Re: How to create our own GroupId in securityGroup Entity with multiple user permissions
Hi Mahi, I tried to import your provided data and was able to load it. Can you please look into the console and share the error message with us? Also, please review the space from location="data/ SecurityPermissionSeedData.xml". Regards, Pawan On Mon, Aug 21, 2023 at 12:39 AM Mahi maheshwari wrote: > Hello Community, > > I was trying to insert data into SecurityGroup Entity using a > SecurityPermissionSeedData.xml file. > I found the group Id = "Super" in the SecurityGroup Entity, the same way I > want to create my own multiple group Ids in the SecurityGroup Entity with > different permissions using .xml. > I want to create a unique group Id for each module with different > permissions. > I tried the below code but it's not working, only securityPermission is > working. > I'm sharing an example below for you to look over. > > *example: * > SecurityPermissionSeedData.xml > *steps I Followed *: > step-1) I tried to create permission using the below code > > permissionId="MODULE_PRODCUTORDER_VIEW"/> > > step-2) after creating permission I tried to create a securityGroup using > the below code > > > > step-3) After creating the securityGroup I tried to add permissions to > securityGroup. > groupId="PRODUCTORDER_USER" permissionId="MODULE_PRODCUTORDER_VIEW"/> > > step-4) configured SecurityGroupSeedData.xml in OfbizComponent.xml > using the below code > location="data/ SecurityPermissionSeedData.xml"/> > > data is getting stored in SecurityPermission Entity but data is not > storing in SecurityGroupPermission Entity and SecurityGroup Entity. > > please guide me on where I'm going wrong. > I'm also attaching the screenshot for you to have a look at. > > Thank you, > Maheshwari. > > >
How to create our own GroupId in securityGroup Entity with multiple user permissions
Hello Community, I was trying to insert data into SecurityGroup Entity using a SecurityPermissionSeedData.xml file. I found the group Id = "Super" in the SecurityGroup Entity, the same way I want to create my own multiple group Ids in the SecurityGroup Entity with different permissions using .xml. I want to create a unique group Id for each module with different permissions. I tried the below code but it's not working, only securityPermission is working. I'm sharing an example below for you to look over. *example: * SecurityPermissionSeedData.xml *steps I Followed *: step-1) I tried to create permission using the below code step-2) after creating permission I tried to create a securityGroup using the below code step-3) After creating the securityGroup I tried to add permissions to securityGroup. step-4) configured SecurityGroupSeedData.xml in OfbizComponent.xml using the below code data is getting stored in SecurityPermission Entity but data is not storing in SecurityGroupPermission Entity and SecurityGroup Entity. please guide me on where I'm going wrong. I'm also attaching the screenshot for you to have a look at. Thank you, Maheshwari.
Re: how to add multiple .ftl files in screen.xml based on user permissions using if else conditions
One way of doing that is to have a structure like One permission="XERUS_ASSETMAINTENANCE" action="_VIEW"/> two default That is not elegant. Another way I prefer is to have a script that define the screen to render like :
Re: how to add multiple .ftl files in screen.xml based on user permissions using if else conditions
Thanks for the response Gil, But I was asking for applying multiple
conditions as mentioned below
${uiLabelMap.XerusViewPermissionError}
You are not allowed to view this page.
but this is not working as I expected, please guide me if anywhere I'm
going wrong.
Best Regards,
Maheshwari.
On Tue, Apr 11, 2023 at 12:52 PM Gil Portenseigne <
gil.portensei...@nereide.fr> wrote:
> Hello Mahi,
>
> You can find multiple examples in the code base looking for :
> ``
>
> One of :
>
>
>
> service-name="workEffortGenericPermission" main-action="VIEW"/>
>
>
>
> location="component://workeffort/template/task/MyTasks.ftl"/>
>
>
> style="h3">${uiLabelMap.WorkEffortViewPermissionError}
>
>
>
> If condition is true, widgets will display, else that will be fail-widgets
>
> Regards
>
> Gil
>
> Le 11/04/2023 à 09:08, Mahi maheshwari a écrit :
> > Hello Community,
> >
> > I want to add .ftl files in screens.xml for multiple users based on a few
> > conditions if there are multiple users named production user and quality
> > user and other users, so for this users if I want to give permission for
> > viewing any .ftl files, how can I do it.
> >
> > *for instance*, if production_user has permission to view only the
> > production module then render production.ftl , if quality_user has
> > permission to view only the quality module then render quality.ftl and if
> > assets_user has permission to view the assets module then render
> > assetmaint.ftl.
> > I want to give conditions like if else in one tag in screens.xml
> >
> > *example: *
> > in widgets/screens.xml
> >
> > if(User has Production_View permission)
> > then
> > >
> location="component://xerus/webapp/xerus/crud/ProductionView.ftl"/>
> > else if(User has AssetMaintaince_View permission)
> > then
> > > location="component://xerus/webapp/xerus/crud/ListOfAssets.ftl"/>
> > else if(User has Quality_View permission)
> > then
> > >
> location="component://xerus/webapp/xerus/crud/QualityMainPage.ftl"/>
> > else
> > > location="component://xerus/webapp/xerus/crud/NoPermission.ftl"/>
> > END of if
> >
> >
> > please let me know how can I achieve this.
> >
> >
> > Best Regards,
> > Maheshwari.
> >
>
Re: how to add multiple .ftl files in screen.xml based on user permissions using if else conditions
Hello Mahi,
You can find multiple examples in the code base looking for :
``
One of :
service-name="workEffortGenericPermission" main-action="VIEW"/>
location="component://workeffort/template/task/MyTasks.ftl"/>
style="h3">${uiLabelMap.WorkEffortViewPermissionError}
If condition is true, widgets will display, else that will be fail-widgets
Regards
Gil
Le 11/04/2023 à 09:08, Mahi maheshwari a écrit :
Hello Community,
I want to add .ftl files in screens.xml for multiple users based on a few
conditions if there are multiple users named production user and quality
user and other users, so for this users if I want to give permission for
viewing any .ftl files, how can I do it.
*for instance*, if production_user has permission to view only the
production module then render production.ftl , if quality_user has
permission to view only the quality module then render quality.ftl and if
assets_user has permission to view the assets module then render
assetmaint.ftl.
I want to give conditions like if else in one tag in screens.xml
*example: *
in widgets/screens.xml
if(User has Production_View permission)
then
else if(User has AssetMaintaince_View permission)
then
else if(User has Quality_View permission)
then
else
END of if
please let me know how can I achieve this.
Best Regards,
Maheshwari.
how to add multiple .ftl files in screen.xml based on user permissions using if else conditions
Hello Community, I want to add .ftl files in screens.xml for multiple users based on a few conditions if there are multiple users named production user and quality user and other users, so for this users if I want to give permission for viewing any .ftl files, how can I do it. *for instance*, if production_user has permission to view only the production module then render production.ftl , if quality_user has permission to view only the quality module then render quality.ftl and if assets_user has permission to view the assets module then render assetmaint.ftl. I want to give conditions like if else in one tag in screens.xml *example: * in widgets/screens.xml if(User has Production_View permission) then else if(User has AssetMaintaince_View permission) then else if(User has Quality_View permission) then else END of if please let me know how can I achieve this. Best Regards, Maheshwari.
Re: Permissions Profiling
Hi Ryan, Maybe just a simple find + grep would do the trick. On Mar 31, 2017 2:24 AM, "Ryan Moriarty" <ryan.moria...@ableengineering.com> wrote: I've been asked to do a review of user permissions in our OFBiz installation. Is there any good method (besides searching through the code base one-by-one) of determining what services and screens a user has access to, given a certain SecurityPermission? Perhaps XPath queries against service definitions and implementations? If anyone else has done this and has ideas, I would appreciate the input.
Re: Permissions Profiling
Heck, I'd appreciate a table to that effect within the wiki. Just saying. On 17-03-30 04:23 PM, Ryan Moriarty wrote: I've been asked to do a review of user permissions in our OFBiz installation. Is there any good method (besides searching through the code base one-by-one) of determining what services and screens a user has access to, given a certain SecurityPermission? Perhaps XPath queries against service definitions and implementations? If anyone else has done this and has ideas, I would appreciate the input.
Permissions Profiling
I've been asked to do a review of user permissions in our OFBiz installation. Is there any good method (besides searching through the code base one-by-one) of determining what services and screens a user has access to, given a certain SecurityPermission? Perhaps XPath queries against service definitions and implementations? If anyone else has done this and has ideas, I would appreciate the input.
Temporary Adjustment to OFBiz Jira Permissions
Hi I'm re-posting a message I sent as it looks like it didnt get through to the mailing lists. -- Hi Everyone I'm posting this to both user and dev mailing lists. The ASF had a big spam attack on Jira yesterday so have temporarily adjusted the default permissions on Jira. This means that those of you who are in the default Jira users group will not be able to create or comment on Jira issues. People with ICLA's filed and are in the Contributors or Committers groups wont have any problems. The infra team are working on it and hope to have it resolved soon. In the meantime, I will take a look through the latest Jira activity for OFBiz and start adding users into a temporary group that has the correct access. I may not be able to identify everyone so if you are having problems creating or commenting on Jira issues then please let me know and I will add you to the temporary group. Thanks Sharan -- View this message in context: http://ofbiz.135035.n4.nabble.com/Temporary-Adjustment-to-OFBiz-Jira-Permissions-tp4679884.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Temporary Adjustment to OFBiz Jira Permissions
Hi Everyone I'm posting this to both user and dev mailing lists. The ASF had a big spam attack on Jira yesterday so have temporarily adjusted the default permissions on Jira. This means that those of you who are in the default Jira users group will not be able to create or comment on Jira issues. People with ICLA's filed and are in the Contributors or Committers groups wont have any problems. The infra team are working on it and hope to have it resolved soon. In the meantime, I will take a look through the latest Jira activity for OFBiz and start adding users into a temporary group that has the correct access. I may not be able to identify everyone so if you are having problems creating or commenting on Jira issues then please let me know and I will add you to the temporary group. Thanks Sharan
Re: Permissions and the Service Engine
Le 21/06/2015 17:26, Brad Smith a écrit :
OK, thanks Jacques. I will continue on with examples I can do.
The Safari version doesn't have page numbers because each chapter has it's
own entire page, but the example I gave was in Chapter 8, under section
The Generic Screen. But as I said, it's just one example. On the Safari
version it crops up in almost every example where there's a URI or URL, so
maybe there's an issue with the conversion from original format to Safari
format. Anyway, just thought I'd raise it.
It seems that when Packt published the book they (could be an author's decision) decided to put an empty space after a parameter when used in an URL
like in
{OFBizInstallFolder} \runtime\logs
But plain URLs have not this.
Jacques
On 21 June 2015 at 16:58, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 20/06/2015 12:04, Brad Smith a écrit :
Gentlemen,
Good news. I made the recommended underscore change and both the
check-permission permission=LEARN action=_VIEW/ and
check-permission
permission=LEARN action=_ADMIN/
examples worked. Thanks for that!
However, in the next example under the Role Checks section, I hit a new
problem.
I changed my service definition to look like
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The
Controller/description
required-permissions join-type=OR
check-role-member role-type=CUSTOMER/
/required-permissions
implements service=learningInterface/
/service
In ModelPermission.java I also commented out
partyRoles = EntityUtil.filterByDate(partyRoles);
which is now on line 109, and rebuilt.
I tried with line 109 both commented and uncommented, but in neither case
was either 'allowed' or 'denied' able to invoke the service.
Any suggestions?
Forget about check-role-member, it's deprecated, see
http://ofbiz.apache.org/dtds/services.xsd
Regarding the bug bush, we are currently reviewing a couple of different
frameworks, so if we decide to go with OFBiz, I'll let you know.
PS. I should point out that I am reading the online version of the book at
Safari Books. I'm not sure how the books get on there so maybe the
underscore was some sort of OCR error?
No, it's indeed in the printed version I have
PPS. Also, I've found that whenever there's a URL or URI somewhere in
example code, it adds a whitespace character in the middle of it, e.g.
below:
screen name=ProcessEntityAccessBSF
section
actions
script location=component://learning/webapp/learning/
WEB-INF/actions/entityaccess/processEntityAccessBSF.bsh/
/actions
widgets
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=title
label text=Generic Screen for Displaying Data
Retrieved/
/decorator-section
decorator-section name=body
include-form name=ScriptNameForm
location=component://learning/widget/ learning/LearningForms.xml/
section
conditionnot if-empty
field-name=parameters.scriptName/ /not/condition
widgets
platform-specifichtml
html-template
location=component://learning/webapp/
learning/entityaccess/displaydataretrieved.ftl/
/html/platform-specific
/widgets
/section
/decorator-section
/decorator-screen
/widgets
/section
/screen
I haven't worked out the pattern of when it appears, and it wasn't a major
issue. Just mildly annoying, but it could cause confusion for novice
users.
If you give me the page number I could check it's also in the book
Jacques
On 18 June 2015 at 14:12, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Guys like you are welcome, we could even have a bug bash sometimes
https://en.wikipedia.org/wiki/Bug_bash
Jacques
Le 18/06/2015 12:57, Brad Smith a écrit :
Merci!
I will have a bash at it again when I get home tonight. Don't be too
hard
on yourself. I am notorious for being thorough and annoying because of
it.
:) I am sure I pay for my sins in other ways... :p
Will let you know how I get on.
On 18 June 2015 at 05:42, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 16/06/2015 13:49, Brad Smith a écrit :
My bad, the question should rather be, is two-part permissions
approach
deprecated?
Actually no, it's still usable, look for check-permission at
https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference
Note that to effectively work it needs to be followed by a
check-permission as explained
Re: Permissions and the Service Engine
OK, thanks Jacques. I will continue on with examples I can do.
The Safari version doesn't have page numbers because each chapter has it's
own entire page, but the example I gave was in Chapter 8, under section
The Generic Screen. But as I said, it's just one example. On the Safari
version it crops up in almost every example where there's a URI or URL, so
maybe there's an issue with the conversion from original format to Safari
format. Anyway, just thought I'd raise it.
On 21 June 2015 at 16:58, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 20/06/2015 12:04, Brad Smith a écrit :
Gentlemen,
Good news. I made the recommended underscore change and both the
check-permission permission=LEARN action=_VIEW/ and
check-permission
permission=LEARN action=_ADMIN/
examples worked. Thanks for that!
However, in the next example under the Role Checks section, I hit a new
problem.
I changed my service definition to look like
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The
Controller/description
required-permissions join-type=OR
check-role-member role-type=CUSTOMER/
/required-permissions
implements service=learningInterface/
/service
In ModelPermission.java I also commented out
partyRoles = EntityUtil.filterByDate(partyRoles);
which is now on line 109, and rebuilt.
I tried with line 109 both commented and uncommented, but in neither case
was either 'allowed' or 'denied' able to invoke the service.
Any suggestions?
Forget about check-role-member, it's deprecated, see
http://ofbiz.apache.org/dtds/services.xsd
Regarding the bug bush, we are currently reviewing a couple of different
frameworks, so if we decide to go with OFBiz, I'll let you know.
PS. I should point out that I am reading the online version of the book at
Safari Books. I'm not sure how the books get on there so maybe the
underscore was some sort of OCR error?
No, it's indeed in the printed version I have
PPS. Also, I've found that whenever there's a URL or URI somewhere in
example code, it adds a whitespace character in the middle of it, e.g.
below:
screen name=ProcessEntityAccessBSF
section
actions
script location=component://learning/webapp/learning/
WEB-INF/actions/entityaccess/processEntityAccessBSF.bsh/
/actions
widgets
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=title
label text=Generic Screen for Displaying Data
Retrieved/
/decorator-section
decorator-section name=body
include-form name=ScriptNameForm
location=component://learning/widget/ learning/LearningForms.xml/
section
conditionnot if-empty
field-name=parameters.scriptName/ /not/condition
widgets
platform-specifichtml
html-template
location=component://learning/webapp/
learning/entityaccess/displaydataretrieved.ftl/
/html/platform-specific
/widgets
/section
/decorator-section
/decorator-screen
/widgets
/section
/screen
I haven't worked out the pattern of when it appears, and it wasn't a major
issue. Just mildly annoying, but it could cause confusion for novice
users.
If you give me the page number I could check it's also in the book
Jacques
On 18 June 2015 at 14:12, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Guys like you are welcome, we could even have a bug bash sometimes
https://en.wikipedia.org/wiki/Bug_bash
Jacques
Le 18/06/2015 12:57, Brad Smith a écrit :
Merci!
I will have a bash at it again when I get home tonight. Don't be too
hard
on yourself. I am notorious for being thorough and annoying because of
it.
:) I am sure I pay for my sins in other ways... :p
Will let you know how I get on.
On 18 June 2015 at 05:42, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 16/06/2015 13:49, Brad Smith a écrit :
My bad, the question should rather be, is two-part permissions
approach
deprecated?
Actually no, it's still usable, look for check-permission at
https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference
Note that to effectively work it needs to be followed by a
check-permission as explained here
http://markmail.org/message/dnlrev5pnj7brhfm
As a reviewer of this book, I'm embarrassed to say it, but after 8
years
you clearly found a typo, the underscore is missing. As looking for
examples in OFBiz shows, it should
Re: Permissions and the Service Engine
Le 20/06/2015 12:04, Brad Smith a écrit :
Gentlemen,
Good news. I made the recommended underscore change and both the
check-permission permission=LEARN action=_VIEW/ and check-permission
permission=LEARN action=_ADMIN/
examples worked. Thanks for that!
However, in the next example under the Role Checks section, I hit a new
problem.
I changed my service definition to look like
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The Controller/description
required-permissions join-type=OR
check-role-member role-type=CUSTOMER/
/required-permissions
implements service=learningInterface/
/service
In ModelPermission.java I also commented out
partyRoles = EntityUtil.filterByDate(partyRoles);
which is now on line 109, and rebuilt.
I tried with line 109 both commented and uncommented, but in neither case
was either 'allowed' or 'denied' able to invoke the service.
Any suggestions?
Forget about check-role-member, it's deprecated, see
http://ofbiz.apache.org/dtds/services.xsd
Regarding the bug bush, we are currently reviewing a couple of different
frameworks, so if we decide to go with OFBiz, I'll let you know.
PS. I should point out that I am reading the online version of the book at
Safari Books. I'm not sure how the books get on there so maybe the
underscore was some sort of OCR error?
No, it's indeed in the printed version I have
PPS. Also, I've found that whenever there's a URL or URI somewhere in
example code, it adds a whitespace character in the middle of it, e.g.
below:
screen name=ProcessEntityAccessBSF
section
actions
script location=component://learning/webapp/learning/
WEB-INF/actions/entityaccess/processEntityAccessBSF.bsh/
/actions
widgets
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=title
label text=Generic Screen for Displaying Data
Retrieved/
/decorator-section
decorator-section name=body
include-form name=ScriptNameForm
location=component://learning/widget/ learning/LearningForms.xml/
section
conditionnot if-empty
field-name=parameters.scriptName/ /not/condition
widgets
platform-specifichtml
html-template
location=component://learning/webapp/
learning/entityaccess/displaydataretrieved.ftl/
/html/platform-specific
/widgets
/section
/decorator-section
/decorator-screen
/widgets
/section
/screen
I haven't worked out the pattern of when it appears, and it wasn't a major
issue. Just mildly annoying, but it could cause confusion for novice users.
If you give me the page number I could check it's also in the book
Jacques
On 18 June 2015 at 14:12, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Guys like you are welcome, we could even have a bug bash sometimes
https://en.wikipedia.org/wiki/Bug_bash
Jacques
Le 18/06/2015 12:57, Brad Smith a écrit :
Merci!
I will have a bash at it again when I get home tonight. Don't be too hard
on yourself. I am notorious for being thorough and annoying because of
it.
:) I am sure I pay for my sins in other ways... :p
Will let you know how I get on.
On 18 June 2015 at 05:42, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 16/06/2015 13:49, Brad Smith a écrit :
My bad, the question should rather be, is two-part permissions approach
deprecated?
Actually no, it's still usable, look for check-permission at
https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference
Note that to effectively work it needs to be followed by a
check-permission as explained here
http://markmail.org/message/dnlrev5pnj7brhfm
As a reviewer of this book, I'm embarrassed to say it, but after 8 years
you clearly found a typo, the underscore is missing. As looking for
examples in OFBiz shows, it should be
check-permission permission=LEARN action=_VIEW/
If you are interested in more details about OFBiz Security Permissions
the
reference so far is
https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions
that I completely rewrote last year.
Jacques
On 16 June 2015 at 13:43, Brad Smith wheninf...@gmail.com wrote:
Hi all,
I am currently running through Apache OFBiz Development: The
Beginner's
Tutorial by Howell and Wong.
I have my dev environment setup in IntelliJ and so far the examples
have
all more-or-less worked. I am up to Chapter 11, Permissions and the
Service
Engine and have hit some issues.
The example
Re: Permissions and the Service Engine
Gentlemen,
Good news. I made the recommended underscore change and both the
check-permission permission=LEARN action=_VIEW/ and check-permission
permission=LEARN action=_ADMIN/
examples worked. Thanks for that!
However, in the next example under the Role Checks section, I hit a new
problem.
I changed my service definition to look like
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The Controller/description
required-permissions join-type=OR
check-role-member role-type=CUSTOMER/
/required-permissions
implements service=learningInterface/
/service
In ModelPermission.java I also commented out
partyRoles = EntityUtil.filterByDate(partyRoles);
which is now on line 109, and rebuilt.
I tried with line 109 both commented and uncommented, but in neither case
was either 'allowed' or 'denied' able to invoke the service.
Any suggestions?
Regarding the bug bush, we are currently reviewing a couple of different
frameworks, so if we decide to go with OFBiz, I'll let you know.
PS. I should point out that I am reading the online version of the book at
Safari Books. I'm not sure how the books get on there so maybe the
underscore was some sort of OCR error?
PPS. Also, I've found that whenever there's a URL or URI somewhere in
example code, it adds a whitespace character in the middle of it, e.g.
below:
screen name=ProcessEntityAccessBSF
section
actions
script location=component://learning/webapp/learning/
WEB-INF/actions/entityaccess/processEntityAccessBSF.bsh/
/actions
widgets
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=title
label text=Generic Screen for Displaying Data
Retrieved/
/decorator-section
decorator-section name=body
include-form name=ScriptNameForm
location=component://learning/widget/ learning/LearningForms.xml/
section
conditionnot if-empty
field-name=parameters.scriptName/ /not/condition
widgets
platform-specifichtml
html-template
location=component://learning/webapp/
learning/entityaccess/displaydataretrieved.ftl/
/html/platform-specific
/widgets
/section
/decorator-section
/decorator-screen
/widgets
/section
/screen
I haven't worked out the pattern of when it appears, and it wasn't a major
issue. Just mildly annoying, but it could cause confusion for novice users.
On 18 June 2015 at 14:12, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Guys like you are welcome, we could even have a bug bash sometimes
https://en.wikipedia.org/wiki/Bug_bash
Jacques
Le 18/06/2015 12:57, Brad Smith a écrit :
Merci!
I will have a bash at it again when I get home tonight. Don't be too hard
on yourself. I am notorious for being thorough and annoying because of
it.
:) I am sure I pay for my sins in other ways... :p
Will let you know how I get on.
On 18 June 2015 at 05:42, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 16/06/2015 13:49, Brad Smith a écrit :
My bad, the question should rather be, is two-part permissions approach
deprecated?
Actually no, it's still usable, look for check-permission at
https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference
Note that to effectively work it needs to be followed by a
check-permission as explained here
http://markmail.org/message/dnlrev5pnj7brhfm
As a reviewer of this book, I'm embarrassed to say it, but after 8 years
you clearly found a typo, the underscore is missing. As looking for
examples in OFBiz shows, it should be
check-permission permission=LEARN action=_VIEW/
If you are interested in more details about OFBiz Security Permissions
the
reference so far is
https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions
that I completely rewrote last year.
Jacques
On 16 June 2015 at 13:43, Brad Smith wheninf...@gmail.com wrote:
Hi all,
I am currently running through Apache OFBiz Development: The
Beginner's
Tutorial by Howell and Wong.
I have my dev environment setup in IntelliJ and so far the examples
have
all more-or-less worked. I am up to Chapter 11, Permissions and the
Service
Engine and have hit some issues.
The example setup in the learning component is as follows:
${component:learning}\servicedef\services.xml
-
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
Re: Permissions and the Service Engine
Guys like you are welcome, we could even have a bug bash sometimes
https://en.wikipedia.org/wiki/Bug_bash
Jacques
Le 18/06/2015 12:57, Brad Smith a écrit :
Merci!
I will have a bash at it again when I get home tonight. Don't be too hard
on yourself. I am notorious for being thorough and annoying because of it.
:) I am sure I pay for my sins in other ways... :p
Will let you know how I get on.
On 18 June 2015 at 05:42, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 16/06/2015 13:49, Brad Smith a écrit :
My bad, the question should rather be, is two-part permissions approach
deprecated?
Actually no, it's still usable, look for check-permission at
https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference
Note that to effectively work it needs to be followed by a
check-permission as explained here
http://markmail.org/message/dnlrev5pnj7brhfm
As a reviewer of this book, I'm embarrassed to say it, but after 8 years
you clearly found a typo, the underscore is missing. As looking for
examples in OFBiz shows, it should be
check-permission permission=LEARN action=_VIEW/
If you are interested in more details about OFBiz Security Permissions the
reference so far is
https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions
that I completely rewrote last year.
Jacques
On 16 June 2015 at 13:43, Brad Smith wheninf...@gmail.com wrote:
Hi all,
I am currently running through Apache OFBiz Development: The Beginner's
Tutorial by Howell and Wong.
I have my dev environment setup in IntelliJ and so far the examples have
all more-or-less worked. I am up to Chapter 11, Permissions and the
Service
Engine and have hit some issues.
The example setup in the learning component is as follows:
${component:learning}\servicedef\services.xml
-
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The Controller/description
required-permissions join-type=OR
check-permission permission=LEARN_VIEW/
/required-permissions
implements service=learningInterface/
/service
${webapp:learning}\WEB-INF\controller.xml
-
request-map uri=TestPermissions
security auth=true https=true/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view value=login/
/request-map
request-map uri=TestCallingServicesWithPermission
security auth=true https=true/
event type=service invoke=learningCallingServiceOneWithPermission/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view
value=TestCallingServicesWithPermission/
/request-map
and
view-map name=TestCallingServicesWithPermission type=screen
page=component://learning/widget/learning/LearningScreens.xml#TestCallingServicesWithPermission/
${component:learning}\widget\learning\LearningScreens.xml
-
screen name=TestFirstService
section
widgets
section
conditionif-empty
field-name=formTarget//condition
actions
set field=formTarget value=TestFirstService/
set field=title value=Testing Our First
Service/
/actions
widgets/
/section
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=body
include-form name=TestingServices
location=component://learning/widget/learning/LearningForms.xml/
label text=Full Name: ${parameters.fullName}/
/decorator-section
/decorator-screen
/widgets
/section
/screen
...
screen name=TestCallingServicesWithPermission
section
actionsset field=formTarget
value=TestCallingServicesWithPermission/
/actions
widgets
include-screen name=TestFirstService/
/widgets
/section
/screen
${component:learning}\widget\learning\LearningForms.xml
---
form name=TestingServices type=single target=${formTarget}
field name=firstNametext//field
field name=lastNametext//field
field name=planetIdtext//field
field name=submitsubmit//field
/form
With regards to permissions, I have them set up as follows as per Chapter
9:
UserSecurity GroupSecurityPermission
User/Security Group From Date User/Security Group Thru Date
-
allowed LEARNSCREENS LEARN_VIEW
2015-06-15 19:34:15.832NULL
denied
Re: Permissions and the Service Engine
It's almost definitely my fault over Jacques ;)
On 18 June 2015 at 11:57, Brad Smith wheninf...@gmail.com wrote:
Merci!
I will have a bash at it again when I get home tonight. Don't be too hard
on yourself. I am notorious for being thorough and annoying because of it.
:) I am sure I pay for my sins in other ways... :p
Will let you know how I get on.
On 18 June 2015 at 05:42, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 16/06/2015 13:49, Brad Smith a écrit :
My bad, the question should rather be, is two-part permissions approach
deprecated?
Actually no, it's still usable, look for check-permission at
https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference
Note that to effectively work it needs to be followed by a
check-permission as explained here
http://markmail.org/message/dnlrev5pnj7brhfm
As a reviewer of this book, I'm embarrassed to say it, but after 8 years
you clearly found a typo, the underscore is missing. As looking for
examples in OFBiz shows, it should be
check-permission permission=LEARN action=_VIEW/
If you are interested in more details about OFBiz Security Permissions
the
reference so far is
https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions
that I completely rewrote last year.
Jacques
On 16 June 2015 at 13:43, Brad Smith wheninf...@gmail.com wrote:
Hi all,
I am currently running through Apache OFBiz Development: The Beginner's
Tutorial by Howell and Wong.
I have my dev environment setup in IntelliJ and so far the examples
have
all more-or-less worked. I am up to Chapter 11, Permissions and the
Service
Engine and have hit some issues.
The example setup in the learning component is as follows:
${component:learning}\servicedef\services.xml
-
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The Controller/description
required-permissions join-type=OR
check-permission permission=LEARN_VIEW/
/required-permissions
implements service=learningInterface/
/service
${webapp:learning}\WEB-INF\controller.xml
-
request-map uri=TestPermissions
security auth=true https=true/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view value=login/
/request-map
request-map uri=TestCallingServicesWithPermission
security auth=true https=true/
event type=service
invoke=learningCallingServiceOneWithPermission/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view
value=TestCallingServicesWithPermission/
/request-map
and
view-map name=TestCallingServicesWithPermission type=screen
page=component://learning/widget/learning/LearningScreens.xml#TestCallingServicesWithPermission/
${component:learning}\widget\learning\LearningScreens.xml
-
screen name=TestFirstService
section
widgets
section
conditionif-empty
field-name=formTarget//condition
actions
set field=formTarget value=TestFirstService/
set field=title value=Testing Our First
Service/
/actions
widgets/
/section
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=body
include-form name=TestingServices
location=component://learning/widget/learning/LearningForms.xml/
label text=Full Name: ${parameters.fullName}/
/decorator-section
/decorator-screen
/widgets
/section
/screen
...
screen name=TestCallingServicesWithPermission
section
actionsset field=formTarget
value=TestCallingServicesWithPermission/
/actions
widgets
include-screen name=TestFirstService/
/widgets
/section
/screen
${component:learning}\widget\learning\LearningForms.xml
---
form name=TestingServices type=single target=${formTarget}
field name=firstNametext//field
field name=lastNametext//field
field name=planetIdtext//field
field name=submitsubmit//field
/form
With regards to permissions, I have them set up as follows as per
Chapter
9:
UserSecurity GroupSecurityPermission
User/Security Group From Date User/Security Group Thru Date
Re: Permissions and the Service Engine
Merci!
I will have a bash at it again when I get home tonight. Don't be too hard
on yourself. I am notorious for being thorough and annoying because of it.
:) I am sure I pay for my sins in other ways... :p
Will let you know how I get on.
On 18 June 2015 at 05:42, Jacques Le Roux jacques.le.r...@les7arts.com
wrote:
Le 16/06/2015 13:49, Brad Smith a écrit :
My bad, the question should rather be, is two-part permissions approach
deprecated?
Actually no, it's still usable, look for check-permission at
https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference
Note that to effectively work it needs to be followed by a
check-permission as explained here
http://markmail.org/message/dnlrev5pnj7brhfm
As a reviewer of this book, I'm embarrassed to say it, but after 8 years
you clearly found a typo, the underscore is missing. As looking for
examples in OFBiz shows, it should be
check-permission permission=LEARN action=_VIEW/
If you are interested in more details about OFBiz Security Permissions the
reference so far is
https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions
that I completely rewrote last year.
Jacques
On 16 June 2015 at 13:43, Brad Smith wheninf...@gmail.com wrote:
Hi all,
I am currently running through Apache OFBiz Development: The Beginner's
Tutorial by Howell and Wong.
I have my dev environment setup in IntelliJ and so far the examples have
all more-or-less worked. I am up to Chapter 11, Permissions and the
Service
Engine and have hit some issues.
The example setup in the learning component is as follows:
${component:learning}\servicedef\services.xml
-
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The Controller/description
required-permissions join-type=OR
check-permission permission=LEARN_VIEW/
/required-permissions
implements service=learningInterface/
/service
${webapp:learning}\WEB-INF\controller.xml
-
request-map uri=TestPermissions
security auth=true https=true/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view value=login/
/request-map
request-map uri=TestCallingServicesWithPermission
security auth=true https=true/
event type=service invoke=learningCallingServiceOneWithPermission/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view
value=TestCallingServicesWithPermission/
/request-map
and
view-map name=TestCallingServicesWithPermission type=screen
page=component://learning/widget/learning/LearningScreens.xml#TestCallingServicesWithPermission/
${component:learning}\widget\learning\LearningScreens.xml
-
screen name=TestFirstService
section
widgets
section
conditionif-empty
field-name=formTarget//condition
actions
set field=formTarget value=TestFirstService/
set field=title value=Testing Our First
Service/
/actions
widgets/
/section
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=body
include-form name=TestingServices
location=component://learning/widget/learning/LearningForms.xml/
label text=Full Name: ${parameters.fullName}/
/decorator-section
/decorator-screen
/widgets
/section
/screen
...
screen name=TestCallingServicesWithPermission
section
actionsset field=formTarget
value=TestCallingServicesWithPermission/
/actions
widgets
include-screen name=TestFirstService/
/widgets
/section
/screen
${component:learning}\widget\learning\LearningForms.xml
---
form name=TestingServices type=single target=${formTarget}
field name=firstNametext//field
field name=lastNametext//field
field name=planetIdtext//field
field name=submitsubmit//field
/form
With regards to permissions, I have them set up as follows as per Chapter
9:
UserSecurity GroupSecurityPermission
User/Security Group From Date User/Security Group Thru Date
-
allowed LEARNSCREENS LEARN_VIEW
2015-06-15 19:34:15.832NULL
denied LEARNSCREENS LEARN_VIEW
2015-06-13 18:57:44.7242015-06-13 18:57
Re: Permissions and the Service Engine
Le 16/06/2015 13:49, Brad Smith a écrit :
My bad, the question should rather be, is two-part permissions approach
deprecated?
Actually no, it's still usable, look for check-permission at
https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference
Note that to effectively work it needs to be followed by a check-permission
as explained here http://markmail.org/message/dnlrev5pnj7brhfm
As a reviewer of this book, I'm embarrassed to say it, but after 8 years you clearly found a typo, the underscore is missing. As looking for examples
in OFBiz shows, it should be
check-permission permission=LEARN action=_VIEW/
If you are interested in more details about OFBiz Security Permissions the reference so far is
https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions that I completely rewrote last year.
Jacques
On 16 June 2015 at 13:43, Brad Smith wheninf...@gmail.com wrote:
Hi all,
I am currently running through Apache OFBiz Development: The Beginner's
Tutorial by Howell and Wong.
I have my dev environment setup in IntelliJ and so far the examples have
all more-or-less worked. I am up to Chapter 11, Permissions and the Service
Engine and have hit some issues.
The example setup in the learning component is as follows:
${component:learning}\servicedef\services.xml
-
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The Controller/description
required-permissions join-type=OR
check-permission permission=LEARN_VIEW/
/required-permissions
implements service=learningInterface/
/service
${webapp:learning}\WEB-INF\controller.xml
-
request-map uri=TestPermissions
security auth=true https=true/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view value=login/
/request-map
request-map uri=TestCallingServicesWithPermission
security auth=true https=true/
event type=service invoke=learningCallingServiceOneWithPermission/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view
value=TestCallingServicesWithPermission/
/request-map
and
view-map name=TestCallingServicesWithPermission type=screen
page=component://learning/widget/learning/LearningScreens.xml#TestCallingServicesWithPermission/
${component:learning}\widget\learning\LearningScreens.xml
-
screen name=TestFirstService
section
widgets
section
conditionif-empty field-name=formTarget//condition
actions
set field=formTarget value=TestFirstService/
set field=title value=Testing Our First Service/
/actions
widgets/
/section
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=body
include-form name=TestingServices
location=component://learning/widget/learning/LearningForms.xml/
label text=Full Name: ${parameters.fullName}/
/decorator-section
/decorator-screen
/widgets
/section
/screen
...
screen name=TestCallingServicesWithPermission
section
actionsset field=formTarget
value=TestCallingServicesWithPermission/
/actions
widgets
include-screen name=TestFirstService/
/widgets
/section
/screen
${component:learning}\widget\learning\LearningForms.xml
---
form name=TestingServices type=single target=${formTarget}
field name=firstNametext//field
field name=lastNametext//field
field name=planetIdtext//field
field name=submitsubmit//field
/form
With regards to permissions, I have them set up as follows as per Chapter
9:
UserSecurity GroupSecurityPermission
User/Security Group From Date User/Security Group Thru Date
-
allowed LEARNSCREENS LEARN_VIEW
2015-06-15 19:34:15.832NULL
denied LEARNSCREENS LEARN_VIEW
2015-06-13 18:57:44.7242015-06-13 18:57:44.724
LEARNSCREENS LEARN_VIEW
2015-06-13 18:57:44.0002015-06-13 19:33:47.000
Under the above configuration, the permissions checks work as advertised,
and allowed is able to call the service while denied is not.
The next section of the chapter talks about two-part permissions, and
makes the following changes to the configuration. Apparently, OFBiz is
supposed to interpret
Re: Webtools Users and Permissions
Hi Gabrielle, The Party mgr is the application to use, when it comes to managing user data, including access permissions if you're not providing a self registration or self service mechanism. Best regards, Pierre Smits *ORRTIZ.COM http://www.orrtiz.com* Services Solutions for Cloud- Based Manufacturing, Professional Services and Retail Trade http://www.orrtiz.com On Wed, Jun 17, 2015 at 4:00 PM, Gabrielle C. Nguyen gabrie...@gabriellenguyen.com wrote: Hello, I would like to create new users within Webtools. Ideally, they can login and have access to specific areas (CMS editor) only. Is this possible to create new users? So far, I cannot seem to find a way to do so. If so, is it possible to give these users access permissions? Any tips? Thank You, Gabrielle
Re: Webtools Users and Permissions
Also https://localhost:8443/webtools/control/security On Wed, 2015-06-17 at 16:33 +0200, Pierre Smits wrote: Hi Gabrielle, The Party mgr is the application to use, when it comes to managing user data, including access permissions if you're not providing a self registration or self service mechanism. Best regards, Pierre Smits *ORRTIZ.COM http://www.orrtiz.com* Services Solutions for Cloud- Based Manufacturing, Professional Services and Retail Trade http://www.orrtiz.com On Wed, Jun 17, 2015 at 4:00 PM, Gabrielle C. Nguyen gabrie...@gabriellenguyen.com wrote: Hello, I would like to create new users within Webtools. Ideally, they can login and have access to specific areas (CMS editor) only. Is this possible to create new users? So far, I cannot seem to find a way to do so. If so, is it possible to give these users access permissions? Any tips? Thank You, Gabrielle
Webtools Users and Permissions
Hello, I would like to create new users within Webtools. Ideally, they can login and have access to specific areas (CMS editor) only. Is this possible to create new users? So far, I cannot seem to find a way to do so. If so, is it possible to give these users access permissions? Any tips? Thank You, Gabrielle
Re: Webtools Users and Permissions
Hi Gabrielle, please have a look at the Party Manager, where you can add new users, logins, set their security groups and permissions etc. See http://demo-stable-ofbiz.apache.org/partymgr Regards, Michael Brohl ecomify GmbH www.ecomify.de Am 17.06.15 um 16:00 schrieb Gabrielle C. Nguyen: Hello, I would like to create new users within Webtools. Ideally, they can login and have access to specific areas (CMS editor) only. Is this possible to create new users? So far, I cannot seem to find a way to do so. If so, is it possible to give these users access permissions? Any tips? Thank You, Gabrielle smime.p7s Description: S/MIME Cryptographic Signature
Permissions and the Service Engine
Hi all,
I am currently running through Apache OFBiz Development: The Beginner's
Tutorial by Howell and Wong.
I have my dev environment setup in IntelliJ and so far the examples have
all more-or-less worked. I am up to Chapter 11, Permissions and the Service
Engine and have hit some issues.
The example setup in the learning component is as follows:
${component:learning}\servicedef\services.xml
-
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The Controller/description
required-permissions join-type=OR
check-permission permission=LEARN_VIEW/
/required-permissions
implements service=learningInterface/
/service
${webapp:learning}\WEB-INF\controller.xml
-
request-map uri=TestPermissions
security auth=true https=true/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view value=login/
/request-map
request-map uri=TestCallingServicesWithPermission
security auth=true https=true/
event type=service invoke=learningCallingServiceOneWithPermission/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view
value=TestCallingServicesWithPermission/
/request-map
and
view-map name=TestCallingServicesWithPermission type=screen
page=component://learning/widget/learning/LearningScreens.xml#TestCallingServicesWithPermission/
${component:learning}\widget\learning\LearningScreens.xml
-
screen name=TestFirstService
section
widgets
section
conditionif-empty field-name=formTarget//condition
actions
set field=formTarget value=TestFirstService/
set field=title value=Testing Our First Service/
/actions
widgets/
/section
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=body
include-form name=TestingServices
location=component://learning/widget/learning/LearningForms.xml/
label text=Full Name: ${parameters.fullName}/
/decorator-section
/decorator-screen
/widgets
/section
/screen
...
screen name=TestCallingServicesWithPermission
section
actionsset field=formTarget
value=TestCallingServicesWithPermission/
/actions
widgets
include-screen name=TestFirstService/
/widgets
/section
/screen
${component:learning}\widget\learning\LearningForms.xml
---
form name=TestingServices type=single target=${formTarget}
field name=firstNametext//field
field name=lastNametext//field
field name=planetIdtext//field
field name=submitsubmit//field
/form
With regards to permissions, I have them set up as follows as per Chapter 9:
UserSecurity GroupSecurityPermission
User/Security Group From Date User/Security Group Thru Date
-
allowed LEARNSCREENS LEARN_VIEW 2015-06-15
19:34:15.832NULL
denied LEARNSCREENS LEARN_VIEW 2015-06-13
18:57:44.7242015-06-13 18:57:44.724
LEARNSCREENS LEARN_VIEW 2015-06-13
18:57:44.0002015-06-13 19:33:47.000
Under the above configuration, the permissions checks work as advertised,
and allowed is able to call the service while denied is not.
The next section of the chapter talks about two-part permissions, and makes
the following changes to the configuration. Apparently, OFBiz is supposed
to interpret the underscore in permission attribute as some sort of
tokenising character, where the first token LEARN becomes the permission,
and the second part VIEW becomes an action. This seems loose to me but
nevertheless.
${component:learning}\servicedef\services.xml
-
check-permission permission=LEARN_VIEW/
becomes
check-permission permission=LEARN action=VIEW/
According to the text, the authorisation behaviour should remain exactly
the same. In other words, the check-permission elements are equivalent. But
this is not the case. Under the modified configuration, neither allowed
nor denied are able to call the service. I also don't see a LEARN item
in the SecurityPermission entity anywhere, so I don't see how this should
work in the first place.
Is this tokenised approach deprecated? Or is there something else going on?
Re: Permissions and the Service Engine
My bad, the question should rather be, is two-part permissions approach
deprecated?
On 16 June 2015 at 13:43, Brad Smith wheninf...@gmail.com wrote:
Hi all,
I am currently running through Apache OFBiz Development: The Beginner's
Tutorial by Howell and Wong.
I have my dev environment setup in IntelliJ and so far the examples have
all more-or-less worked. I am up to Chapter 11, Permissions and the Service
Engine and have hit some issues.
The example setup in the learning component is as follows:
${component:learning}\servicedef\services.xml
-
service name=learningCallingServiceOneWithPermission engine=java
location=org.ofbiz.learning.learning.LearningServices
invoke=callingServiceOne
descriptionFirst Service Called From The Controller/description
required-permissions join-type=OR
check-permission permission=LEARN_VIEW/
/required-permissions
implements service=learningInterface/
/service
${webapp:learning}\WEB-INF\controller.xml
-
request-map uri=TestPermissions
security auth=true https=true/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view value=login/
/request-map
request-map uri=TestCallingServicesWithPermission
security auth=true https=true/
event type=service invoke=learningCallingServiceOneWithPermission/
response name=success type=view
value=TestCallingServicesWithPermission/
response name=error type=view
value=TestCallingServicesWithPermission/
/request-map
and
view-map name=TestCallingServicesWithPermission type=screen
page=component://learning/widget/learning/LearningScreens.xml#TestCallingServicesWithPermission/
${component:learning}\widget\learning\LearningScreens.xml
-
screen name=TestFirstService
section
widgets
section
conditionif-empty field-name=formTarget//condition
actions
set field=formTarget value=TestFirstService/
set field=title value=Testing Our First Service/
/actions
widgets/
/section
decorator-screen name=main-decorator
location=${parameters.mainDecoratorLocation}
decorator-section name=body
include-form name=TestingServices
location=component://learning/widget/learning/LearningForms.xml/
label text=Full Name: ${parameters.fullName}/
/decorator-section
/decorator-screen
/widgets
/section
/screen
...
screen name=TestCallingServicesWithPermission
section
actionsset field=formTarget
value=TestCallingServicesWithPermission/
/actions
widgets
include-screen name=TestFirstService/
/widgets
/section
/screen
${component:learning}\widget\learning\LearningForms.xml
---
form name=TestingServices type=single target=${formTarget}
field name=firstNametext//field
field name=lastNametext//field
field name=planetIdtext//field
field name=submitsubmit//field
/form
With regards to permissions, I have them set up as follows as per Chapter
9:
UserSecurity GroupSecurityPermission
User/Security Group From Date User/Security Group Thru Date
-
allowed LEARNSCREENS LEARN_VIEW
2015-06-15 19:34:15.832NULL
denied LEARNSCREENS LEARN_VIEW
2015-06-13 18:57:44.7242015-06-13 18:57:44.724
LEARNSCREENS LEARN_VIEW
2015-06-13 18:57:44.0002015-06-13 19:33:47.000
Under the above configuration, the permissions checks work as advertised,
and allowed is able to call the service while denied is not.
The next section of the chapter talks about two-part permissions, and
makes the following changes to the configuration. Apparently, OFBiz is
supposed to interpret the underscore in permission attribute as some sort
of tokenising character, where the first token LEARN becomes the
permission, and the second part VIEW becomes an action. This seems
loose to me but nevertheless.
${component:learning}\servicedef\services.xml
-
check-permission permission=LEARN_VIEW/
becomes
check-permission permission=LEARN action=VIEW/
According to the text, the authorisation behaviour should remain exactly
the same. In other words, the check-permission elements are equivalent. But
this is not the case. Under the modified configuration, neither allowed
nor denied are able to call the service. I also don't see a LEARN item
in the SecurityPermission entity anywhere
Re: Understanding permissions and security in ofbiz : Not able to access application
Make sure the user has the OFBTOOLS permission. Adrian Crum Sandglass Software www.sandglass-software.com On 2/27/2015 4:20 AM, Raghu Chandra wrote: Hi All, I have created a application called smartfarm in ofBiz the ofbiz-component.xml looks like this webapp name=smartfarm title=SMARTFARM server=default-server location=webapp/smartfarm base-permission=OFBTOOLS,SMART mount-point=/smartfarm app-bar-display=true/ and i am not able to access the application till i give super permission to the user. my seed data looks like this SecurityGroup groupId=SETUP description=Access setup screens / SecurityGroup groupId=CROP description=Access crop screens / SecurityGroup groupId=CONFIG description=Access detailed config screens / SecurityGroup groupId=LOCATION description=Access location screens / SecurityPermission description=Access setup screens permissionId=SMART_SETUP/ SecurityPermission description=Access crop screens permissionId=SMART_CROP/ SecurityPermission description=Access detailed config screens permissionId=SMART_CONFIG/ SecurityPermission description=Access location screens permissionId=SMART_LOCATION/ SecurityGroupPermission groupId=SETUP permissionId=SMART_SETUP/ SecurityGroupPermission groupId=CROP permissionId=SMART_CROP/ SecurityGroupPermission groupId=CONFIG permissionId=SMART_CONFIG/ SecurityGroupPermission groupId=LOCATION permissionId=SMART_LOCATION/ what is that i have to do to access the application if user have any of the permissions above?
Understanding permissions and security in ofbiz : Not able to access application
Hi All, I have created a application called smartfarm in ofBiz the ofbiz-component.xml looks like this webapp name=smartfarm title=SMARTFARM server=default-server location=webapp/smartfarm base-permission=OFBTOOLS,SMART mount-point=/smartfarm app-bar-display=true/ and i am not able to access the application till i give super permission to the user. my seed data looks like this SecurityGroup groupId=SETUP description=Access setup screens / SecurityGroup groupId=CROP description=Access crop screens / SecurityGroup groupId=CONFIG description=Access detailed config screens / SecurityGroup groupId=LOCATION description=Access location screens / SecurityPermission description=Access setup screens permissionId=SMART_SETUP/ SecurityPermission description=Access crop screens permissionId=SMART_CROP/ SecurityPermission description=Access detailed config screens permissionId=SMART_CONFIG/ SecurityPermission description=Access location screens permissionId=SMART_LOCATION/ SecurityGroupPermission groupId=SETUP permissionId=SMART_SETUP/ SecurityGroupPermission groupId=CROP permissionId=SMART_CROP/ SecurityGroupPermission groupId=CONFIG permissionId=SMART_CONFIG/ SecurityGroupPermission groupId=LOCATION permissionId=SMART_LOCATION/ what is that i have to do to access the application if user have any of the permissions above? -- Raghu Chandra K R Lead Engineer NPI (New Product Initiative) Ph : 9964446854 *cropin.co.in http://cropin.co.in*
Re: Understanding permissions and security in ofbiz : Not able to access application
Hi Raghu, as far as I know, in order to allow a user to access an application, the security groups he/she is assigned to should include 'permissionPrefix_VIEW' or 'permissionPrefix_ADMIN' for EACH permissionPrefix specified in the 'base-permission' attribute of ofbiz-component.xml's element 'webapp'. In your case, the permissions to be included are: - OFBTOOLS_ADMIN or OFBTOOLS_VIEW and - SMART_ADMIN or SMART_VIEW You might find useful the following short tutorial http://www.hotwaxsystems.com/apache-ofbiz-blog/ofbiz-tutorial-how-to-setup-permission-for-a-new-user-to-access-an-application/ Let me know if this solves your problem. Kind regards Anahita 2015-02-27 13:20 GMT+01:00 Raghu Chandra ra...@cropin.in: Hi All, I have created a application called smartfarm in ofBiz the ofbiz-component.xml looks like this webapp name=smartfarm title=SMARTFARM server=default-server location=webapp/smartfarm base-permission=OFBTOOLS,SMART mount-point=/smartfarm app-bar-display=true/ and i am not able to access the application till i give super permission to the user. my seed data looks like this SecurityGroup groupId=SETUP description=Access setup screens / SecurityGroup groupId=CROP description=Access crop screens / SecurityGroup groupId=CONFIG description=Access detailed config screens / SecurityGroup groupId=LOCATION description=Access location screens / SecurityPermission description=Access setup screens permissionId=SMART_SETUP/ SecurityPermission description=Access crop screens permissionId=SMART_CROP/ SecurityPermission description=Access detailed config screens permissionId=SMART_CONFIG/ SecurityPermission description=Access location screens permissionId=SMART_LOCATION/ SecurityGroupPermission groupId=SETUP permissionId=SMART_SETUP/ SecurityGroupPermission groupId=CROP permissionId=SMART_CROP/ SecurityGroupPermission groupId=CONFIG permissionId=SMART_CONFIG/ SecurityGroupPermission groupId=LOCATION permissionId=SMART_LOCATION/ what is that i have to do to access the application if user have any of the permissions above? -- Raghu Chandra K R Lead Engineer NPI (New Product Initiative) Ph : 9964446854 *cropin.co.in http://cropin.co.in*
Re: removing user permissions
Hi Jad, Yes, expiring the permission in stead of removing it is the expected behaviour. Permissions assignments, like many other objects, have a limited lifespan. The reason for expiring in stead of a hard delete has to do with accountability and the business need to be able to audit actions (Governance, Compliance and Risk related). Regards, Pierre Smits *ORRTIZ.COM http://www.orrtiz.com* Services Solutions for Cloud- Based Manufacturing, Professional Services and Retail Trade http://www.orrtiz.com On Mon, Jan 12, 2015 at 12:48 PM, Jad El Omeiri jadelome...@robertheath.co.uk wrote: Hi guys, In partymgr, when checking a certain user's permission groups, clicking on remove used to completely remove that permission for that user. I just noticed that now, instead of totally removing the permission, it is actually setting a through date and expiring the permission. I was wondering whether that was changed on purpose and whether from now on that was the expected behavior. Does anyone have any idea about this? Thanks, - Jad El Omeiri -- View this message in context: http://ofbiz.135035.n4.nabble.com/removing-user-permissions-tp4661241.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: removing user permissions
Hi Pierre, Thanks a lot for answering. At least now we know it's not a bug or any unexpected behavior... Thanks, - Jad El Omeiri -- View this message in context: http://ofbiz.135035.n4.nabble.com/removing-user-permissions-tp4661241p4661376.html Sent from the OFBiz - User mailing list archive at Nabble.com.
removing user permissions
Hi guys, In partymgr, when checking a certain user's permission groups, clicking on remove used to completely remove that permission for that user. I just noticed that now, instead of totally removing the permission, it is actually setting a through date and expiring the permission. I was wondering whether that was changed on purpose and whether from now on that was the expected behavior. Does anyone have any idea about this? Thanks, - Jad El Omeiri -- View this message in context: http://ofbiz.135035.n4.nabble.com/removing-user-permissions-tp4661241.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Changes to the Security Permissions concept?
And a last one that may be commented by other users of multitenancy,
possibly:
Because of the fact that the ServiceDispatcher uses the default delegator,
I also cannot see my tenant's data. E.g. I do not see the tenant's orders,
customer requests etc.
I tried to find out why the delegator (which is set properly in the
ContextFilter), does not make it into the Service call, but no success. The
Service call for this one is defined in the CustRequestForms.xml and simply
maps the Form parameters to the service call. I am not sure how to access
request parameters to enrich the service call with e.g. the tenantId.
I can see this works fine in other places since the JobInvoker is able to
call services with the correct delegator. I am just not sure about the
processing chain for backend application calls. Any hint anyone?
Thanks regards
Carsten
2012/8/24 Carsten Schinzer c.schin...@gmail.com
After adding a little Debug output on the Service Dispatcher it is clear
what's going on:
ServiceDispatcher.getDelegator() returns the default delegator while my
userLogin in context is valid for a tenant delegator, ie. default#MYTENANT
Is this a known issue? Has anyone attempted to adapt the ServiceDispatcher
to use the current user's context delegator? Is there risk bound to it? Or
should I just locally adapt the auth method to use the correct delegator
and keep ServiceDispatcher.delegator with the 'default' ?
I shall go for that latter and play around a bit while waiting for replies
here.
Once solution found, it merit's a JIRA I guess.
Regards
Carsten
2012/8/23 Jacques Le Roux jacques.le.r...@les7arts.com
Adam (doogie) has introduced some changes recently (early may) in this
area, could be related...
Jacques
From: Carsten Schinzer c.schin...@gmail.com
Guys, I am still running with this (I can only do that part-time in my
evenings). Here is more findings (but still no solution):
The error message is legged when in methodContext there is no userId set.
Now I wonder how that can happen, as I am logging into the ordermgr
application (with permissions set to ORDERMGR_ADMIN), then define a
search
on the CustRequest search form before I get the error message in the logs
when the result list is rendered.
Also strange: When I try to change my password I get thrown out from the
PartyMgr screen as having no permission.
Even more strange: When I attempt to see PartyMgr function from the menu
I
am prompted to change my password.
Finally entirely strange: Checking the encrypted default passwords from
the
demo data files I see a discrepancy between trunk demo data and 10.04
demo
data. Assuming, both string values represent a SHA-hashed ofbiz as a
password, then why are they different as follows:
10.04 hashed value: currentPassword=
{SHA}**47ca69ebb4bdc9ae0adec130880165**d2cc05db1a
trunk hashed value: currentPassword=
{SHA}**47b56994cbc2b6d10aa1be30f70165**adb305a41a
I admit I am confused. If anyone can shed light into this very much
appreciated.
Did I miss a step when upgrading from 10.04 to trunk recently ?
Thanks regards
Carsten
Re: Changes to the Security Permissions concept?
After adding a little Debug output on the Service Dispatcher it is clear
what's going on:
ServiceDispatcher.getDelegator() returns the default delegator while my
userLogin in context is valid for a tenant delegator, ie. default#MYTENANT
Is this a known issue? Has anyone attempted to adapt the ServiceDispatcher
to use the current user's context delegator? Is there risk bound to it? Or
should I just locally adapt the auth method to use the correct delegator
and keep ServiceDispatcher.delegator with the 'default' ?
I shall go for that latter and play around a bit while waiting for replies
here.
Once solution found, it merit's a JIRA I guess.
Regards
Carsten
2012/8/23 Jacques Le Roux jacques.le.r...@les7arts.com
Adam (doogie) has introduced some changes recently (early may) in this
area, could be related...
Jacques
From: Carsten Schinzer c.schin...@gmail.com
Guys, I am still running with this (I can only do that part-time in my
evenings). Here is more findings (but still no solution):
The error message is legged when in methodContext there is no userId set.
Now I wonder how that can happen, as I am logging into the ordermgr
application (with permissions set to ORDERMGR_ADMIN), then define a search
on the CustRequest search form before I get the error message in the logs
when the result list is rendered.
Also strange: When I try to change my password I get thrown out from the
PartyMgr screen as having no permission.
Even more strange: When I attempt to see PartyMgr function from the menu I
am prompted to change my password.
Finally entirely strange: Checking the encrypted default passwords from
the
demo data files I see a discrepancy between trunk demo data and 10.04 demo
data. Assuming, both string values represent a SHA-hashed ofbiz as a
password, then why are they different as follows:
10.04 hashed value: currentPassword=
{SHA}**47ca69ebb4bdc9ae0adec130880165**d2cc05db1a
trunk hashed value: currentPassword=
{SHA}**47b56994cbc2b6d10aa1be30f70165**adb305a41a
I admit I am confused. If anyone can shed light into this very much
appreciated.
Did I miss a step when upgrading from 10.04 to trunk recently ?
Thanks regards
Carsten
Re: Changes to the Security Permissions concept?
Further to this, I do see this error message on the logs for almost every screen I open on the backend apps: Service auth failed for userLoginId [admin] because UserLogin record currentPassword fields did not match; note that the UserLogin object passed into a service may need to have the currentPassword encrypted Maybe that give a hint of what I am facing. Any comments? 2012/8/22 Carsten Schinzer c.schin...@gmail.com Hello all, I recently migrated from 09.04 to trunk with my OFBiz basic setup. Since that point I seem to have issues when working in roles such as admin, ltdadmin for example: * I cannot view recent CustReqeusts as admin or ltdadmin * I have no rights to change shop settings as admin or ltdadmn etc. Does anyone have guidance on * when did things change ? (JIRA reference possibly?) * is there an associated, recommended migration path for existing setups? * which data reader levels do I need to repeat (seed-initial, seed) to establish full default permission set for admin co? Any guidance will be much appreciated. Thanks regards Carsten
Re: Changes to the Security Permissions concept?
Adam (doogie) has introduced some changes recently (early may) in this area,
could be related...
Jacques
From: Carsten Schinzer c.schin...@gmail.com
Guys, I am still running with this (I can only do that part-time in my
evenings). Here is more findings (but still no solution):
The error message is legged when in methodContext there is no userId set.
Now I wonder how that can happen, as I am logging into the ordermgr
application (with permissions set to ORDERMGR_ADMIN), then define a search
on the CustRequest search form before I get the error message in the logs
when the result list is rendered.
Also strange: When I try to change my password I get thrown out from the
PartyMgr screen as having no permission.
Even more strange: When I attempt to see PartyMgr function from the menu I
am prompted to change my password.
Finally entirely strange: Checking the encrypted default passwords from the
demo data files I see a discrepancy between trunk demo data and 10.04 demo
data. Assuming, both string values represent a SHA-hashed ofbiz as a
password, then why are they different as follows:
10.04 hashed value: currentPassword=
{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a
trunk hashed value: currentPassword=
{SHA}47b56994cbc2b6d10aa1be30f70165adb305a41a
I admit I am confused. If anyone can shed light into this very much
appreciated.
Did I miss a step when upgrading from 10.04 to trunk recently ?
Thanks regards
Carsten
Re: Content Permissions
You can do a trick to handle this: Its genericContentPermission service which executes, when you use /content/control/stream?contentId. So you write SECA rule in your component on service genericContentPermission: Rule should be: When ever genericContentPermission runs, your new custom service should run as action service. This new service will implement permissionInterface in service definition. And in implementation you may add your rules to return hasPermission = true or you may directly return hasPermission = true . Your seca rule will look like this: eca service=genericContentPermission event=return run-on-failure=true condition field-name=hasPermission operator=equals value=false type=Boolean/ action service=yourCustomerService mode=sync result-to-result=true/ /eca Thanks -- Divesh Dutta. On Feb 24, 2011, at 2:52 PM, Gavin Mabie wrote: Hi Can anybody give me a short answer on how to give view permission to an anonymous/guest user to view content. I am using /content/control/stream?contentId in an FTL to show images but it only displays when I log onto the ContentMgr application on the back end. Thanks in advance. Gav
Content Permissions
Hi Can anybody give me a short answer on how to give view permission to an anonymous/guest user to view content. I am using /content/control/stream?contentId in an FTL to show images but it only displays when I log onto the ContentMgr application on the back end. Thanks in advance. Gav
Permissions
Hi all I want to make a little change in sfa and I'm wondering if anyone can help me I want ONLY the accounting manager to be able to view the the all accounts I don't want other sales persons to view all accounts first I commented the the part of code that includes the list of accounts in the default accounts page. I want to keep the find screen but only the sfa admin should be able to see it . can anyone please help me how to do that? I have only basic information about permissions and services with permissions -- View this message in context: http://ofbiz.135035.n4.nabble.com/Permissions-tp2991515p2991515.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Permissions
To show/hide a screen according to permission, you can use the if-has-permission tag. Shereen wrote: Hi all I want to make a little change in sfa and I'm wondering if anyone can help me I want ONLY the accounting manager to be able to view the the all accounts I don't want other sales persons to view all accounts first I commented the the part of code that includes the list of accounts in the default accounts page. I want to keep the find screen but only the sfa admin should be able to see it . can anyone please help me how to do that? I have only basic information about permissions and services with permissions -- View this message in context: http://ofbiz.135035.n4.nabble.com/Permissions-tp2991515p2991569.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Permissions
https://cwiki.apache.org/OFBTECH/ofbiz-security.html also check Role limited (or based) permissions and the notes at the end of the document. = BJ Freeman Strategic Power Office with Supplier Automation http://www.businessesnetwork.com/automation/viewforum.php?f=52 Specialtymarket.com http://www.specialtymarket.com/ Systems Integrator-- Glad to Assist Chat Y! messenger: bjfr33man james_sg sent the following on 10/12/2010 3:23 AM: To show/hide a screen according to permission, you can use the if-has-permission tag. Shereen wrote: Hi all I want to make a little change in sfa and I'm wondering if anyone can help me I want ONLY the accounting manager to be able to view the the all accounts I don't want other sales persons to view all accounts first I commented the the part of code that includes the list of accounts in the default accounts page. I want to keep the find screen but only the sfa admin should be able to see it . can anyone please help me how to do that? I have only basic information about permissions and services with permissions
Re: Nesting required-permissions in service definition
Yes, a patch could be contributed. Just verify before that you are using the right xsd version and that it's has not been already fixed. Jacques From: Rene Scheibe rene.sche...@tngtech.com We are using nested 'required-permissions' elements in our service definitions to implement AND OR joining. See below: required-permissions join-type=OR check-permission permission=SOME_PERMISSION action=_UPDATE/ required-permissions join-type=AND permission-service service-name=facilityGenericPermission main-action=CREATE/ permission-service service-name=facilityGenericPermission main-action=UPDATE/ /required-permissions /required-permissions This works create but the services.xsd does not specify such nesting. Therefore warnings show up when starting OFBiz. The question now is, if the services.xsd should be updated? Regards, René -- René Scheibe * rene.sche...@tngtech.com TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring Geschäftsführer: Henrik Klagges, Gerhard Müller, Christoph Stock Sitz: Unterföhring * Amtsgericht München * HRB 135082
Nesting required-permissions in service definition
We are using nested 'required-permissions' elements in our service definitions to implement AND OR joining. See below: required-permissions join-type=OR check-permission permission=SOME_PERMISSION action=_UPDATE/ required-permissions join-type=AND permission-service service-name=facilityGenericPermission main-action=CREATE/ permission-service service-name=facilityGenericPermission main-action=UPDATE/ /required-permissions /required-permissions This works create but the services.xsd does not specify such nesting. Therefore warnings show up when starting OFBiz. The question now is, if the services.xsd should be updated? Regards, René -- René Scheibe * rene.sche...@tngtech.com TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring Geschäftsführer: Henrik Klagges, Gerhard Müller, Christoph Stock Sitz: Unterföhring * Amtsgericht München * HRB 135082
Re: Question regarding Data security by permissions
as a couple of days ago there was a new implementation of security that I have not got familiar with, in the trunk. before that changes the permission is based on login and the permissions in the service and UI components. each of what you say is available. Also we have a portal that is keyed to the login so you can group only those UI's that are relative to the user. most of the portals are keyed to security. if you run a local copy, only because many people are using the demo, create a party for yourself, login and go to myportal and see what is available. then add the employee to your login security and look at myportal to see what has been added. = BJ Freeman http://bjfreeman.elance.com Strategic Power Office with Supplier Automation http://www.businessesnetwork.com/automation/viewforum.php?f=93 Specialtymarket.com http://www.specialtymarket.com/ Systems Integrator-- Glad to Assist Chat Y! messenger: bjfr33man Linkedin http://www.linkedin.com/profile?viewProfile=key=1237480locale=en_UStrk=tab_pro Stephan Schulze sent the following on 4/6/2010 7:48 AM: Hi all, I am starting to engage myself in ofbiz and I have a question regarding the data shown in several forms. Is it possible to limit the access to this data for special groups too? So that one group is able to read the data only, another group can read and write and the third one can't even read data. And if it is, it is possible to limit the access to single fields of maybe a contact form too? So that the first group can read and write the emailadress field but the second one can only read it. Thanks for any help! Best regards Stephan Schulze
Insufficient Permissions for MYPORTAL_CUSTOMER
I login as a user with MYPORTAL_CUSTOMER security group. I can create a new request. I want to create request item but the product Id pop-up is empty. After adding CATALOG_VIEW permission to MYPORTAL_CUSTOMER security group, the product Id pop-up shows the product search screen and I can also select product from it. Am I doing the right thing? Also, I have to add in PARTYMGR_VIEW permissin so that there are things to show in any party Id pop-up windows. Why is MYPORTAL_CUSTOMER security group not defined to have the necessary permissions for it to be useful? Ofbiz version: 9.04 (2010-02-17) -- View this message in context: http://n4.nabble.com/Insufficient-Permissions-for-MYPORTAL-CUSTOMER-tp1563975p1563975.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Insufficient Permissions for MYPORTAL_CUSTOMER
