72.xml. The >> older JDBC may not have made a distinction between the two types, but >> the new one does. >> >> My suggestion would be to change the column type to "BYTEA", or >> recreate >> the database using the new driver. (Use export/import XML if you >> need >> to save data.) >> >> Matt >> >> -----Original Message----- >> From: [hidden email] [mailto:dev- >> [hidden email]] >> On Behalf Of J. Eckard >> Sent: Tuesday, July 12, 2005 5:12 PM >> To: OFBiz Project Development Discussion >> Subject: [OFBiz] Dev - Updated PostgreSQL Driver >> >> After updating my local PostgreSQL jdbc driver to the latest >> version in >> >> SVN, things seemed ok, but when I tried to quickship an order, I got >> the following error: >> >> ---- exception report >> ---------------------------------------------------------- >> Exception: org.ofbiz.entity.GenericEntityException >> Message: Exception while inserting the following entity: >> [GenericEntity:ShipmentPackageRouteSeg][createdTxStamp,2005-07-12 >> 17:56: >> 18.412(java.sql.Timestamp)][shipmentRouteSegmentId,00001 >> (java.lang.Strin >> >> g)][shipmentId,70026(java.lang.String)][lastUpdatedTxStamp,2005-07-12 >> 17:56: >> 18.412(java.sql.Timestamp)][shipmentPackageSeqId,00001 >> (java.lang.String) >> >> ][createdStamp,2005-07-12 >> 17:56:18.412(java.sql.Timestamp)][lastUpdatedStamp,2005-07-12 >> 17:56:18.412(java.sql.Timestamp)] (while inserting: >> [GenericEntity:ShipmentPackageRouteSeg][createdTxStamp,2005-07-12 >> 17:56: >> 18.412(java.sql.Timestamp)][shipmentRouteSegmentId,00001 >> (java.lang.Strin >> >> g)][shipmentId,70026(java.lang.String)][lastUpdatedTxStamp,2005-07-12 >> 17:56: >> 18.412(java.sql.Timestamp)][shipmentPackageSeqId,00001 >> (java.lang.String) >> >> ][createdStamp,2005-07-12 >> 17:56:18.412(java.sql.Timestamp)][lastUpdatedStamp,2005-07-12 >> 17:56:18.412(java.sql.Timestamp)] (SQL Exception while executing the >> following:INSERT INTO public.SHIPMENT_PACKAGE_ROUTE_SEG (SHIPMENT_ID, >> SHIPMENT_PACKAGE_SEQ_ID, SHIPMENT_ROUTE_SEGMENT_ID, TRACKING_CODE, >> BOX_NUMBER, LABEL_IMAGE, LABEL_INTL_SIGN_IMAGE, LABEL_HTML, >> PACKAGE_TRANSPORT_COST, PACKAGE_SERVICE_COST, PACKAGE_OTHER_COST, >> COD_AMOUNT, INSURED_AMOUNT, CURRENCY_UOM_ID, LAST_UPDATED_STAMP, >> LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, >> ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (ERROR: column >> "label_image" is of type bytea but expression is of type oid))) >> >> This isn't an isolated error, it happens for any order. I have not >> updated the PostgreSQL server itself, it is still at 7.4.6. >> >> Any suggestions for a fix would be greatly appreciated... >> >> -Joe >> >> >> _______________________________________________ >> Dev mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/dev >> > > _______________________________________________ > Dev mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/dev > ------------------------------ _______________________________________________ Dev mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/dev End of Dev Digest, Vol 13, Issue 2 ********************************** _______________________________________________ Dev mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/dev |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |