this is where using the example, exampleext, and the
wiki startup example will help. this is where ofbiz is different than opentaps. and the links to the information that has been give you in the past come into play. there is no quick way to learn ofbiz. :) error is saying the main decorator has not been defined in the web.xml parms. you should check you complete component against the framework/example. Milind W sent the following on 8/3/2008 11:07 PM: > I changed my controller to conform with the example controller.xml. > Now it does attempt to send me to the login screen but get the following > error. > > org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen > [component://common/widget/CommonScreens.xml#login]: > java.lang.IllegalArgumentException: Could not find screen with name > [main-decorator] in the same file as the screen with name [login] (Could > not find screen with name [main-decorator] in the same file as the screen > with name [login]) > > Help! >> your controller does not conform to the current svn controllers. >> please review them. >> >> >> Milind W sent the following on 8/3/2008 5:35 PM: >>> I got the updated files. >>> Did ant clean and then a new build. >>> I still see the SAME behavior described in my previous email. >>> I am attaching my controller.xml >>> >>>> here is the fix >>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>> >>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>> Just tried "ant clean" it made no difference. >>>>> I can proceed to main without being redirected to login with >>>>> rev#679258. >>>>> >>>>> >>>>> Relevant log for rev#679258 >>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response >>>>> is >>>>> a >>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>> UtilJ2eeCompat.java:69 >>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>> UtilJ2eeCompat.java:78 >>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write text >>>>> out >>>>> instead of response.getOutputStream >>>>> >>>>> and with rev#677863 >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> LoginWorker.java:263:INFO ] queryString: >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is >>>>> a >>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>> response.getWriter to write text out instead of >>>>> response.getOutputStream >>>>> >>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>> rev#679258. >>>>> Any Idea? >>>>> >>>>>> Did you try an "ant clean" ? There have been some changes recently >>>>>> that >>>>>> implie this cleanup. >>>>>> >>>>>> Jacques >>>>>> >>>>>> From: "Milind W" <[hidden email]> >>>>>>> Looks like I have a problem making this example work with >>>>>>> revision#679258 >>>>>>> >>>>>>> It worked fine (i.e I was redirected to login screen before I could >>>>>>> get >>>>>>> to >>>>>>> main) with rev#677863 >>>>>>> >>>>>>> Looks like the view >>>>>>> <view-map name="login" type="screen" >>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>> is part of the problem. The CommonScreens.xml has moved and does no >>>>>>> longer >>>>>>> seem to have the 'login' screen. >>>>>>> >>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>> another >>>>>>> one >>>>>>> in the 'common' component and modified my hello controller to point >>>>>>> to >>>>>>> <view-map name="login" type="screen" >>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>> but it is no acting the same as previously. >>>>>>> >>>>>>> Please let me know what is missing (or any suggestion how best to >>>>>>> illustrate login) so I can complete and contribute my tutorial for >>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>> specific >>>>>>> build. >>>>>>> >>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>> >>>>>>> Thanks >>>>>>> -Milind >>>>>>> >>>>>>>> hi, >>>>>>>> I got login to work by adding the changes below to my controller >>>>>>>> using >>>>>>>> ofbiz4.0. >>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission >>>>>>>> not >>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>> "The right way is to assume no permission until one of the list of >>>>>>>> permissions is met." Seems more intitutive. >>>>>>>> For now I can workaround it so thanks all. >>>>>>>> -Milind >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> <preprocessor> >>>>>>>> <!-- Events to run on every request before security (chains >>>>>>>> exempt) --> >>>>>>>> <!-- <event type="java" >>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>> invoke="test"/> --> >>>>>>>> <event type="java" >>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>> </preprocessor> >>>>>>>> >>>>>>>> <!-- Request Mappings --> >>>>>>>> >>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>> <security https="false" auth="false"/> >>>>>>>> <event type="java" >>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>> invoke="checkLogin" /> >>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>> </request-map> >>>>>>>> >>>>>>>> <request-map uri="login"> >>>>>>>> <security https="false" auth="false"/> >>>>>>>> <event type="java" >>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>> invoke="login"/> >>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>> </request-map> >>>>>>>> >>>>>>>> >>>>>>>> <request-map uri="main"> >>>>>>>> <security https="false" auth="true" /> >>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>> </request-map> >>>>>>>> >>>>>>>> <view-map name="login" type="screen" >>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>> >>>>>>>> >>>>>>>>> Not with a direct link to the comment where is the explanation ;p >>>>>>>>> Actually it was more a didactic post >>>>>>>>> >>>>>>>>> Jacques >>>>>>>>> >>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>> LOL >>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>> >>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>> >>>>>>>>>>> You would have get >>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Jacques >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>> <[hidden email]> >>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>> Should'nt adding >>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user id >>>>>>>>>>>> that >>>>>>>>>>>> is >>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>> I can see the application I created and the line seems to have >>>>>>>>>>>> no >>>>>>>>>>>> effect. >>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>> Thanks >>>>>>>>>>>> -Milind >>>>>>>>>>>> >>>>>>>>>>>>> Please not that opentaps is not at the same level of revision >>>>>>>>>>>>> that >>>>>>>>>>>>> ofbiz >>>>>>>>>>>>> it >>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>> framework/example >>>>>>>>>>>>> and >>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>> since they work already. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI to >>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>> >>>>> >>>>> >> > > > > > |
hi BJ,
It is sad that there is no quick way to learn ofbiz (still). What makes it more difficult is the part where you have to reverse engineer the code or existing configuration to undesrtand how to do things. IMHO 1)Reverse engineering and going through existing code has its place but not as a newbie. 2)The most basic features and capabilities should be easy to learn or at least there should be tutorials for those ideally these should be free for something thats open source. 3)I do understand that people who made this possible have every right to benefit from this . 3)I guess there are some but nothing that is free so looks like the practical way to learn the framework is to spend 350$ and > this is where using the example, exampleext, and the > wiki startup example will help. > this is where ofbiz is different than opentaps. > and the links to the information that has been give you in the past come > into play. > there is no quick way to learn ofbiz. > :) > error is saying the main decorator has not been defined in the web.xml > parms. > > you should check you complete component against the framework/example. > > Milind W sent the following on 8/3/2008 11:07 PM: >> I changed my controller to conform with the example controller.xml. >> Now it does attempt to send me to the login screen but get the following >> error. >> >> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >> [component://common/widget/CommonScreens.xml#login]: >> java.lang.IllegalArgumentException: Could not find screen with name >> [main-decorator] in the same file as the screen with name [login] (Could >> not find screen with name [main-decorator] in the same file as the >> screen >> with name [login]) >> >> Help! >>> your controller does not conform to the current svn controllers. >>> please review them. >>> >>> >>> Milind W sent the following on 8/3/2008 5:35 PM: >>>> I got the updated files. >>>> Did ant clean and then a new build. >>>> I still see the SAME behavior described in my previous email. >>>> I am attaching my controller.xml >>>> >>>>> here is the fix >>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>> >>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>> Just tried "ant clean" it made no difference. >>>>>> I can proceed to main without being redirected to login with >>>>>> rev#679258. >>>>>> >>>>>> >>>>>> Relevant log for rev#679258 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response >>>>>> is >>>>>> a >>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>> UtilJ2eeCompat.java:69 >>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>> UtilJ2eeCompat.java:78 >>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>> text >>>>>> out >>>>>> instead of response.getOutputStream >>>>>> >>>>>> and with rev#677863 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response >>>>>> is >>>>>> a >>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>> response.getWriter to write text out instead of >>>>>> response.getOutputStream >>>>>> >>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>> rev#679258. >>>>>> Any Idea? >>>>>> >>>>>>> Did you try an "ant clean" ? There have been some changes recently >>>>>>> that >>>>>>> implie this cleanup. >>>>>>> >>>>>>> Jacques >>>>>>> >>>>>>> From: "Milind W" <[hidden email]> >>>>>>>> Looks like I have a problem making this example work with >>>>>>>> revision#679258 >>>>>>>> >>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>> could >>>>>>>> get >>>>>>>> to >>>>>>>> main) with rev#677863 >>>>>>>> >>>>>>>> Looks like the view >>>>>>>> <view-map name="login" type="screen" >>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>> no >>>>>>>> longer >>>>>>>> seem to have the 'login' screen. >>>>>>>> >>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>> another >>>>>>>> one >>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>> point >>>>>>>> to >>>>>>>> <view-map name="login" type="screen" >>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>> but it is no acting the same as previously. >>>>>>>> >>>>>>>> Please let me know what is missing (or any suggestion how best to >>>>>>>> illustrate login) so I can complete and contribute my tutorial for >>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>> specific >>>>>>>> build. >>>>>>>> >>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>> >>>>>>>> Thanks >>>>>>>> -Milind >>>>>>>> >>>>>>>>> hi, >>>>>>>>> I got login to work by adding the changes below to my controller >>>>>>>>> using >>>>>>>>> ofbiz4.0. >>>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission >>>>>>>>> not >>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>> of >>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>> -Milind >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> <preprocessor> >>>>>>>>> <!-- Events to run on every request before security >>>>>>>>> (chains >>>>>>>>> exempt) --> >>>>>>>>> <!-- <event type="java" >>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>> invoke="test"/> --> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>> </preprocessor> >>>>>>>>> >>>>>>>>> <!-- Request Mappings --> >>>>>>>>> >>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>> <security https="false" auth="false"/> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="checkLogin" /> >>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> <request-map uri="login"> >>>>>>>>> <security https="false" auth="false"/> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="login"/> >>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> >>>>>>>>> <request-map uri="main"> >>>>>>>>> <security https="false" auth="true" /> >>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>> ;p >>>>>>>>>> Actually it was more a didactic post >>>>>>>>>> >>>>>>>>>> Jacques >>>>>>>>>> >>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>> LOL >>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>> >>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>> >>>>>>>>>>>> You would have get >>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Jacques >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>> id >>>>>>>>>>>>> that >>>>>>>>>>>>> is >>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>> have >>>>>>>>>>>>> no >>>>>>>>>>>>> effect. >>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>> Thanks >>>>>>>>>>>>> -Milind >>>>>>>>>>>>> >>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>> revision >>>>>>>>>>>>>> that >>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>> it >>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>> and >>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>> >>>>>> >>>>>> >>> >> >> >> >> >> > > |
In reply to this post by BJ Freeman
hi BJ,
I finally got the login to work. I think its sad that its difficult to learn ofbiz and I think it does not have to be this way and no I am not trying to learn opentaps. I was trying to use the login screens from the 'common' application but then starting running into issues with UI labels etc. I wanted to build the simplest application to demonstrate login and probably contribute a tutorial for the same. So I looked at the login.ftl in the 'common' (component or application not sure what the correct term is) and reused that. Now every thing works as I expect it to. Thanks -Milind > this is where using the example, exampleext, and the > wiki startup example will help. > this is where ofbiz is different than opentaps. > and the links to the information that has been give you in the past come > into play. > there is no quick way to learn ofbiz. > :) > error is saying the main decorator has not been defined in the web.xml > parms. > > you should check you complete component against the framework/example. > > Milind W sent the following on 8/3/2008 11:07 PM: >> I changed my controller to conform with the example controller.xml. >> Now it does attempt to send me to the login screen but get the following >> error. >> >> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >> [component://common/widget/CommonScreens.xml#login]: >> java.lang.IllegalArgumentException: Could not find screen with name >> [main-decorator] in the same file as the screen with name [login] (Could >> not find screen with name [main-decorator] in the same file as the >> screen >> with name [login]) >> >> Help! >>> your controller does not conform to the current svn controllers. >>> please review them. >>> >>> >>> Milind W sent the following on 8/3/2008 5:35 PM: >>>> I got the updated files. >>>> Did ant clean and then a new build. >>>> I still see the SAME behavior described in my previous email. >>>> I am attaching my controller.xml >>>> >>>>> here is the fix >>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>> >>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>> Just tried "ant clean" it made no difference. >>>>>> I can proceed to main without being redirected to login with >>>>>> rev#679258. >>>>>> >>>>>> >>>>>> Relevant log for rev#679258 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response >>>>>> is >>>>>> a >>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>> UtilJ2eeCompat.java:69 >>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>> UtilJ2eeCompat.java:78 >>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>> text >>>>>> out >>>>>> instead of response.getOutputStream >>>>>> >>>>>> and with rev#677863 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response >>>>>> is >>>>>> a >>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>> response.getWriter to write text out instead of >>>>>> response.getOutputStream >>>>>> >>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>> rev#679258. >>>>>> Any Idea? >>>>>> >>>>>>> Did you try an "ant clean" ? There have been some changes recently >>>>>>> that >>>>>>> implie this cleanup. >>>>>>> >>>>>>> Jacques >>>>>>> >>>>>>> From: "Milind W" <[hidden email]> >>>>>>>> Looks like I have a problem making this example work with >>>>>>>> revision#679258 >>>>>>>> >>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>> could >>>>>>>> get >>>>>>>> to >>>>>>>> main) with rev#677863 >>>>>>>> >>>>>>>> Looks like the view >>>>>>>> <view-map name="login" type="screen" >>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>> no >>>>>>>> longer >>>>>>>> seem to have the 'login' screen. >>>>>>>> >>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>> another >>>>>>>> one >>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>> point >>>>>>>> to >>>>>>>> <view-map name="login" type="screen" >>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>> but it is no acting the same as previously. >>>>>>>> >>>>>>>> Please let me know what is missing (or any suggestion how best to >>>>>>>> illustrate login) so I can complete and contribute my tutorial for >>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>> specific >>>>>>>> build. >>>>>>>> >>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>> >>>>>>>> Thanks >>>>>>>> -Milind >>>>>>>> >>>>>>>>> hi, >>>>>>>>> I got login to work by adding the changes below to my controller >>>>>>>>> using >>>>>>>>> ofbiz4.0. >>>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission >>>>>>>>> not >>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>> of >>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>> -Milind >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> <preprocessor> >>>>>>>>> <!-- Events to run on every request before security >>>>>>>>> (chains >>>>>>>>> exempt) --> >>>>>>>>> <!-- <event type="java" >>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>> invoke="test"/> --> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>> </preprocessor> >>>>>>>>> >>>>>>>>> <!-- Request Mappings --> >>>>>>>>> >>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>> <security https="false" auth="false"/> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="checkLogin" /> >>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> <request-map uri="login"> >>>>>>>>> <security https="false" auth="false"/> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="login"/> >>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> >>>>>>>>> <request-map uri="main"> >>>>>>>>> <security https="false" auth="true" /> >>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>> ;p >>>>>>>>>> Actually it was more a didactic post >>>>>>>>>> >>>>>>>>>> Jacques >>>>>>>>>> >>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>> LOL >>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>> >>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>> >>>>>>>>>>>> You would have get >>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Jacques >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>> id >>>>>>>>>>>>> that >>>>>>>>>>>>> is >>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>> have >>>>>>>>>>>>> no >>>>>>>>>>>>> effect. >>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>> Thanks >>>>>>>>>>>>> -Milind >>>>>>>>>>>>> >>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>> revision >>>>>>>>>>>>>> that >>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>> it >>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>> and >>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>> >>>>>> >>>>>> >>> >> >> >> >> >> > > |
In reply to this post by Milind W-2
our documentation is community driven.
and it has significantly grown in the last few years. the basics are hard to grasp for object, DB driven, programmers. so a lot of the learning is unlearning. I struggle with getting my mind around it for a few years. now it seem so clear. my dad use to say. everything cost time or money, sometimes both. so you ask why I stick with it. because of all the software out there this seemed the most likely to fit needs of my clients. the tutorials are free except for the advance stuff. open source does not necessarily mean free. it means you get the source. just like the years I spent developing the yahoo interface. I would like to get some of that back before everyone becomes my competitor. The people that made this possible have clients that funded the code and then allowed them to give it to the community. not the other way around. Milind W sent the following on 8/4/2008 8:46 PM: > hi BJ, > It is sad that there is no quick way to learn ofbiz (still). > What makes it more difficult is the part where you have to reverse > engineer the code or existing configuration to undesrtand how to do > things. > IMHO > 1)Reverse engineering and going through existing code has its place but > not as a newbie. > 2)The most basic features and capabilities should be easy to learn or at > least there should be tutorials for those ideally these should be free for > something thats open source. > 3)I do understand that people who made this possible have every right to > benefit from this . > 3)I guess there are some but nothing that is free so looks like the > practical way to learn the framework is to spend 350$ and > >> this is where using the example, exampleext, and the >> wiki startup example will help. >> this is where ofbiz is different than opentaps. >> and the links to the information that has been give you in the past come >> into play. >> there is no quick way to learn ofbiz. >> :) >> error is saying the main decorator has not been defined in the web.xml >> parms. >> >> you should check you complete component against the framework/example. >> >> Milind W sent the following on 8/3/2008 11:07 PM: >>> I changed my controller to conform with the example controller.xml. >>> Now it does attempt to send me to the login screen but get the following >>> error. >>> >>> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >>> [component://common/widget/CommonScreens.xml#login]: >>> java.lang.IllegalArgumentException: Could not find screen with name >>> [main-decorator] in the same file as the screen with name [login] (Could >>> not find screen with name [main-decorator] in the same file as the >>> screen >>> with name [login]) >>> >>> Help! >>>> your controller does not conform to the current svn controllers. >>>> please review them. >>>> >>>> >>>> Milind W sent the following on 8/3/2008 5:35 PM: >>>>> I got the updated files. >>>>> Did ant clean and then a new build. >>>>> I still see the SAME behavior described in my previous email. >>>>> I am attaching my controller.xml >>>>> >>>>>> here is the fix >>>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>>> >>>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>>> Just tried "ant clean" it made no difference. >>>>>>> I can proceed to main without being redirected to login with >>>>>>> rev#679258. >>>>>>> >>>>>>> >>>>>>> Relevant log for rev#679258 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response >>>>>>> is >>>>>>> a >>>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>> UtilJ2eeCompat.java:69 >>>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>> UtilJ2eeCompat.java:78 >>>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>>> text >>>>>>> out >>>>>>> instead of response.getOutputStream >>>>>>> >>>>>>> and with rev#677863 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response >>>>>>> is >>>>>>> a >>>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>>> response.getWriter to write text out instead of >>>>>>> response.getOutputStream >>>>>>> >>>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>>> rev#679258. >>>>>>> Any Idea? >>>>>>> >>>>>>>> Did you try an "ant clean" ? There have been some changes recently >>>>>>>> that >>>>>>>> implie this cleanup. >>>>>>>> >>>>>>>> Jacques >>>>>>>> >>>>>>>> From: "Milind W" <[hidden email]> >>>>>>>>> Looks like I have a problem making this example work with >>>>>>>>> revision#679258 >>>>>>>>> >>>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>>> could >>>>>>>>> get >>>>>>>>> to >>>>>>>>> main) with rev#677863 >>>>>>>>> >>>>>>>>> Looks like the view >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>>> no >>>>>>>>> longer >>>>>>>>> seem to have the 'login' screen. >>>>>>>>> >>>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>>> another >>>>>>>>> one >>>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>>> point >>>>>>>>> to >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>>> but it is no acting the same as previously. >>>>>>>>> >>>>>>>>> Please let me know what is missing (or any suggestion how best to >>>>>>>>> illustrate login) so I can complete and contribute my tutorial for >>>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>>> specific >>>>>>>>> build. >>>>>>>>> >>>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> -Milind >>>>>>>>> >>>>>>>>>> hi, >>>>>>>>>> I got login to work by adding the changes below to my controller >>>>>>>>>> using >>>>>>>>>> ofbiz4.0. >>>>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission >>>>>>>>>> not >>>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>>> of >>>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>>> -Milind >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <preprocessor> >>>>>>>>>> <!-- Events to run on every request before security >>>>>>>>>> (chains >>>>>>>>>> exempt) --> >>>>>>>>>> <!-- <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>>> invoke="test"/> --> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>>> </preprocessor> >>>>>>>>>> >>>>>>>>>> <!-- Request Mappings --> >>>>>>>>>> >>>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="checkLogin" /> >>>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> <request-map uri="login"> >>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="login"/> >>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <request-map uri="main"> >>>>>>>>>> <security https="false" auth="true" /> >>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>>> ;p >>>>>>>>>>> Actually it was more a didactic post >>>>>>>>>>> >>>>>>>>>>> Jacques >>>>>>>>>>> >>>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>>> LOL >>>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>>> >>>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>>> >>>>>>>>>>>>> You would have get >>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Jacques >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>>> id >>>>>>>>>>>>>> that >>>>>>>>>>>>>> is >>>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>>> have >>>>>>>>>>>>>> no >>>>>>>>>>>>>> effect. >>>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>>> revision >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>>> it >>>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>> >>>>>>> >>> >>> >>> >>> >> > > > > > |
In reply to this post by Milind W-2
I am sure the community will be glad to see the documentation you
provide from you experience. hang in there it does get easier. Milind W sent the following on 8/4/2008 9:01 PM: > hi BJ, > I finally got the login to work. > I think its sad that its difficult to learn ofbiz and I think it does not > have to be this way and no I am not trying to learn opentaps. I was trying > to use the login screens from the 'common' application but then starting > running into issues with UI labels etc. I wanted to build the simplest > application to demonstrate login and probably contribute a tutorial for > the same. > So I looked at the login.ftl in the 'common' (component or application not > sure what the correct term is) and reused that. > Now every thing works as I expect it to. > Thanks > -Milind > > >> this is where using the example, exampleext, and the >> wiki startup example will help. >> this is where ofbiz is different than opentaps. >> and the links to the information that has been give you in the past come >> into play. >> there is no quick way to learn ofbiz. >> :) >> error is saying the main decorator has not been defined in the web.xml >> parms. >> >> you should check you complete component against the framework/example. >> >> Milind W sent the following on 8/3/2008 11:07 PM: >>> I changed my controller to conform with the example controller.xml. >>> Now it does attempt to send me to the login screen but get the following >>> error. >>> >>> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >>> [component://common/widget/CommonScreens.xml#login]: >>> java.lang.IllegalArgumentException: Could not find screen with name >>> [main-decorator] in the same file as the screen with name [login] (Could >>> not find screen with name [main-decorator] in the same file as the >>> screen >>> with name [login]) >>> >>> Help! >>>> your controller does not conform to the current svn controllers. >>>> please review them. >>>> >>>> >>>> Milind W sent the following on 8/3/2008 5:35 PM: >>>>> I got the updated files. >>>>> Did ant clean and then a new build. >>>>> I still see the SAME behavior described in my previous email. >>>>> I am attaching my controller.xml >>>>> >>>>>> here is the fix >>>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>>> >>>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>>> Just tried "ant clean" it made no difference. >>>>>>> I can proceed to main without being redirected to login with >>>>>>> rev#679258. >>>>>>> >>>>>>> >>>>>>> Relevant log for rev#679258 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response >>>>>>> is >>>>>>> a >>>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>> UtilJ2eeCompat.java:69 >>>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>> UtilJ2eeCompat.java:78 >>>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>>> text >>>>>>> out >>>>>>> instead of response.getOutputStream >>>>>>> >>>>>>> and with rev#677863 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response >>>>>>> is >>>>>>> a >>>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>>> response.getWriter to write text out instead of >>>>>>> response.getOutputStream >>>>>>> >>>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>>> rev#679258. >>>>>>> Any Idea? >>>>>>> >>>>>>>> Did you try an "ant clean" ? There have been some changes recently >>>>>>>> that >>>>>>>> implie this cleanup. >>>>>>>> >>>>>>>> Jacques >>>>>>>> >>>>>>>> From: "Milind W" <[hidden email]> >>>>>>>>> Looks like I have a problem making this example work with >>>>>>>>> revision#679258 >>>>>>>>> >>>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>>> could >>>>>>>>> get >>>>>>>>> to >>>>>>>>> main) with rev#677863 >>>>>>>>> >>>>>>>>> Looks like the view >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>>> no >>>>>>>>> longer >>>>>>>>> seem to have the 'login' screen. >>>>>>>>> >>>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>>> another >>>>>>>>> one >>>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>>> point >>>>>>>>> to >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>>> but it is no acting the same as previously. >>>>>>>>> >>>>>>>>> Please let me know what is missing (or any suggestion how best to >>>>>>>>> illustrate login) so I can complete and contribute my tutorial for >>>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>>> specific >>>>>>>>> build. >>>>>>>>> >>>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> -Milind >>>>>>>>> >>>>>>>>>> hi, >>>>>>>>>> I got login to work by adding the changes below to my controller >>>>>>>>>> using >>>>>>>>>> ofbiz4.0. >>>>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission >>>>>>>>>> not >>>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>>> of >>>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>>> -Milind >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <preprocessor> >>>>>>>>>> <!-- Events to run on every request before security >>>>>>>>>> (chains >>>>>>>>>> exempt) --> >>>>>>>>>> <!-- <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>>> invoke="test"/> --> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>>> </preprocessor> >>>>>>>>>> >>>>>>>>>> <!-- Request Mappings --> >>>>>>>>>> >>>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="checkLogin" /> >>>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> <request-map uri="login"> >>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="login"/> >>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <request-map uri="main"> >>>>>>>>>> <security https="false" auth="true" /> >>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>>> ;p >>>>>>>>>>> Actually it was more a didactic post >>>>>>>>>>> >>>>>>>>>>> Jacques >>>>>>>>>>> >>>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>>> LOL >>>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>>> >>>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>>> >>>>>>>>>>>>> You would have get >>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Jacques >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>>> id >>>>>>>>>>>>>> that >>>>>>>>>>>>>> is >>>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>>> have >>>>>>>>>>>>>> no >>>>>>>>>>>>>> effect. >>>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>>> revision >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>>> it >>>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>> >>>>>>> >>> >>> >>> >>> >> > > > > > |
In reply to this post by BJ Freeman
hi BJ,
That arrow left the quiver sooner then I would have liked. But anyways as I said, I definitely agree that people who have written this have every right to benefit and prosper from their effort, specially after having given away most of it for free. I sincerely hope that it happens so we can continue to use and benefit from this framework. My primary objective right now is trying to get to a point as quickly as I can in developing real world applications. Secondary objective would be to contribute whatever I can to the community in the process. So that said do you think the material http://www.undersunconsulting.com/ecommerce/control/additem/main is the fastest way know to man to get past the newbie stage? Can anyone else weigh on this as well if they have have used these tutorials? How relevant are they with the new versions of ofbiz? Thanks -Milind > our documentation is community driven. > and it has significantly grown in the last few years. > the basics are hard to grasp for object, DB driven, programmers. > so a lot of the learning is unlearning. > I struggle with getting my mind around it for a few years. > now it seem so clear. > my dad use to say. > everything cost time or money, sometimes both. > so you ask why I stick with it. > because of all the software out there this seemed the most likely to fit > needs of my clients. > the tutorials are free except for the advance stuff. > open source does not necessarily mean free. > it means you get the source. > just like the years I spent developing the yahoo interface. > I would like to get some of that back before everyone becomes my > competitor. > The people that made this possible have clients that funded the code and > then allowed them to give it to the community. not the other way around. > > > > > > > > Milind W sent the following on 8/4/2008 8:46 PM: >> hi BJ, >> It is sad that there is no quick way to learn ofbiz (still). >> What makes it more difficult is the part where you have to reverse >> engineer the code or existing configuration to undesrtand how to do >> things. >> IMHO >> 1)Reverse engineering and going through existing code has its place but >> not as a newbie. >> 2)The most basic features and capabilities should be easy to learn or at >> least there should be tutorials for those ideally these should be free >> for >> something thats open source. >> 3)I do understand that people who made this possible have every right to >> benefit from this . >> 3)I guess there are some but nothing that is free so looks like the >> practical way to learn the framework is to spend 350$ and >> >>> this is where using the example, exampleext, and the >>> wiki startup example will help. >>> this is where ofbiz is different than opentaps. >>> and the links to the information that has been give you in the past >>> come >>> into play. >>> there is no quick way to learn ofbiz. >>> :) >>> error is saying the main decorator has not been defined in the web.xml >>> parms. >>> >>> you should check you complete component against the framework/example. >>> >>> Milind W sent the following on 8/3/2008 11:07 PM: >>>> I changed my controller to conform with the example controller.xml. >>>> Now it does attempt to send me to the login screen but get the >>>> following >>>> error. >>>> >>>> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >>>> [component://common/widget/CommonScreens.xml#login]: >>>> java.lang.IllegalArgumentException: Could not find screen with name >>>> [main-decorator] in the same file as the screen with name [login] >>>> (Could >>>> not find screen with name [main-decorator] in the same file as the >>>> screen >>>> with name [login]) >>>> >>>> Help! >>>>> your controller does not conform to the current svn controllers. >>>>> please review them. >>>>> >>>>> >>>>> Milind W sent the following on 8/3/2008 5:35 PM: >>>>>> I got the updated files. >>>>>> Did ant clean and then a new build. >>>>>> I still see the SAME behavior described in my previous email. >>>>>> I am attaching my controller.xml >>>>>> >>>>>>> here is the fix >>>>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>>>> >>>>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>>>> Just tried "ant clean" it made no difference. >>>>>>>> I can proceed to main without being redirected to login with >>>>>>>> rev#679258. >>>>>>>> >>>>>>>> >>>>>>>> Relevant log for rev#679258 >>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: >>>>>>>> Response >>>>>>>> is >>>>>>>> a >>>>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>> UtilJ2eeCompat.java:69 >>>>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>> UtilJ2eeCompat.java:78 >>>>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>>>> text >>>>>>>> out >>>>>>>> instead of response.getOutputStream >>>>>>>> >>>>>>>> and with rev#677863 >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: >>>>>>>> Response >>>>>>>> is >>>>>>>> a >>>>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>>>> response.getWriter to write text out instead of >>>>>>>> response.getOutputStream >>>>>>>> >>>>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>>>> rev#679258. >>>>>>>> Any Idea? >>>>>>>> >>>>>>>>> Did you try an "ant clean" ? There have been some changes >>>>>>>>> recently >>>>>>>>> that >>>>>>>>> implie this cleanup. >>>>>>>>> >>>>>>>>> Jacques >>>>>>>>> >>>>>>>>> From: "Milind W" <[hidden email]> >>>>>>>>>> Looks like I have a problem making this example work with >>>>>>>>>> revision#679258 >>>>>>>>>> >>>>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>>>> could >>>>>>>>>> get >>>>>>>>>> to >>>>>>>>>> main) with rev#677863 >>>>>>>>>> >>>>>>>>>> Looks like the view >>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>>>> no >>>>>>>>>> longer >>>>>>>>>> seem to have the 'login' screen. >>>>>>>>>> >>>>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>>>> another >>>>>>>>>> one >>>>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>>>> point >>>>>>>>>> to >>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>>>> but it is no acting the same as previously. >>>>>>>>>> >>>>>>>>>> Please let me know what is missing (or any suggestion how best >>>>>>>>>> to >>>>>>>>>> illustrate login) so I can complete and contribute my tutorial >>>>>>>>>> for >>>>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>>>> specific >>>>>>>>>> build. >>>>>>>>>> >>>>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>>>> >>>>>>>>>> Thanks >>>>>>>>>> -Milind >>>>>>>>>> >>>>>>>>>>> hi, >>>>>>>>>>> I got login to work by adding the changes below to my >>>>>>>>>>> controller >>>>>>>>>>> using >>>>>>>>>>> ofbiz4.0. >>>>>>>>>>> I don't think I follow the reason with OFBTOOLS base >>>>>>>>>>> persmission >>>>>>>>>>> not >>>>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>>>> of >>>>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>>>> -Milind >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <preprocessor> >>>>>>>>>>> <!-- Events to run on every request before security >>>>>>>>>>> (chains >>>>>>>>>>> exempt) --> >>>>>>>>>>> <!-- <event type="java" >>>>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>>>> invoke="test"/> --> >>>>>>>>>>> <event type="java" >>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>>>> </preprocessor> >>>>>>>>>>> >>>>>>>>>>> <!-- Request Mappings --> >>>>>>>>>>> >>>>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>> <event type="java" >>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>> invoke="checkLogin" /> >>>>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>>>> </request-map> >>>>>>>>>>> >>>>>>>>>>> <request-map uri="login"> >>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>> <event type="java" >>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>> invoke="login"/> >>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>>>> </request-map> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>> <security https="false" auth="true" /> >>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>> </request-map> >>>>>>>>>>> >>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>>>> ;p >>>>>>>>>>>> Actually it was more a didactic post >>>>>>>>>>>> >>>>>>>>>>>> Jacques >>>>>>>>>>>> >>>>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>>>> LOL >>>>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>>>> >>>>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>>>> >>>>>>>>>>>>>> You would have get >>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Jacques >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>>>> id >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> is >>>>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>>>> have >>>>>>>>>>>>>>> no >>>>>>>>>>>>>>> effect. >>>>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>>>> revision >>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: >>>>>>>>>>>>>>>>>>> main >>>>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>> >>>>>>>> >>>> >>>> >>>> >>>> >>> >> >> >> >> >> > > |
On Aug 4, 2008, at 11:19 PM, Milind W wrote: > hi BJ, > That arrow left the quiver sooner then I would have liked. > But anyways as I said, I definitely agree that people who have written > this have every right to benefit and prosper from their effort, > specially > after having given away most of it for free. Are you referring to the framework training videos? Please... there's no money there. We've barely recovered the creation expense on those, and the transcript is even available for free now (and has been for months, and it was announced, and we requested help doing something with this, and nothing has been done): http://docs.ofbiz.org/display/OFBTECH/Advanced+Framework+Transcription+Work+Plan > I sincerely hope that it happens so we can continue to use and benefit > from this framework. > My primary objective right now is trying to get to a point as > quickly as I > can in developing real world applications. The best thing you can do for your own benefit is to get involved with the community. Would you expect to learn SAP overnight? Or even something like ATG or Blue Martini on the ecommerce side? > Secondary objective would be to contribute whatever I can to the > community > in the process. Please understand that the attitude and priorities you've just admitted to are the greatest hinderance to the community and how much you can benefit from it. -David > So that said do you think the material > http://www.undersunconsulting.com/ecommerce/control/additem/main > is the fastest way know to man to get past the newbie stage? > Can anyone else weigh on this as well if they have have used these > tutorials? > How relevant are they with the new versions of ofbiz? > Thanks > -Milind > > >> our documentation is community driven. >> and it has significantly grown in the last few years. >> the basics are hard to grasp for object, DB driven, programmers. >> so a lot of the learning is unlearning. >> I struggle with getting my mind around it for a few years. >> now it seem so clear. >> my dad use to say. >> everything cost time or money, sometimes both. >> so you ask why I stick with it. >> because of all the software out there this seemed the most likely >> to fit >> needs of my clients. >> the tutorials are free except for the advance stuff. >> open source does not necessarily mean free. >> it means you get the source. >> just like the years I spent developing the yahoo interface. >> I would like to get some of that back before everyone becomes my >> competitor. >> The people that made this possible have clients that funded the >> code and >> then allowed them to give it to the community. not the other way >> around. >> >> >> >> >> >> >> >> Milind W sent the following on 8/4/2008 8:46 PM: >>> hi BJ, >>> It is sad that there is no quick way to learn ofbiz (still). >>> What makes it more difficult is the part where you have to reverse >>> engineer the code or existing configuration to undesrtand how to do >>> things. >>> IMHO >>> 1)Reverse engineering and going through existing code has its >>> place but >>> not as a newbie. >>> 2)The most basic features and capabilities should be easy to learn >>> or at >>> least there should be tutorials for those ideally these should be >>> free >>> for >>> something thats open source. >>> 3)I do understand that people who made this possible have every >>> right to >>> benefit from this . >>> 3)I guess there are some but nothing that is free so looks like the >>> practical way to learn the framework is to spend 350$ and >>> >>>> this is where using the example, exampleext, and the >>>> wiki startup example will help. >>>> this is where ofbiz is different than opentaps. >>>> and the links to the information that has been give you in the past >>>> come >>>> into play. >>>> there is no quick way to learn ofbiz. >>>> :) >>>> error is saying the main decorator has not been defined in the >>>> web.xml >>>> parms. >>>> >>>> you should check you complete component against the framework/ >>>> example. >>>> >>>> Milind W sent the following on 8/3/2008 11:07 PM: >>>>> I changed my controller to conform with the example >>>>> controller.xml. >>>>> Now it does attempt to send me to the login screen but get the >>>>> following >>>>> error. >>>>> >>>>> org.ofbiz.widget.screen.ScreenRenderException: Error rendering >>>>> screen >>>>> [component://common/widget/CommonScreens.xml#login]: >>>>> java.lang.IllegalArgumentException: Could not find screen with >>>>> name >>>>> [main-decorator] in the same file as the screen with name [login] >>>>> (Could >>>>> not find screen with name [main-decorator] in the same file as the >>>>> screen >>>>> with name [login]) >>>>> >>>>> Help! >>>>>> your controller does not conform to the current svn controllers. >>>>>> please review them. >>>>>> >>>>>> >>>>>> Milind W sent the following on 8/3/2008 5:35 PM: >>>>>>> I got the updated files. >>>>>>> Did ant clean and then a new build. >>>>>>> I still see the SAME behavior described in my previous email. >>>>>>> I am attaching my controller.xml >>>>>>> >>>>>>>> here is the fix >>>>>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>>>>> >>>>>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>>>>> Just tried "ant clean" it made no difference. >>>>>>>>> I can proceed to main without being redirected to login with >>>>>>>>> rev#679258. >>>>>>>>> >>>>>>>>> >>>>>>>>> Relevant log for rev#679258 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: >>>>>>>>> Response >>>>>>>>> is >>>>>>>>> a >>>>>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>>> UtilJ2eeCompat.java:69 >>>>>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>>> UtilJ2eeCompat.java:78 >>>>>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to >>>>>>>>> write >>>>>>>>> text >>>>>>>>> out >>>>>>>>> instead of response.getOutputStream >>>>>>>>> >>>>>>>>> and with rev#677863 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: >>>>>>>>> Response >>>>>>>>> is >>>>>>>>> a >>>>>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/ >>>>>>>>> 5.5.20 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>>>>> response.getWriter to write text out instead of >>>>>>>>> response.getOutputStream >>>>>>>>> >>>>>>>>> The loginworker seems to be invoked with rev#677863 and not >>>>>>>>> with >>>>>>>>> rev#679258. >>>>>>>>> Any Idea? >>>>>>>>> >>>>>>>>>> Did you try an "ant clean" ? There have been some changes >>>>>>>>>> recently >>>>>>>>>> that >>>>>>>>>> implie this cleanup. >>>>>>>>>> >>>>>>>>>> Jacques >>>>>>>>>> >>>>>>>>>> From: "Milind W" <[hidden email]> >>>>>>>>>>> Looks like I have a problem making this example work with >>>>>>>>>>> revision#679258 >>>>>>>>>>> >>>>>>>>>>> It worked fine (i.e I was redirected to login screen >>>>>>>>>>> before I >>>>>>>>>>> could >>>>>>>>>>> get >>>>>>>>>>> to >>>>>>>>>>> main) with rev#677863 >>>>>>>>>>> >>>>>>>>>>> Looks like the view >>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>> page="component://marketing/widget/ >>>>>>>>>>> CommonScreens.xml#login" /> >>>>>>>>>>> is part of the problem. The CommonScreens.xml has moved >>>>>>>>>>> and does >>>>>>>>>>> no >>>>>>>>>>> longer >>>>>>>>>>> seem to have the 'login' screen. >>>>>>>>>>> >>>>>>>>>>> I tried finding another screen with the 'login' view. I >>>>>>>>>>> found >>>>>>>>>>> another >>>>>>>>>>> one >>>>>>>>>>> in the 'common' component and modified my hello controller >>>>>>>>>>> to >>>>>>>>>>> point >>>>>>>>>>> to >>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>>>>> but it is no acting the same as previously. >>>>>>>>>>> >>>>>>>>>>> Please let me know what is missing (or any suggestion how >>>>>>>>>>> best >>>>>>>>>>> to >>>>>>>>>>> illustrate login) so I can complete and contribute my >>>>>>>>>>> tutorial >>>>>>>>>>> for >>>>>>>>>>> security. Would hate to create a tutorial that worked with >>>>>>>>>>> one >>>>>>>>>>> specific >>>>>>>>>>> build. >>>>>>>>>>> >>>>>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind >>>>>>>>>>> %20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> -Milind >>>>>>>>>>> >>>>>>>>>>>> hi, >>>>>>>>>>>> I got login to work by adding the changes below to my >>>>>>>>>>>> controller >>>>>>>>>>>> using >>>>>>>>>>>> ofbiz4.0. >>>>>>>>>>>> I don't think I follow the reason with OFBTOOLS base >>>>>>>>>>>> persmission >>>>>>>>>>>> not >>>>>>>>>>>> taking effect in the ofbiz-component as explained in >>>>>>>>>>>> OFBIZ-829. >>>>>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>>>>> "The right way is to assume no permission until one of >>>>>>>>>>>> the list >>>>>>>>>>>> of >>>>>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>>>>> -Milind >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> <preprocessor> >>>>>>>>>>>> <!-- Events to run on every request before security >>>>>>>>>>>> (chains >>>>>>>>>>>> exempt) --> >>>>>>>>>>>> <!-- <event type="java" >>>>>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>>>>> invoke="test"/> --> >>>>>>>>>>>> <event type="java" >>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>>>>> </preprocessor> >>>>>>>>>>>> >>>>>>>>>>>> <!-- Request Mappings --> >>>>>>>>>>>> >>>>>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>>>>> <description>Verify a user is logged in.</ >>>>>>>>>>>> description> >>>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>>> <event type="java" >>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>> invoke="checkLogin" /> >>>>>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>>>>> </request-map> >>>>>>>>>>>> >>>>>>>>>>>> <request-map uri="login"> >>>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>>> <event type="java" >>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>> invoke="login"/> >>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>>>>> </request-map> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>> <security https="false" auth="true" /> >>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>> </request-map> >>>>>>>>>>>> >>>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>>> page="component://marketing/widget/ >>>>>>>>>>>> CommonScreens.xml#login" /> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Not with a direct link to the comment where is the >>>>>>>>>>>>> explanation >>>>>>>>>>>>> ;p >>>>>>>>>>>>> Actually it was more a didactic post >>>>>>>>>>>>> >>>>>>>>>>>>> Jacques >>>>>>>>>>>>> >>>>>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>>>>> LOL >>>>>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> You would have get >>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Jacques >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>>>>> Subject: Re: how to set security and permissions >>>>>>>>>>>>>>> precedence >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with >>>>>>>>>>>>>>>> a user >>>>>>>>>>>>>>>> id >>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>>>>> I can see the application I created and the line >>>>>>>>>>>>>>>> seems to >>>>>>>>>>>>>>>> have >>>>>>>>>>>>>>>> no >>>>>>>>>>>>>>>> effect. >>>>>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>>>>> revision >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>>>>> I want to understand how security works so I made >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>>>>> I could still see the application I was assuming >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>>>>> How do permissions precedence work starting from >>>>>>>>>>>>>>>>>>>> the UI >>>>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing >>>>>>>>>>>>>>>>>>>> Request]: >>>>>>>>>>>>>>>>>>>> main >>>>>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .ofbiz >>>>>>>>>>>>>>>>>>>> .webapp >>>>>>>>>>>>>>>>>>>> .control >>>>>>>>>>>>>>>>>>>> .RequestManager >>>>>>>>>>>>>>>>>>>> .getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .ofbiz >>>>>>>>>>>>>>>>>>>> .webapp >>>>>>>>>>>>>>>>>>>> .event >>>>>>>>>>>>>>>>>>>> .EventFactory.loadEventHandler(EventFactory.java: >>>>>>>>>>>>>>>>>>>> 102) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .ofbiz >>>>>>>>>>>>>>>>>>>> .webapp >>>>>>>>>>>>>>>>>>>> .event >>>>>>>>>>>>>>>>>>>> .EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .ofbiz >>>>>>>>>>>>>>>>>>>> .webapp >>>>>>>>>>>>>>>>>>>> .control >>>>>>>>>>>>>>>>>>>> .RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .ofbiz >>>>>>>>>>>>>>>>>>>> .webapp >>>>>>>>>>>>>>>>>>>> .control >>>>>>>>>>>>>>>>>>>> .RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .ofbiz >>>>>>>>>>>>>>>>>>>> .webapp >>>>>>>>>>>>>>>>>>>> .control.ControlServlet.doGet(ControlServlet.java: >>>>>>>>>>>>>>>>>>>> 198) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> javax >>>>>>>>>>>>>>>>>>>> .servlet >>>>>>>>>>>>>>>>>>>> .http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>>>>> javax >>>>>>>>>>>>>>>>>>>> .servlet >>>>>>>>>>>>>>>>>>>> .http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .core >>>>>>>>>>>>>>>>>>>> .ApplicationFilterChain >>>>>>>>>>>>>>>>>>>> .internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .core >>>>>>>>>>>>>>>>>>>> .ApplicationFilterChain >>>>>>>>>>>>>>>>>>>> .doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .ofbiz >>>>>>>>>>>>>>>>>>>> .webapp >>>>>>>>>>>>>>>>>>>> .control >>>>>>>>>>>>>>>>>>>> .ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .core >>>>>>>>>>>>>>>>>>>> .ApplicationFilterChain >>>>>>>>>>>>>>>>>>>> .internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .core >>>>>>>>>>>>>>>>>>>> .ApplicationFilterChain >>>>>>>>>>>>>>>>>>>> .doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .core >>>>>>>>>>>>>>>>>>>> .StandardWrapperValve >>>>>>>>>>>>>>>>>>>> .invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .core >>>>>>>>>>>>>>>>>>>> .StandardContextValve >>>>>>>>>>>>>>>>>>>> .invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .core >>>>>>>>>>>>>>>>>>>> .StandardHostValve.invoke(StandardHostValve.java: >>>>>>>>>>>>>>>>>>>> 128) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .valves >>>>>>>>>>>>>>>>>>>> .ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .core >>>>>>>>>>>>>>>>>>>> .StandardEngineValve >>>>>>>>>>>>>>>>>>>> .invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .valves.AccessLogValve.invoke(AccessLogValve.java: >>>>>>>>>>>>>>>>>>>> 568) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .catalina >>>>>>>>>>>>>>>>>>>> .connector >>>>>>>>>>>>>>>>>>>> .CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org >>>>>>>>>>>>>>>>>>>> .apache >>>>>>>>>>>>>>>>>>>> .coyote >>>>>>>>>>>>>>>>>>>> .http11 >>>>>>>>>>>>>>>>>>>> .Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol >>>>>>>>>>>>>>>>>>>> $ >>>>>>>>>>>>>>>>>>>> Http11ConnectionHandler >>>>>>>>>>>>>>>>>>>> .process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint >>>>>>>>>>>>>>>>>>>> $Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/ >>>>>>>>>>>>>>>>>> security.php >>>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/ >>>>>>>>>>>>>>>>>> security.php >>>>>>>>> >>>>>>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>> >>> >>> >>> >>> >> >> > > |
In reply to this post by Milind W-2
I think the primary objective for all of us it so get to a level of
understanding that makes this a viable situation. widgets are the fastest way to do UI work. the Beauty is that if you change or add to a entity the screens update with no or little work. also extensive work has been done in the webtools to let you investigate the working in realtime. learning the mini language, for simple methods would be another important point. as the googlecheckout component shows. you can do a lot and never touch java. I have heard others say how they benefited from the videos, and others that say they did not. I can not attest either way. Again the ones that did not, are not here now, the ones that did are still part of the community and contributing. my main contribution is on the is mailing list. I figure the more people that know and contribute, the more benefit. I just hope to set a tone that others will adopt. Milind W sent the following on 8/4/2008 10:19 PM: > hi BJ, > That arrow left the quiver sooner then I would have liked. > But anyways as I said, I definitely agree that people who have written > this have every right to benefit and prosper from their effort, specially > after having given away most of it for free. > I sincerely hope that it happens so we can continue to use and benefit > from this framework. > My primary objective right now is trying to get to a point as quickly as I > can in developing real world applications. > Secondary objective would be to contribute whatever I can to the community > in the process. > So that said do you think the material > http://www.undersunconsulting.com/ecommerce/control/additem/main > is the fastest way know to man to get past the newbie stage? > Can anyone else weigh on this as well if they have have used these tutorials? > How relevant are they with the new versions of ofbiz? > Thanks > -Milind > > >> our documentation is community driven. >> and it has significantly grown in the last few years. >> the basics are hard to grasp for object, DB driven, programmers. >> so a lot of the learning is unlearning. >> I struggle with getting my mind around it for a few years. >> now it seem so clear. >> my dad use to say. >> everything cost time or money, sometimes both. >> so you ask why I stick with it. >> because of all the software out there this seemed the most likely to fit >> needs of my clients. >> the tutorials are free except for the advance stuff. >> open source does not necessarily mean free. >> it means you get the source. >> just like the years I spent developing the yahoo interface. >> I would like to get some of that back before everyone becomes my >> competitor. >> The people that made this possible have clients that funded the code and >> then allowed them to give it to the community. not the other way around. >> >> >> >> >> >> >> >> Milind W sent the following on 8/4/2008 8:46 PM: >>> hi BJ, >>> It is sad that there is no quick way to learn ofbiz (still). >>> What makes it more difficult is the part where you have to reverse >>> engineer the code or existing configuration to undesrtand how to do >>> things. >>> IMHO >>> 1)Reverse engineering and going through existing code has its place but >>> not as a newbie. >>> 2)The most basic features and capabilities should be easy to learn or at >>> least there should be tutorials for those ideally these should be free >>> for >>> something thats open source. >>> 3)I do understand that people who made this possible have every right to >>> benefit from this . >>> 3)I guess there are some but nothing that is free so looks like the >>> practical way to learn the framework is to spend 350$ and >>> >>>> this is where using the example, exampleext, and the >>>> wiki startup example will help. >>>> this is where ofbiz is different than opentaps. >>>> and the links to the information that has been give you in the past >>>> come >>>> into play. >>>> there is no quick way to learn ofbiz. >>>> :) >>>> error is saying the main decorator has not been defined in the web.xml >>>> parms. >>>> >>>> you should check you complete component against the framework/example. >>>> >>>> Milind W sent the following on 8/3/2008 11:07 PM: >>>>> I changed my controller to conform with the example controller.xml. >>>>> Now it does attempt to send me to the login screen but get the >>>>> following >>>>> error. >>>>> >>>>> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >>>>> [component://common/widget/CommonScreens.xml#login]: >>>>> java.lang.IllegalArgumentException: Could not find screen with name >>>>> [main-decorator] in the same file as the screen with name [login] >>>>> (Could >>>>> not find screen with name [main-decorator] in the same file as the >>>>> screen >>>>> with name [login]) >>>>> >>>>> Help! >>>>>> your controller does not conform to the current svn controllers. >>>>>> please review them. >>>>>> >>>>>> >>>>>> Milind W sent the following on 8/3/2008 5:35 PM: >>>>>>> I got the updated files. >>>>>>> Did ant clean and then a new build. >>>>>>> I still see the SAME behavior described in my previous email. >>>>>>> I am attaching my controller.xml >>>>>>> >>>>>>>> here is the fix >>>>>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>>>>> >>>>>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>>>>> Just tried "ant clean" it made no difference. >>>>>>>>> I can proceed to main without being redirected to login with >>>>>>>>> rev#679258. >>>>>>>>> >>>>>>>>> >>>>>>>>> Relevant log for rev#679258 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: >>>>>>>>> Response >>>>>>>>> is >>>>>>>>> a >>>>>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>>> UtilJ2eeCompat.java:69 >>>>>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>>> UtilJ2eeCompat.java:78 >>>>>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>>>>> text >>>>>>>>> out >>>>>>>>> instead of response.getOutputStream >>>>>>>>> >>>>>>>>> and with rev#677863 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: >>>>>>>>> Response >>>>>>>>> is >>>>>>>>> a >>>>>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>>>>> response.getWriter to write text out instead of >>>>>>>>> response.getOutputStream >>>>>>>>> >>>>>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>>>>> rev#679258. >>>>>>>>> Any Idea? >>>>>>>>> >>>>>>>>>> Did you try an "ant clean" ? There have been some changes >>>>>>>>>> recently >>>>>>>>>> that >>>>>>>>>> implie this cleanup. >>>>>>>>>> >>>>>>>>>> Jacques >>>>>>>>>> >>>>>>>>>> From: "Milind W" <[hidden email]> >>>>>>>>>>> Looks like I have a problem making this example work with >>>>>>>>>>> revision#679258 >>>>>>>>>>> >>>>>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>>>>> could >>>>>>>>>>> get >>>>>>>>>>> to >>>>>>>>>>> main) with rev#677863 >>>>>>>>>>> >>>>>>>>>>> Looks like the view >>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>>>>> no >>>>>>>>>>> longer >>>>>>>>>>> seem to have the 'login' screen. >>>>>>>>>>> >>>>>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>>>>> another >>>>>>>>>>> one >>>>>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>>>>> point >>>>>>>>>>> to >>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>>>>> but it is no acting the same as previously. >>>>>>>>>>> >>>>>>>>>>> Please let me know what is missing (or any suggestion how best >>>>>>>>>>> to >>>>>>>>>>> illustrate login) so I can complete and contribute my tutorial >>>>>>>>>>> for >>>>>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>>>>> specific >>>>>>>>>>> build. >>>>>>>>>>> >>>>>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> -Milind >>>>>>>>>>> >>>>>>>>>>>> hi, >>>>>>>>>>>> I got login to work by adding the changes below to my >>>>>>>>>>>> controller >>>>>>>>>>>> using >>>>>>>>>>>> ofbiz4.0. >>>>>>>>>>>> I don't think I follow the reason with OFBTOOLS base >>>>>>>>>>>> persmission >>>>>>>>>>>> not >>>>>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>>>>> of >>>>>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>>>>> -Milind >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> <preprocessor> >>>>>>>>>>>> <!-- Events to run on every request before security >>>>>>>>>>>> (chains >>>>>>>>>>>> exempt) --> >>>>>>>>>>>> <!-- <event type="java" >>>>>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>>>>> invoke="test"/> --> >>>>>>>>>>>> <event type="java" >>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>>>>> </preprocessor> >>>>>>>>>>>> >>>>>>>>>>>> <!-- Request Mappings --> >>>>>>>>>>>> >>>>>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>>> <event type="java" >>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>> invoke="checkLogin" /> >>>>>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>>>>> </request-map> >>>>>>>>>>>> >>>>>>>>>>>> <request-map uri="login"> >>>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>>> <event type="java" >>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>> invoke="login"/> >>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>>>>> </request-map> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>> <security https="false" auth="true" /> >>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>> </request-map> >>>>>>>>>>>> >>>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>>>>> ;p >>>>>>>>>>>>> Actually it was more a didactic post >>>>>>>>>>>>> >>>>>>>>>>>>> Jacques >>>>>>>>>>>>> >>>>>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>>>>> LOL >>>>>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> You would have get >>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Jacques >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>>>>> id >>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>>>>> have >>>>>>>>>>>>>>>> no >>>>>>>>>>>>>>>> effect. >>>>>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>>>>> revision >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: >>>>>>>>>>>>>>>>>>>> main >>>>>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>> >>>>> >>>>> >>>>> >>> >>> >>> >>> >> > > > > > |
Administrator
|
In reply to this post by Milind W-2
From: "David E Jones" <[hidden email]>
> > On Aug 4, 2008, at 11:19 PM, Milind W wrote: > >> hi BJ, >> That arrow left the quiver sooner then I would have liked. >> But anyways as I said, I definitely agree that people who have written >> this have every right to benefit and prosper from their effort, specially >> after having given away most of it for free. > > Are you referring to the framework training videos? Please... there's no money there. We've barely recovered the creation expense > on those, and the transcript is even available for free now (and has been for months, and it was announced, and we requested > help doing something with this, and nothing has been done): Correction Sir : nothing has been done yet (and atcually is not even true as I recently used some transcrition snippets somewhere I don't remember from the top of my head :o) > http://docs.ofbiz.org/display/OFBTECH/Advanced+Framework+Transcription+Work+Plan > >> I sincerely hope that it happens so we can continue to use and benefit >> from this framework. I continue to hope to find some time to use this invaluable source of knowledge to at least enhance XSD files annotations/documentation as I done precedently to minilang. Everybody is welcome to help... Jacques >> My primary objective right now is trying to get to a point as quickly as I >> can in developing real world applications. > > The best thing you can do for your own benefit is to get involved with the community. Would you expect to learn SAP overnight? Or > even something like ATG or Blue Martini on the ecommerce side? > >> Secondary objective would be to contribute whatever I can to the community >> in the process. > > Please understand that the attitude and priorities you've just admitted to are the greatest hinderance to the community and how > much you can benefit from it. > > -David > > >> So that said do you think the material >> http://www.undersunconsulting.com/ecommerce/control/additem/main >> is the fastest way know to man to get past the newbie stage? >> Can anyone else weigh on this as well if they have have used these tutorials? >> How relevant are they with the new versions of ofbiz? >> Thanks >> -Milind >> >> >>> our documentation is community driven. >>> and it has significantly grown in the last few years. >>> the basics are hard to grasp for object, DB