Hi Koon Sang, The myportal component in v9.04 was not really complete yet. I advise you to use the ofbiz trunk version. Regards, Hans On Sun, 2010-02-21 at 17:43 -0800, Koon Sang wrote: I login as a user with MYPORTAL_CUSTOMER security group. I can create a new request. I want to create request item but the product Id pop-up is empty. After adding CATALOG_VIEW permission to MYPORTAL_CUSTOMER security group, the product Id pop-up shows the product search screen and I can also select product from it. Am I doing the right thing? Also, I have to add in PARTYMGR_VIEW permissin so that there are things to show in any party Id pop-up windows. Why is MYPORTAL_CUSTOMER security group not defined to have the necessary permissions for it to be useful? Ofbiz version: 9.04 (2010-02-17) -- Antwebsystems.com: Quality OFBiz services for competitive rates
Re: Insufficient Permissions for MYPORTAL_CUSTOMER
I will try. Thanks! -- View this message in context: http://n4.nabble.com/Insufficient-Permissions-for-MYPORTAL-CUSTOMER-tp1563975p1564011.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Setting product admin permissions on a store or catalog
Thanks David (and everyone else looking into this issue). I am in fact attempting to limit at the administration side of things, not the eCommerce level. Just to be clear, I have created a store XYZ with a catalog 123 and two categories shippable, non-shippable. I have created a couple products under each categories within the catalog 123. Now I would like is to setup a few ADMIN accounts with different access. For example, 'Admin-all' should have all rights and all tabs accessible for store, catalog, categories, products while 'Admin-product' should have rights to perhaps add, delete, update products within existing categories of a catalog 123 in store XYZ. We are trying to start small with our eCommerce as I am afraid many of the admin users will be overwhelmed by the vast possibilities within this tool. Thus, I am hoping to limit their confusion a bit if at all possible :) If I can accomplish this out of the box by creating a security group, I will be happy to do so. Could someone simply provide steps for me to follow? Thanks again for all your help! Kind Regards, Deedra -- View this message in context: http://n4.nabble.com/Setting-product-admin-permissions-on-a-store-or-catalog-tp1470683p1473085.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Setting product admin permissions on a store or catalog
Hi Deedra: Just a quick note about Security Groups: OOTB they work to control access to website locations as defined by URLs. So, when a login attempt occurs or when a user attempts to access a URL for a given webapp, OFBiz will check to see if the user has the proper Security Group associations. If they do, they are allowed access to that URL or web page. Bottom-line: I don't think Security Groups is the answer to your problem. IMO you will need to revisit the role associations as mentioned in an earlier post. Hope that helps (vs. making you more confused :-) Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: Thanks David (and everyone else looking into this issue). I am in fact attempting to limit at the administration side of things, not the eCommerce level. Just to be clear, I have created a store XYZ with a catalog 123 and two categories shippable, non-shippable. I have created a couple products under each categories within the catalog 123. Now I would like is to setup a few ADMIN accounts with different access. For example, 'Admin-all' should have all rights and all tabs accessible for store, catalog, categories, products while 'Admin-product' should have rights to perhaps add, delete, update products within existing categories of a catalog 123 in store XYZ. We are trying to start small with our eCommerce as I am afraid many of the admin users will be overwhelmed by the vast possibilities within this tool. Thus, I am hoping to limit their confusion a bit if at all possible :) If I can accomplish this out of the box by creating a security group, I will be happy to do so. Could someone simply provide steps for me to follow? Thanks again for all your help! Kind Regards, Deedra
Re: Setting product admin permissions on a store or catalog
This page may be helpful to have a beginning of an idea (it gives some pointers) on how roles and permissions are used together in OFBiz to achieve what David is talking about http://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security HTH Jacques From: David E Jones d...@me.com I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
http://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security Jacques From: Ruth Hoffman rhoff...@aesolves.com Hi David: I tried your solution. It causes errors in the trunk and in version 9.04. Since it is not documented anywhere how to do this, its pretty hard to report it as an error or a bug. Regards, Ruth David E Jones wrote: I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
Hi Jacques: Thanks for posting this link. I used that when trying to determine the actual steps involved in getting the requested scenario to work. At a high level, it is very informative. Beyond that, what is need is a step by step guide. David, if you would be kind enough to provide details, I would be more than happy to verify and document the process and then post it to the Wiki. Regards, Ruth Jacques Le Roux wrote: This page may be helpful to have a beginning of an idea (it gives some pointers) on how roles and permissions are used together in OFBiz to achieve what David is talking about http://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security HTH Jacques From: David E Jones d...@me.com I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
Ruth, This would be great, I think David is not the only person able to explain that more... We don't need to rely on David for every detail... Let him breathe please :D Jacques From: Ruth Hoffman rhoff...@aesolves.com Hi Jacques: Thanks for posting this link. I used that when trying to determine the actual steps involved in getting the requested scenario to work. At a high level, it is very informative. Beyond that, what is need is a step by step guide. David, if you would be kind enough to provide details, I would be more than happy to verify and document the process and then post it to the Wiki. Regards, Ruth Jacques Le Roux wrote: This page may be helpful to have a beginning of an idea (it gives some pointers) on how roles and permissions are used together in OFBiz to achieve what David is talking about http://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security HTH Jacques From: David E Jones d...@me.com I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
Hi Jacques: Sure. Can you or some one explain to me how to do this? As I said before, I wasn't able to make it work given the tools available at the time. Regards, Ruth Jacques Le Roux wrote: Ruth, This would be great, I think David is not the only person able to explain that more... We don't need to rely on David for every detail... Let him breathe please :D Jacques From: Ruth Hoffman rhoff...@aesolves.com Hi Jacques: Thanks for posting this link. I used that when trying to determine the actual steps involved in getting the requested scenario to work. At a high level, it is very informative. Beyond that, what is need is a step by step guide. David, if you would be kind enough to provide details, I would be more than happy to verify and document the process and then post it to the Wiki. Regards, Ruth Jacques Le Roux wrote: This page may be helpful to have a beginning of an idea (it gives some pointers) on how roles and permissions are used together in OFBiz to achieve what David is talking about http://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security HTH Jacques From: David E Jones d...@me.com I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
I will wait to see if the 1st to ask this question will get back to us with some results, or questions... Jacques From: Ruth Hoffman rhoff...@aesolves.com Hi Jacques: Sure. Can you or some one explain to me how to do this? As I said before, I wasn't able to make it work given the tools available at the time. Regards, Ruth Jacques Le Roux wrote: Ruth, This would be great, I think David is not the only person able to explain that more... We don't need to rely on David for every detail... Let him breathe please :D Jacques From: Ruth Hoffman rhoff...@aesolves.com Hi Jacques: Thanks for posting this link. I used that when trying to determine the actual steps involved in getting the requested scenario to work. At a high level, it is very informative. Beyond that, what is need is a step by step guide. David, if you would be kind enough to provide details, I would be more than happy to verify and document the process and then post it to the Wiki. Regards, Ruth Jacques Le Roux wrote: This page may be helpful to have a beginning of an idea (it gives some pointers) on how roles and permissions are used together in OFBiz to achieve what David is talking about http://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security HTH Jacques From: David E Jones d...@me.com I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
Hi Deedra, The way I do it is I assign a user as a roleTypeId VENDOR to the appropriate catalog. Then when someone tries to Add, Edit, Delete, I check to see if they are a vendor, this checking is done in ProductServices.xml and CategoryServices.xml. If basically a DB query with entity-and and then some checking if condition ... Patrick On Fri, Feb 5, 2010 at 1:31 PM, DeedraF dfith...@kpi-consulting.net wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue. -- View this message in context: http://n4.nabble.com/Setting-product-admin-permissions-on-a-store-or-catalog-tp1470683p1470683.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Setting product admin permissions on a store or catalog
Hey cool, already an answer, does it help you Ruth? Jacques From: Patrick patrickinminneapo...@gmail.com Hi Deedra, The way I do it is I assign a user as a roleTypeId VENDOR to the appropriate catalog. Then when someone tries to Add, Edit, Delete, I check to see if they are a vendor, this checking is done in ProductServices.xml and CategoryServices.xml. If basically a DB query with entity-and and then some checking if condition ... Patrick On Fri, Feb 5, 2010 at 1:31 PM, DeedraF dfith...@kpi-consulting.net wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue. -- View this message in context: http://n4.nabble.com/Setting-product-admin-permissions-on-a-store-or-catalog-tp1470683p1470683.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Setting product admin permissions on a store or catalog
Hi Jacques: Yes an answer that begets more questions: who is I ? Did Patrick need to write/modify a service to do this? Is there a UI that facilitates this? How are users assigned roles types? Lots of unanswered questions. Ruth Jacques Le Roux wrote: Hey cool, already an answer, does it help you Ruth? Jacques From: Patrick patrickinminneapo...@gmail.com Hi Deedra, The way I do it is I assign a user as a roleTypeId VENDOR to the appropriate catalog. Then when someone tries to Add, Edit, Delete, I check to see if they are a vendor, this checking is done in ProductServices.xml and CategoryServices.xml. If basically a DB query with entity-and and then some checking if condition ... Patrick On Fri, Feb 5, 2010 at 1:31 PM, DeedraF dfith...@kpi-consulting.net wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue. -- View this message in context: http://n4.nabble.com/Setting-product-admin-permissions-on-a-store-or-catalog-tp1470683p1470683.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Setting product admin permissions on a store or catalog
Also, What release and version are we talking about? TIA Ruth Ruth Hoffman wrote: Hi Jacques: Yes an answer that begets more questions: who is I ? Did Patrick need to write/modify a service to do this? Is there a UI that facilitates this? How are users assigned roles types? Lots of unanswered questions. Ruth Jacques Le Roux wrote: Hey cool, already an answer, does it help you Ruth? Jacques From: Patrick patrickinminneapo...@gmail.com Hi Deedra, The way I do it is I assign a user as a roleTypeId VENDOR to the appropriate catalog. Then when someone tries to Add, Edit, Delete, I check to see if they are a vendor, this checking is done in ProductServices.xml and CategoryServices.xml. If basically a DB query with entity-and and then some checking if condition ... Patrick On Fri, Feb 5, 2010 at 1:31 PM, DeedraF dfith...@kpi-consulting.net wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue. -- View this message in context: http://n4.nabble.com/Setting-product-admin-permissions-on-a-store-or-catalog-tp1470683p1470683.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Setting product admin permissions on a store or catalog
I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue. -- View this message in context: http://n4.nabble.com/Setting-product-admin-permissions-on-a-store-or-catalog-tp1470683p1470683.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Setting product admin permissions on a store or catalog
Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
Hi David: I tried your solution. It causes errors in the trunk and in version 9.04. Since it is not documented anywhere how to do this, its pretty hard to report it as an error or a bug. Regards, Ruth David E Jones wrote: I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Re: Setting product admin permissions on a store or catalog
Sorry David: I believe you are correct in that I misunderstood the question. What I should have said to you is: I have tried adding roles and roletypes to products, categories and catalogs in both the trunk and version 9.04 and it does not work or is broken. I don't know which since I'm not 100% certain how to set this up. I tried several scenarios none of which work. The best I was able to achieve was controlled access to the Catalog Manager based on security groups. Regards, Ruth Ruth Hoffman wrote: Hi David: I tried your solution. It causes errors in the trunk and in version 9.04. Since it is not documented anywhere how to do this, its pretty hard to report it as an error or a bug. Regards, Ruth David E Jones wrote: I think Deedra is talking about product administration and not about access to products in the ecommerce store. There is actually some functionality to give more limited permissions to certain users. Instead of giving a user the full create, update and delete permissions for the catalog manager give them the role limited permissions. Then (as a different user that has permission to do so) associate them with a catalog in a certain role (which I've forgotten off the top of my head, sorry) and then they will be able to update products only in that category, and categories under that category (note that any category can be under more than one category at a time, so typically these categories will be under one or more categories for permission purposes, and one or more categories for customer browsing purposes, and possibly other categories for other purposes). If you want more something different than this then some code changing will be necessary because of how permissions are currently implemented in OFBiz. -David On Feb 5, 2010, at 6:49 PM, Ruth Hoffman wrote: Hi DeedraF: I think this has been answer before on this list not too long ago. Out-of-the-box, you can't do this with any existing OFBiz applications. Basically, the best you can do is limit access to certain users (belonging to security groups) by store. To regulate access to specific products in a catalog on the same website (or store), you will need to write some code. Regards, Ruth Find me on the web at http://www.myofbiz.com or Google keyword myofbiz ruth.hoff...@myofbiz.com DeedraF wrote: I am very new to OFBiz. My dev team is working through the technical details and I am trying to handle the more 'front end' setup activities. Not finding very many 'exact steps' or documentation to use as a guide, I thought perhaps someone reading this post could help out?? I have created a store, catalog, products...and would like to now assign specific permissions accordingly. I do not want all my ADMINs to have the same full access to a catalog. As a matter of fact, I would like to create a 'Product Admin' allowing that person/group to simply Add, Edit, and Delete products in a specific store catalog. Is this a standard feature in OFBiz that I am just not grasping how to accomplish? If it is, please provide steps that might help me accomplish this task. Thanks in advance for your help with this issue.