driven, programmers. >>> so a lot of the learning is unlearning. >>> I struggle with getting my mind around it for a few years. >>> now it seem so clear. >>> my dad use to say. >>> everything cost time or money, sometimes both. >>> so you ask why I stick with it. >>> because of all the software out there this seemed the most likely to fit >>> needs of my clients. >>> the tutorials are free except for the advance stuff. >>> open source does not necessarily mean free. >>> it means you get the source. >>> just like the years I spent developing the yahoo interface. >>> I would like to get some of that back before everyone becomes my >>> competitor. >>> The people that made this possible have clients that funded the code and >>> then allowed them to give it to the community. not the other way around. >>> >>> >>> >>> >>> >>> >>> >>> Milind W sent the following on 8/4/2008 8:46 PM: >>>> hi BJ, >>>> It is sad that there is no quick way to learn ofbiz (still). >>>> What makes it more difficult is the part where you have to reverse >>>> engineer the code or existing configuration to undesrtand how to do >>>> things. >>>> IMHO >>>> 1)Reverse engineering and going through existing code has its place but >>>> not as a newbie. >>>> 2)The most basic features and capabilities should be easy to learn or at >>>> least there should be tutorials for those ideally these should be free >>>> for >>>> something thats open source. >>>> 3)I do understand that people who made this possible have every right to >>>> benefit from this . >>>> 3)I guess there are some but nothing that is free so looks like the >>>> practical way to learn the framework is to spend 350$ and >>>> >>>>> this is where using the example, exampleext, and the >>>>> wiki startup example will help. >>>>> this is where ofbiz is different than opentaps. >>>>> and the links to the information that has been give you in the past >>>>> come >>>>> into play. >>>>> there is no quick way to learn ofbiz. >>>>> :) >>>>> error is saying the main decorator has not been defined in the web.xml >>>>> parms. >>>>> >>>>> you should check you complete component against the framework/ example. >>>>> >>>>> Milind W sent the following on 8/3/2008 11:07 PM: >>>>>> I changed my controller to conform with the example controller.xml. >>>>>> Now it does attempt to send me to the login screen but get the >>>>>> following >>>>>> error. >>>>>> >>>>>> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >>>>>> [component://common/widget/CommonScreens.xml#login]: >>>>>> java.lang.IllegalArgumentException: Could not find screen with name >>>>>> [main-decorator] in the same file as the screen with name [login] >>>>>> (Could >>>>>> not find screen with name [main-decorator] in the same file as the >>>>>> screen >>>>>> with name [login]) >>>>>> >>>>>> Help! >>>>>>> your controller does not conform to the current svn controllers. >>>>>>> please review them. >>>>>>> >>>>>>> >>>>>>> Milind W sent the following on 8/3/2008 5:35 PM: >>>>>>>> I got the updated files. >>>>>>>> Did ant clean and then a new build. >>>>>>>> I still see the SAME behavior described in my previous email. >>>>>>>> I am attaching my controller.xml >>>>>>>> >>>>>>>>> here is the fix >>>>>>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>>>>>> >>>>>>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>>>>>> Just tried "ant clean" it made no difference. >>>>>>>>>> I can proceed to main without being redirected to login with >>>>>>>>>> rev#679258. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Relevant log for rev#679258 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: >>>>>>>>>> Response >>>>>>>>>> is >>>>>>>>>> a >>>>>>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>>>> UtilJ2eeCompat.java:69 >>>>>>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>>>> UtilJ2eeCompat.java:78 >>>>>>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>>>>>> text >>>>>>>>>> out >>>>>>>>>> instead of response.getOutputStream >>>>>>>>>> >>>>>>>>>> and with rev#677863 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: >>>>>>>>>> Response >>>>>>>>>> is >>>>>>>>>> a >>>>>>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/ 5.5.20 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>>>>>> response.getWriter to write text out instead of >>>>>>>>>> response.getOutputStream >>>>>>>>>> >>>>>>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>>>>>> rev#679258. >>>>>>>>>> Any Idea? >>>>>>>>>> >>>>>>>>>>> Did you try an "ant clean" ? There have been some changes >>>>>>>>>>> recently >>>>>>>>>>> that >>>>>>>>>>> implie this cleanup. >>>>>>>>>>> >>>>>>>>>>> Jacques >>>>>>>>>>> >>>>>>>>>>> From: "Milind W" <[hidden email]> >>>>>>>>>>>> Looks like I have a problem making this example work with >>>>>>>>>>>> revision#679258 >>>>>>>>>>>> >>>>>>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>>>>>> could >>>>>>>>>>>> get >>>>>>>>>>>> to >>>>>>>>>>>> main) with rev#677863 >>>>>>>>>>>> >>>>>>>>>>>> Looks like the view >>>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>>> page="component://marketing/widget/ CommonScreens.xml#login" /> >>>>>>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>>>>>> no >>>>>>>>>>>> longer >>>>>>>>>>>> seem to have the 'login' screen. >>>>>>>>>>>> >>>>>>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>>>>>> another >>>>>>>>>>>> one >>>>>>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>>>>>> point >>>>>>>>>>>> to >>>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>>>>>> but it is no acting the same as previously. >>>>>>>>>>>> >>>>>>>>>>>> Please let me know what is missing (or any suggestion how best >>>>>>>>>>>> to >>>>>>>>>>>> illustrate login) so I can complete and contribute my tutorial >>>>>>>>>>>> for >>>>>>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>>>>>> specific >>>>>>>>>>>> build. >>>>>>>>>>>> >>>>>>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind %20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> -Milind >>>>>>>>>>>> >>>>>>>>>>>>> hi, >>>>>>>>>>>>> I got login to work by adding the changes below to my >>>>>>>>>>>>> controller >>>>>>>>>>>>> using >>>>>>>>>>>>> ofbiz4.0. >>>>>>>>>>>>> I don't think I follow the reason with OFBTOOLS base >>>>>>>>>>>>> persmission >>>>>>>>>>>>> not >>>>>>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>>>>>> of >>>>>>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>>>>>> -Milind >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> <preprocessor> >>>>>>>>>>>>> <!-- Events to run on every request before security >>>>>>>>>>>>> (chains >>>>>>>>>>>>> exempt) --> >>>>>>>>>>>>> <!-- <event type="java" >>>>>>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>>>>>> invoke="test"/> --> >>>>>>>>>>>>> <event type="java" >>>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>>>>>> </preprocessor> >>>>>>>>>>>>> >>>>>>>>>>>>> <!-- Request Mappings --> >>>>>>>>>>>>> >>>>>>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>>>>>> <description>Verify a user is logged in.</ description> >>>>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>>>> <event type="java" >>>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>>> invoke="checkLogin" /> >>>>>>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>>>>>> </request-map> >>>>>>>>>>>>> >>>>>>>>>>>>> <request-map uri="login"> >>>>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>>>> <event type="java" >>>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>>> invoke="login"/> >>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>>>>>> </request-map> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>> <security https="false" auth="true" /> >>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>> </request-map> >>>>>>>>>>>>> >>>>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>>>> page="component://marketing/widget/ CommonScreens.xml#login" /> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>>>>>> ;p >>>>>>>>>>>>>> Actually it was more a didactic post >>>>>>>>>>>>>> >>>>>>>>>>>>>> Jacques >>>>>>>>>>>>>> >>>>>>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>>>>>> LOL >>>>>>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> You would have get >>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Jacques >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>>>>>> id >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>>>>>> have >>>>>>>>>>>>>>>>> no >>>>>>>>>>>>>>>>> effect. >>>>>>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>>>>>> revision >>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: >>>>>>>>>>>>>>>>>>>>> main >>>>>>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>>>>>> org .ofbiz .webapp .control .RequestManager .getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .ofbiz .webapp .event .EventFactory.loadEventHandler(EventFactory.java: 102) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .ofbiz .webapp .event .EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .ofbiz .webapp .control .RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .ofbiz .webapp .control .RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .ofbiz .webapp .control.ControlServlet.doGet(ControlServlet.java: 198) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> javax .servlet .http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>>>>>> javax .servlet .http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .core .ApplicationFilterChain .internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .core .ApplicationFilterChain .doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .ofbiz .webapp .control .ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .core .ApplicationFilterChain .internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .core .ApplicationFilterChain .doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .core .StandardWrapperValve .invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .core .StandardContextValve .invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .core .StandardHostValve.invoke(StandardHostValve.java: 128) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .valves .ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .core .StandardEngineValve .invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .valves.AccessLogValve.invoke(AccessLogValve.java: 568) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .catalina .connector .CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org .apache .coyote .http11 .Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol $ Http11ConnectionHandler .process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint $Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/ security.php >>>>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/ security.php >>>>>>>>>> >>>>>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >> >> > |
Administrator
|
In reply to this post by Milind W-2
From: "BJ Freeman" <[hidden email]>
> I have heard others say how they benefited from the videos, and others > that say they did not. > I can not attest either way. > Again the ones that did not, are not here now, the ones that did are > still part of the community and contributing. > > my main contribution is on the is mailing list. I figure the more people > that know and contribute, the more benefit. I just hope to set a tone > that others will adopt. There are 2 kind of videos, . Seminar, most are old now and of little value, but could be still interesting on some aspects, mostly the more recent. . Advanced Framework which are fairly recent and anyway fundamental (ie not much sensitive to changes). If you don't want to spend money you could use only the Advanced Framework Transcription http://docs.ofbiz.org/pages/viewpageattachments.action?pageId=4369 (at least to evaluate your need) or wait video to be freely available. But IMHO they are a very valuable source of multiple informations : a course is not a book (especially if it's courses transcription). Note that I do not earn anything from these videos done by David. I bought them when they were published and I don't regret my investment, in time and money ! Note also that the minilang documentation (available from auto-completion feature of XML editor) I did last year is mostly coming from this source... Jacques |
In reply to this post by David E Jones
david my only reluctance to do anything the requires words is I am
terrible, do to my dyslexia. howerver if someone does not mind proof reading I will be glad to assist. David E Jones sent the following on 8/4/2008 11:00 PM: > > On Aug 4, 2008, at 11:19 PM, Milind W wrote: > >> hi BJ, >> That arrow left the quiver sooner then I would have liked. >> But anyways as I said, I definitely agree that people who have written >> this have every right to benefit and prosper from their effort, specially >> after having given away most of it for free. > > Are you referring to the framework training videos? Please... there's no > money there. We've barely recovered the creation expense on those, and > the transcript is even available for free now (and has been for months, > and it was announced, and we requested help doing something with this, > and nothing has been done): > > http://docs.ofbiz.org/display/OFBTECH/Advanced+Framework+Transcription+Work+Plan > > >> I sincerely hope that it happens so we can continue to use and benefit >> from this framework. >> My primary objective right now is trying to get to a point as quickly >> as I >> can in developing real world applications. > > The best thing you can do for your own benefit is to get involved with > the community. Would you expect to learn SAP overnight? Or even > something like ATG or Blue Martini on the ecommerce side? > >> Secondary objective would be to contribute whatever I can to the >> community >> in the process. > > Please understand that the attitude and priorities you've just admitted > to are the greatest hinderance to the community and how much you can > benefit from it. > > -David > > >> So that said do you think the material >> http://www.undersunconsulting.com/ecommerce/control/additem/main >> is the fastest way know to man to get past the newbie stage? >> Can anyone else weigh on this as well if they have have used these >> tutorials? >> How relevant are they with the new versions of ofbiz? >> Thanks >> -Milind >> >> >>> our documentation is community driven. >>> and it has significantly grown in the last few years. >>> the basics are hard to grasp for object, DB driven, programmers. >>> so a lot of the learning is unlearning. >>> I struggle with getting my mind around it for a few years. >>> now it seem so clear. >>> my dad use to say. >>> everything cost time or money, sometimes both. >>> so you ask why I stick with it. >>> because of all the software out there this seemed the most likely to fit >>> needs of my clients. >>> the tutorials are free except for the advance stuff. >>> open source does not necessarily mean free. >>> it means you get the source. >>> just like the years I spent developing the yahoo interface. >>> I would like to get some of that back before everyone becomes my >>> competitor. >>> The people that made this possible have clients that funded the code and >>> then allowed them to give it to the community. not the other way around. >>> >>> >>> >>> >>> >>> >>> >>> Milind W sent the following on 8/4/2008 8:46 PM: >>>> hi BJ, >>>> It is sad that there is no quick way to learn ofbiz (still). >>>> What makes it more difficult is the part where you have to reverse >>>> engineer the code or existing configuration to undesrtand how to do >>>> things. >>>> IMHO >>>> 1)Reverse engineering and going through existing code has its place but >>>> not as a newbie. >>>> 2)The most basic features and capabilities should be easy to learn >>>> or at >>>> least there should be tutorials for those ideally these should be free >>>> for >>>> something thats open source. >>>> 3)I do understand that people who made this possible have every >>>> right to >>>> benefit from this . >>>> 3)I guess there are some but nothing that is free so looks like the >>>> practical way to learn the framework is to spend 350$ and >>>> >>>>> this is where using the example, exampleext, and the >>>>> wiki startup example will help. >>>>> this is where ofbiz is different than opentaps. >>>>> and the links to the information that has been give you in the past >>>>> come >>>>> into play. >>>>> there is no quick way to learn ofbiz. >>>>> :) >>>>> error is saying the main decorator has not been defined in the web.xml >>>>> parms. >>>>> >>>>> you should check you complete component against the framework/example. >>>>> >>>>> Milind W sent the following on 8/3/2008 11:07 PM: >>>>>> I changed my controller to conform with the example controller.xml. >>>>>> Now it does attempt to send me to the login screen but get the >>>>>> following >>>>>> error. >>>>>> >>>>>> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >>>>>> [component://common/widget/CommonScreens.xml#login]: >>>>>> java.lang.IllegalArgumentException: Could not find screen with name >>>>>> [main-decorator] in the same file as the screen with name [login] >>>>>> (Could >>>>>> not find screen with name [main-decorator] in the same file as the >>>>>> screen >>>>>> with name [login]) >>>>>> >>>>>> Help! >>>>>>> your controller does not conform to the current svn controllers. >>>>>>> please review them. >>>>>>> >>>>>>> >>>>>>> Milind W sent the following on 8/3/2008 5:35 PM: >>>>>>>> I got the updated files. >>>>>>>> Did ant clean and then a new build. >>>>>>>> I still see the SAME behavior described in my previous email. >>>>>>>> I am attaching my controller.xml >>>>>>>> >>>>>>>>> here is the fix >>>>>>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>>>>>> >>>>>>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>>>>>> Just tried "ant clean" it made no difference. >>>>>>>>>> I can proceed to main without being redirected to login with >>>>>>>>>> rev#679258. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Relevant log for rev#679258 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: >>>>>>>>>> Response >>>>>>>>>> is >>>>>>>>>> a >>>>>>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>>>> UtilJ2eeCompat.java:69 >>>>>>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>>>>> UtilJ2eeCompat.java:78 >>>>>>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>>>>>> text >>>>>>>>>> out >>>>>>>>>> instead of response.getOutputStream >>>>>>>>>> >>>>>>>>>> and with rev#677863 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: >>>>>>>>>> Response >>>>>>>>>> is >>>>>>>>>> a >>>>>>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>>>>>> response.getWriter to write text out instead of >>>>>>>>>> response.getOutputStream >>>>>>>>>> >>>>>>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>>>>>> rev#679258. >>>>>>>>>> Any Idea? >>>>>>>>>> >>>>>>>>>>> Did you try an "ant clean" ? There have been some changes >>>>>>>>>>> recently >>>>>>>>>>> that >>>>>>>>>>> implie this cleanup. >>>>>>>>>>> >>>>>>>>>>> Jacques >>>>>>>>>>> >>>>>>>>>>> From: "Milind W" <[hidden email]> >>>>>>>>>>>> Looks like I have a problem making this example work with >>>>>>>>>>>> revision#679258 >>>>>>>>>>>> >>>>>>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>>>>>> could >>>>>>>>>>>> get >>>>>>>>>>>> to >>>>>>>>>>>> main) with rev#677863 >>>>>>>>>>>> >>>>>>>>>>>> Looks like the view >>>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>>>> is part of the problem. The CommonScreens.xml has moved and >>>>>>>>>>>> does >>>>>>>>>>>> no >>>>>>>>>>>> longer >>>>>>>>>>>> seem to have the 'login' screen. >>>>>>>>>>>> >>>>>>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>>>>>> another >>>>>>>>>>>> one >>>>>>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>>>>>> point >>>>>>>>>>>> to >>>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>>>>>> but it is no acting the same as previously. >>>>>>>>>>>> >>>>>>>>>>>> Please let me know what is missing (or any suggestion how best >>>>>>>>>>>> to >>>>>>>>>>>> illustrate login) so I can complete and contribute my tutorial >>>>>>>>>>>> for >>>>>>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>>>>>> specific >>>>>>>>>>>> build. >>>>>>>>>>>> >>>>>>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> -Milind >>>>>>>>>>>> >>>>>>>>>>>>> hi, >>>>>>>>>>>>> I got login to work by adding the changes below to my >>>>>>>>>>>>> controller >>>>>>>>>>>>> using >>>>>>>>>>>>> ofbiz4.0. >>>>>>>>>>>>> I don't think I follow the reason with OFBTOOLS base >>>>>>>>>>>>> persmission >>>>>>>>>>>>> not >>>>>>>>>>>>> taking effect in the ofbiz-component as explained in >>>>>>>>>>>>> OFBIZ-829. >>>>>>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>>>>>> "The right way is to assume no permission until one of the >>>>>>>>>>>>> list >>>>>>>>>>>>> of >>>>>>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>>>>>> -Milind >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> <preprocessor> >>>>>>>>>>>>> <!-- Events to run on every request before security >>>>>>>>>>>>> (chains >>>>>>>>>>>>> exempt) --> >>>>>>>>>>>>> <!-- <event type="java" >>>>>>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>>>>>> invoke="test"/> --> >>>>>>>>>>>>> <event type="java" >>>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>>>>>> </preprocessor> >>>>>>>>>>>>> >>>>>>>>>>>>> <!-- Request Mappings --> >>>>>>>>>>>>> >>>>>>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>>>> <event type="java" >>>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>>> invoke="checkLogin" /> >>>>>>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>>>>>> </request-map> >>>>>>>>>>>>> >>>>>>>>>>>>> <request-map uri="login"> >>>>>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>>>>> <event type="java" >>>>>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>>>>> invoke="login"/> >>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>>>>>> </request-map> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>> <security https="false" auth="true" /> >>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>> </request-map> >>>>>>>>>>>>> >>>>>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> Not with a direct link to the comment where is the >>>>>>>>>>>>>> explanation >>>>>>>>>>>>>> ;p >>>>>>>>>>>>>> Actually it was more a didactic post >>>>>>>>>>>>>> >>>>>>>>>>>>>> Jacques >>>>>>>>>>>>>> >>>>>>>>>>>>>> From: "BJ Freeman" <[hidden email]> >>>>>>>>>>>>>>> LOL >>>>>>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> You would have get >>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Jacques >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>>>>>> <[hidden email]> >>>>>>>>>>>>>>>> To: <[hidden email]> >>>>>>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a >>>>>>>>>>>>>>>>> user >>>>>>>>>>>>>>>>> id >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>>>>>> have >>>>>>>>>>>>>>>>> no >>>>>>>>>>>>>>>>> effect. >>>>>>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>>>>>> revision >>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>>>>>> How do permissions precedence work starting from >>>>>>>>>>>>>>>>>>>>> the UI >>>>>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: >>>>>>>>>>>>>>>>>>>>> main >>>>>>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>> >>>>>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >> >> > > > > |
Free forum by Nabble | Edit this page |