Permissions for services called by the user in the frontend
Hi all, I have a general question about permissons: If I want to call a service I need to have the right permission - which is absolutly correct regarding security reasons. I have to call several existing services dependend on the actions a user makes in the storefrontend - e.g.: a customer can load his finaccount by a creditcard payment he enters his cc-data and (if the payment provider returns a positive result) I want to charge the finaccount with this amount. When I call the corresponding finAccount-Service for charging the permission is checked and the roles that are considered are the roles of the logged in customer. As the customer has not the necessary role, the call returns an error. I see the following possibilties: I can give the necessary roles to each customer - but I don't know what security-impacts this would have I could call the service using another person who has the role - but I don't know how to do this. So my question is: How is the best way to call this kind of services without any security impacts? Thanks in advance sorry (I don't know the role-concept of ofbiz that much at the moment) Alexander -- View this message in context: http://n4.nabble.com/Permissions-for-services-called-by-the-user-in-the-frontend-tp965460p965460.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: How to set permissions to all new users?
Thanks Jacques, I thought mario has user data available and whenever he loads the data he again needs to assign the same permission to that particular user. So suggest that way, I see ECA is better option whenever a user created. Mario, Please ignore my comment as Jacques already provided better way to handle. Jacques I will try to remember this and try to get better on which kind of help actually a subscriber needs. Thanks Again ! Rishi Solanki Enterprise Software Developer HotWax Media Pvt. Ltd. On Sun, Dec 6, 2009 at 4:19 AM, Jacques Le Roux jacques.le.r...@les7arts.com wrote: Hi Rishi, I wonder if Mario is no looking for a dynamically way to give permissions to each new registered user. Did you intend to answer to this question ? Mario, If it was your question and you don't find Rishi's answer a solution I guess you have simply to use an ECA which will fires and give some permission each time a new user is registered. I let you fill the details... HTH Jacques From: Rishi Solanki rishisolan...@gmail.com Hi Mario, Add its UserLoginSecurityGroup data and associate the permission you want. Once the data load and even you drop the DB instance it will loaded again on ant targets. This way you won't need to assign permission again and again to your user from party application. Rishi Solanki Enterprise Software Developer HotWax Media Pvt. Ltd. On Fri, Dec 4, 2009 at 3:19 PM, MarioF oceanoart...@gmail.com wrote: Hi all, I want that the new registered users have always some permissions. How can I do that without the admin has to set one by one in the party application? Thanks in advance. -- View this message in context: http://n4.nabble.com/How-to-set-permissions-to-all-new-users-tp948378p948378.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: How to set permissions to all new users?
Thanks for all your valuable help Rishi! I'm not quite sure either of my answer, will see... Jacques () ascii ribbon campaign against HTML e-mail /\ www.asciiribbon.org From: Rishi Solanki rishisolan...@gmail.com Thanks Jacques, I thought mario has user data available and whenever he loads the data he again needs to assign the same permission to that particular user. So suggest that way, I see ECA is better option whenever a user created. Mario, Please ignore my comment as Jacques already provided better way to handle. Jacques I will try to remember this and try to get better on which kind of help actually a subscriber needs. Thanks Again ! Rishi Solanki Enterprise Software Developer HotWax Media Pvt. Ltd. On Sun, Dec 6, 2009 at 4:19 AM, Jacques Le Roux jacques.le.r...@les7arts.com wrote: Hi Rishi, I wonder if Mario is no looking for a dynamically way to give permissions to each new registered user. Did you intend to answer to this question ? Mario, If it was your question and you don't find Rishi's answer a solution I guess you have simply to use an ECA which will fires and give some permission each time a new user is registered. I let you fill the details... HTH Jacques From: Rishi Solanki rishisolan...@gmail.com Hi Mario, Add its UserLoginSecurityGroup data and associate the permission you want. Once the data load and even you drop the DB instance it will loaded again on ant targets. This way you won't need to assign permission again and again to your user from party application. Rishi Solanki Enterprise Software Developer HotWax Media Pvt. Ltd. On Fri, Dec 4, 2009 at 3:19 PM, MarioF oceanoart...@gmail.com wrote: Hi all, I want that the new registered users have always some permissions. How can I do that without the admin has to set one by one in the party application? Thanks in advance. -- View this message in context: http://n4.nabble.com/How-to-set-permissions-to-all-new-users-tp948378p948378.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: How to set permissions to all new users?
Hi Rishi, I wonder if Mario is no looking for a dynamically way to give permissions to each new registered user. Did you intend to answer to this question ? Mario, If it was your question and you don't find Rishi's answer a solution I guess you have simply to use an ECA which will fires and give some permission each time a new user is registered. I let you fill the details... HTH Jacques From: Rishi Solanki rishisolan...@gmail.com Hi Mario, Add its UserLoginSecurityGroup data and associate the permission you want. Once the data load and even you drop the DB instance it will loaded again on ant targets. This way you won't need to assign permission again and again to your user from party application. Rishi Solanki Enterprise Software Developer HotWax Media Pvt. Ltd. On Fri, Dec 4, 2009 at 3:19 PM, MarioF oceanoart...@gmail.com wrote: Hi all, I want that the new registered users have always some permissions. How can I do that without the admin has to set one by one in the party application? Thanks in advance. -- View this message in context: http://n4.nabble.com/How-to-set-permissions-to-all-new-users-tp948378p948378.html Sent from the OFBiz - User mailing list archive at Nabble.com.
How to set permissions to all new users?
Hi all, I want that the new registered users have always some permissions. How can I do that without the admin has to set one by one in the party application? Thanks in advance. -- View this message in context: http://n4.nabble.com/How-to-set-permissions-to-all-new-users-tp948378p948378.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: How to set permissions to all new users?
Hi Mario, Add its UserLoginSecurityGroup data and associate the permission you want. Once the data load and even you drop the DB instance it will loaded again on ant targets. This way you won't need to assign permission again and again to your user from party application. Rishi Solanki Enterprise Software Developer HotWax Media Pvt. Ltd. On Fri, Dec 4, 2009 at 3:19 PM, MarioF oceanoart...@gmail.com wrote: Hi all, I want that the new registered users have always some permissions. How can I do that without the admin has to set one by one in the party application? Thanks in advance. -- View this message in context: http://n4.nabble.com/How-to-set-permissions-to-all-new-users-tp948378p948378.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Web User Permissions
Look at the AccountSecurityData.xml and at the end of the file, there are SecurityGroupPermissions. Give FULLADMIN group rights for the user, for ACCTG_ATX_ADMIN Give FLEXADMIN group rights for the user, for ACCTG_ATX_CREATE Steps to assign a SecurityGroup - Login with superuser privileges equivalent to admin/ofbiz. - Search for the party for which the permissions are need to be assigned - Goto the Party profile screen and look at the Username section on the rightside - Click on the SecurityGroups - In the 'Add UserLogin to the SecurityGroup' sreen, choose FULLADMIN -Aswath On Mon, May 18, 2009 at 2:20 AM, Alan ahal...@mercatx.co.uk wrote: Hi I am having problems with updating ledgers when web users pay for goods. I sure the problem is configuration but I don't know where. All help greatly appreciated. Also, I'm not clear on how new users are assigned the ACCTG_ATX permissions. Alan The log message is 2009-05-17 19:51:17,700 (TP-Processor14) [ ServiceDispatcher.java:500:ERROR] exception report -- Service [createAcctgTransAndEntries] threw an unexpected exception/error Exception: org.ofbiz.service.ServiceAuthException Message: Security Error: To run createAcctgTransAndEntries you must have the one of the following permissions: ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN stack trace --- org.ofbiz.service.ServiceAuthException: Security Error: To run createAcctgTransAndEntries you must have the one of the following permissions: ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN org.ofbiz.service.ServiceDispatcher.checkAuth(ServiceDispatcher.java:908) org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:342) org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:163) The system is failing in the following service: service name=acctgTransactionPermissionCheck engine=simple location=component://accounting/script/org/ofbiz/accounting/permissions/PermissionServices.xml invoke=acctgTransactionPermissionCheck descriptionBasic General Ledger Permission Checking Logic/description implements service=permissionInterface/ /service which in turn invokes !-- Returns hasPermission=true if user has one of the ACCTG_ATX CRUD+ADMIN permissions -- simple-method method-name=acctgTransactionPermissionCheck short-description=Accounting transaction permission logic set field=primaryPermission value=ACCTG_ATX/ call-simple-method method-name=genericBasePermissionCheck xml-resource=component://common/script/org/ofbiz/common/permission/CommonPermissionServices.xml/ /simple-method
Web User Permissions
Hi I am having problems with updating ledgers when web users pay for goods. I sure the problem is configuration but I don't know where. All help greatly appreciated. Also, I'm not clear on how new users are assigned the ACCTG_ATX permissions. Alan The log message is 2009-05-17 19:51:17,700 (TP-Processor14) [ ServiceDispatcher.java:500:ERROR] exception report -- Service [createAcctgTransAndEntries] threw an unexpected exception/error Exception: org.ofbiz.service.ServiceAuthException Message: Security Error: To run createAcctgTransAndEntries you must have the one of the following permissions: ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN stack trace --- org.ofbiz.service.ServiceAuthException: Security Error: To run createAcctgTransAndEntries you must have the one of the following permissions: ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN org.ofbiz.service.ServiceDispatcher.checkAuth(ServiceDispatcher.java:908) org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:342) org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:163) The system is failing in the following service: service name=acctgTransactionPermissionCheck engine=simple location=component://accounting/script/org/ofbiz/accounting/permissions/PermissionServices.xml invoke=acctgTransactionPermissionCheck descriptionBasic General Ledger Permission Checking Logic/description implements service=permissionInterface/ /service which in turn invokes !-- Returns hasPermission=true if user has one of the ACCTG_ATX CRUD+ADMIN permissions -- simple-method method-name=acctgTransactionPermissionCheck short-description=Accounting transaction permission logic set field=primaryPermission value=ACCTG_ATX/ call-simple-method method-name=genericBasePermissionCheck xml-resource=component://common/script/org/ofbiz/common/permission/CommonPermissionServices.xml/ /simple-method
Re: Security and Permissions
Hi We are running V4.0 Alan On Wed, 2009-04-29 at 13:39 -0700, BJ Freeman wrote: what version of ofbiz are you using Trunk (version #) release 9.04 Release 4.0 Alan sent the following on 4/29/2009 1:23 PM: Hi I am having trouble with security and permissions on a webapp. My understanding is that I have to associate new customers with permissions to make ledger entries (specifically ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN). This concerns me as AccountingSecurityData.xml says these should be given only to accountants. However, I need some help in assigning these permissions to the Customer role as defined in CustomerEvents.xml in the line set value=CUSTOMER field=parameters.roleTypeId/ Any help or pointers gratefully appreciated. TIA Alan
Re: Security and Permissions
This may help, http://docs.ofbiz.org/display/OFBTECH/OFBiz+security but beware some changes are going on in this area https://issues.apache.org/jira/browse/OFBIZ-2380 Jacques From: Alan ahal...@mercatx.co.uk Hi I am having trouble with security and permissions on a webapp. My understanding is that I have to associate new customers with permissions to make ledger entries (specifically ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN). This concerns me as AccountingSecurityData.xml says these should be given only to accountants. However, I need some help in assigning these permissions to the Customer role as defined in CustomerEvents.xml in the line set value=CUSTOMER field=parameters.roleTypeId/ Any help or pointers gratefully appreciated. TIA Alan
Re: Security and Permissions
what version of ofbiz are you using Trunk (version #) release 9.04 Release 4.0 Alan sent the following on 4/29/2009 1:23 PM: Hi I am having trouble with security and permissions on a webapp. My understanding is that I have to associate new customers with permissions to make ledger entries (specifically ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN). This concerns me as AccountingSecurityData.xml says these should be given only to accountants. However, I need some help in assigning these permissions to the Customer role as defined in CustomerEvents.xml in the line set value=CUSTOMER field=parameters.roleTypeId/ Any help or pointers gratefully appreciated. TIA Alan -- BJ Freeman http://www.businessesnetwork.com/automation http://bjfreeman.elance.com http://www.linkedin.com/profile?viewProfile=key=1237480locale=en_UStrk=tab_pro Systems Integrator.
Permissions Issue with Web Customers
Hi We use the webapp but at the end of each sale we get the following error message. I suspect I have a configuration error somewhere to do with permissions being allocated to new customers but don't know where. Any help would be appreciated. Alan Halley 2009-04-21 13:05:16,751 (TP-Processor18) [ Log.java:100:INFO ] Checking for primary permission ACCTG_ATX_CREATE 2009-04-21 13:05:16,752 (TP-Processor18) [ ServiceDispatcher.java:578:INFO ] Sync service [ecommerce/acctgTransactionPermissionCheck] finished in [69] milliseconds 2009-04-21 13:05:16,753 (TP-Processor18) [ ServiceDispatcher.java:497:INFO ] [[Sync service failed...- total:0.0,since last(Begin):0.0]] - 'ecommerce / createAcctgTransAndEntries' 2009-04-21 13:05:16,811 (TP-Processor18) [ ServiceDispatcher.java:500:ERROR] exception report -- Service [createAcctgTransAndEntries] threw an unexpected exception/error Exception: org.ofbiz.service.ServiceAuthException Message: Security Error: To run createAcctgTransAndEntries you must have the one of the following permissions: ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN stack trace --- org.ofbiz.service.ServiceAuthException: Security Error: To run createAcctgTransAndEntries you must have the one of the following permissions: ACCTG_ATX_CREATE, ACCTG_ATX_ADMIN org.ofbiz.service.ServiceDispatcher.checkAuth(ServiceDispatcher.java:908) org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:342) org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:163) org.ofbiz.minilang.method.callops.CallService.exec(CallService.java:245) org.ofbiz.minilang.SimpleMethod.runSubOps(SimpleMethod.java:921)
Newly created user and permissions
I have created a new user with ORDER_ENTRYALL profile. And when I tried to login with it to ordermanager it told me: The Following Errors Occurred: Login for this application couldn't be completed (required permissions missing). However, if I restart ofbiz then it logins with no problem. So looks like for newly created user the permissions are not applied unless you restart an app. Anything I can do about it? I would appreciate any ideas on it. Thank you guys. -- View this message in context: http://www.nabble.com/Newly-created-user-and-permissions-tp21296274p21296274.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Newly created user and permissions
Take a look at the cache.properties file. You'll see that permissions take up to 1/2 hour to take effect if a previous setting (including no permission) has been cached. -David On Jan 5, 2009, at 10:20 AM, masionas wrote: I have created a new user with ORDER_ENTRYALL profile. And when I tried to login with it to ordermanager it told me: The Following Errors Occurred: Login for this application couldn't be completed (required permissions missing). However, if I restart ofbiz then it logins with no problem. So looks like for newly created user the permissions are not applied unless you restart an app. Anything I can do about it? I would appreciate any ideas on it. Thank you guys. -- View this message in context: http://www.nabble.com/Newly-created-user-and-permissions-tp21296274p21296274.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Newly created user and permissions
Thank you, David. That does the trick I think. David E Jones-3 wrote: Take a look at the cache.properties file. You'll see that permissions take up to 1/2 hour to take effect if a previous setting (including no permission) has been cached. -David On Jan 5, 2009, at 10:20 AM, masionas wrote: I have created a new user with ORDER_ENTRYALL profile. And when I tried to login with it to ordermanager it told me: The Following Errors Occurred: Login for this application couldn't be completed (required permissions missing). However, if I restart ofbiz then it logins with no problem. So looks like for newly created user the permissions are not applied unless you restart an app. Anything I can do about it? I would appreciate any ideas on it. Thank you guys. -- View this message in context: http://www.nabble.com/Newly-created-user-and-permissions-tp21296274p21296274.html Sent from the OFBiz - User mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/Newly-created-user-and-permissions-tp21296274p21296727.html Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: User login set up, (required permissions missing)
Hi Todd The base-permission list is ANDed so the OFBTOOLS permission is required as well. Regards Scott 2008/8/25 Todd Burdeinei [EMAIL PROTECTED]: Hello, I got stuck when trying to create a user group- searched the lists but didn't find anything that worked. I created a user group, PRODUCTION. I set this groups role as ADMIN In this group, there is a user called Jay, with the security group PROD_1 I have created a security group called PROD_1 with the security group permissions: MANUFACTURING_ADMIN ALL operations in the Manufacturing Manager. I have checked the ofbiz-component.xml for permissions and it shows webapp name=manufacturing title=Manufacturing server=default-server location=webapp/manufacturing base-permission=OFBTOOLS,MANUFACTURING mount-point=/manufacturing/ When I try to login as Jay I still get the 'required permissions missing' message What am I missing? many thanks -- Todd
Re: Re: how to set security and permissions precedence]
Milind, I did not look into details but don't you think these informations should not be better in Wiki ? Like http://docs.ofbiz.org/x/UBE Then I'd suggest to create a hat page for tutorials... Thanks Jacques From: Milind W [EMAIL PROTECTED] Thank you! Jacques. Feedback and the quicker path to learn, is all I am looking for. David there was no intention to offend and hope none was taken. BJ Thanks for answering my questions patiently and looking at my files. Here is a tutorial I have written for login. http://www.enterprisebeacon.com/ofbiz/tutorials/fundamentals/logintutorial/ If somone can try it out and let me know if there are any omissions, corrections or additions and also feel free to use as necessary. From: BJ Freeman [EMAIL PROTECTED] I have heard others say how they benefited from the videos, and others that say they did not. I can not attest either way. Again the ones that did not, are not here now, the ones that did are still part of the community and contributing. my main contribution is on the is mailing list. I figure the more people that know and contribute, the more benefit. I just hope to set a tone that others will adopt. There are 2 kind of videos, . Seminar, most are old now and of little value, but could be still interesting on some aspects, mostly the more recent. . Advanced Framework which are fairly recent and anyway fundamental (ie not much sensitive to changes). If you don't want to spend money you could use only the Advanced Framework Transcription http://docs.ofbiz.org/pages/viewpageattachments.action?pageId=4369 (at least to evaluate your need) or wait video to be freely available. But IMHO they are a very valuable source of multiple informations : a course is not a book (especially if it's courses transcription). Note that I do not earn anything from these videos done by David. I bought them when they were published and I don't regret my investment, in time and money ! Note also that the minilang documentation (available from auto-completion feature of XML editor) I did last year is mostly coming from this source... Jacques
[Fwd: Re: how to set security and permissions precedence]
Thank you! Jacques. Feedback and the quicker path to learn, is all I am looking for. David there was no intention to offend and hope none was taken. BJ Thanks for answering my questions patiently and looking at my files. Here is a tutorial I have written for login. http://www.enterprisebeacon.com/ofbiz/tutorials/fundamentals/logintutorial/ If somone can try it out and let me know if there are any omissions, corrections or additions and also feel free to use as necessary. From: BJ Freeman [EMAIL PROTECTED] I have heard others say how they benefited from the videos, and others that say they did not. I can not attest either way. Again the ones that did not, are not here now, the ones that did are still part of the community and contributing. my main contribution is on the is mailing list. I figure the more people that know and contribute, the more benefit. I just hope to set a tone that others will adopt. There are 2 kind of videos, . Seminar, most are old now and of little value, but could be still interesting on some aspects, mostly the more recent. . Advanced Framework which are fairly recent and anyway fundamental (ie not much sensitive to changes). If you don't want to spend money you could use only the Advanced Framework Transcription http://docs.ofbiz.org/pages/viewpageattachments.action?pageId=4369 (at least to evaluate your need) or wait video to be freely available. But IMHO they are a very valuable source of multiple informations : a course is not a book (especially if it's courses transcription). Note that I do not earn anything from these videos done by David. I bought them when they were published and I don't regret my investment, in time and money ! Note also that the minilang documentation (available from auto-completion feature of XML editor) I did last year is mostly coming from this source... Jacques
Re: how to set security and permissions precedence
:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/ 5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/ CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind %20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./ description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/ CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread
Re: how to set security and permissions precedence
no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map
Re: how to set security and permissions precedence
described in my previous email. I am attaching my controller.xml here is the fix http://svn.apache.org/viewvc?rev=682228view=rev Milind W sent the following on 8/3/2008 4:27 PM: Just tried ant clean it made no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/ 5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/ CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind %20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./ description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https
Re: how to set security and permissions precedence
From: BJ Freeman [EMAIL PROTECTED] I have heard others say how they benefited from the videos, and others that say they did not. I can not attest either way. Again the ones that did not, are not here now, the ones that did are still part of the community and contributing. my main contribution is on the is mailing list. I figure the more people that know and contribute, the more benefit. I just hope to set a tone that others will adopt. There are 2 kind of videos, . Seminar, most are old now and of little value, but could be still interesting on some aspects, mostly the more recent. . Advanced Framework which are fairly recent and anyway fundamental (ie not much sensitive to changes). If you don't want to spend money you could use only the Advanced Framework Transcription http://docs.ofbiz.org/pages/viewpageattachments.action?pageId=4369 (at least to evaluate your need) or wait video to be freely available. But IMHO they are a very valuable source of multiple informations : a course is not a book (especially if it's courses transcription). Note that I do not earn anything from these videos done by David. I bought them when they were published and I don't regret my investment, in time and money ! Note also that the minilang documentation (available from auto-completion feature of XML editor) I did last year is mostly coming from this source... Jacques
Re: how to set security and permissions precedence
Milind W sent the following on 8/3/2008 4:27 PM: Just tried ant clean it made no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true
Re: how to set security and permissions precedence
I changed my controller to conform with the example controller.xml. Now it does attempt to send me to the login screen but get the following error. org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen [component://common/widget/CommonScreens.xml#login]: java.lang.IllegalArgumentException: Could not find screen with name [main-decorator] in the same file as the screen with name [login] (Could not find screen with name [main-decorator] in the same file as the screen with name [login]) Help! your controller does not conform to the current svn controllers. please review them. Milind W sent the following on 8/3/2008 5:35 PM: I got the updated files. Did ant clean and then a new build. I still see the SAME behavior described in my previous email. I am attaching my controller.xml here is the fix http://svn.apache.org/viewvc?rev=682228view=rev Milind W sent the following on 8/3/2008 4:27 PM: Just tried ant clean it made no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path
Re: how to set security and permissions precedence
. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread. Jacques Le Roux sent the following on 7/30/2008 2:18 PM: OFBiz Wiki is your friend. Just look for OFBTOOLS. You would have get http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 Jacques - Original Message - From: Milind W [EMAIL PROTECTED] To: user@ofbiz.apache.org Sent: Wednesday, July 30, 2008 8:31 PM Subject: Re: how to set security and permissions precedence Let me try to break up questions. Should'nt adding base-permission=OFBTOOLS to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect. What is the purpose of the line? Thanks -Milind Please not that opentaps is not at the same level of revision that ofbiz it there have been changes to security. there are examples in the framework/example and framework/exampleext I believe this to better tutorial since they work already. Balaji Sundar sent the following on 7/29/2008 9:40 PM: BJ Freeman wrote: http://docs.ofbiz.org/display/OFBTECH/OFBiz+security Milind W sent the following on 7/29/2008 7:58 PM: hi, Security Permissions I am using ofbiz rev.79258 I want to understand how security works so I made the following modifications to hello1 1)I added base-permission=OFBTOOLS to the ofbiz-component.xml I could still see the application I was assuming the application would as me to login or prevent me from seeing the page. 2)I added security to the main request request-map uri=main security https=false auth=true/ response name=success type=view value=main/ /request-map This displays java.lang.NullPointerException in the browser. How do permissions precedence work starting from the UI to the entity layer. Help appreciated. Thanks -Milind Here is the log 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:172:WARN ] [RequestManager.getEventMethod] Method of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ ControlServlet.java:205:ERROR] runtime exception report -- Error in request handler: Exception: java.lang.NullPointerException Message: null stack trace --- java.lang.NullPointerException javolution.util.FastMap.getEntry(Unknown Source) javolution.util.FastMap.containsKey(Unknown Source) org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) org.ofbiz.webapp.control.RequestHandler.runEvent
Re: how to set security and permissions precedence
. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread. Jacques Le Roux sent the following on 7/30/2008 2:18 PM: OFBiz Wiki is your friend. Just look for OFBTOOLS. You would have get http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 Jacques - Original Message - From: Milind W [EMAIL PROTECTED] To: user@ofbiz.apache.org Sent: Wednesday, July 30, 2008 8:31 PM Subject: Re: how to set security and permissions precedence Let me try to break up questions. Should'nt adding base-permission=OFBTOOLS to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect. What is the purpose of the line? Thanks -Milind Please not that opentaps is not at the same level of revision that ofbiz it there have been changes to security. there are examples in the framework/example and framework/exampleext I believe this to better tutorial since they work already. Balaji Sundar sent the following on 7/29/2008 9:40 PM: BJ Freeman wrote: http://docs.ofbiz.org/display/OFBTECH/OFBiz+security Milind W sent the following on 7/29/2008 7:58 PM: hi, Security Permissions I am using ofbiz rev.79258 I want to understand how security works so I made the following modifications to hello1 1)I added base-permission=OFBTOOLS to the ofbiz-component.xml I could still see the application I was assuming the application would as me to login or prevent me from seeing the page. 2)I added security to the main request request-map uri=main security https=false auth=true/ response name=success type=view value=main/ /request-map This displays java.lang.NullPointerException in the browser. How do permissions precedence work starting from the UI to the entity layer. Help appreciated. Thanks -Milind Here is the log 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:172:WARN ] [RequestManager.getEventMethod] Method of event for request checkLogin not found 2008-07-29 19:07:17,031 (http
Re: how to set security and permissions precedence
and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread. Jacques Le Roux sent the following on 7/30/2008 2:18 PM: OFBiz Wiki is your friend. Just look for OFBTOOLS. You would have get http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 Jacques - Original Message - From: Milind W [EMAIL PROTECTED] To: user@ofbiz.apache.org Sent: Wednesday, July 30, 2008 8:31 PM Subject: Re: how to set security and permissions precedence Let me try to break up questions. Should'nt adding base-permission=OFBTOOLS to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect. What is the purpose of the line? Thanks -Milind Please not that opentaps is not at the same level of revision that ofbiz it there have been changes to security. there are examples in the framework/example and framework/exampleext I believe this to better tutorial since they work already. Balaji Sundar sent the following on 7/29/2008 9:40 PM: BJ Freeman wrote: http://docs.ofbiz.org/display/OFBTECH/OFBiz+security Milind W sent the following on 7/29/2008 7:58 PM: hi, Security Permissions I am using ofbiz rev.79258 I want to understand how security works so I made the following modifications to hello1 1)I added base-permission=OFBTOOLS to the ofbiz-component.xml I could still see the application I was assuming the application would as me to login or prevent me from seeing the page. 2)I added security to the main request request-map uri=main security https=false auth=true/ response name=success type=view value=main/ /request-map This displays java.lang.NullPointerException in the browser. How do permissions precedence work starting from the UI to the entity layer. Help appreciated. Thanks -Milind Here is the log 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:172:WARN ] [RequestManager.getEventMethod] Method of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ ControlServlet.java:205:ERROR] runtime exception report
Re: how to set security and permissions precedence
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread. Jacques Le Roux sent the following on 7/30/2008 2:18 PM: OFBiz Wiki is your friend. Just look for OFBTOOLS. You would have get http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 Jacques - Original Message - From: Milind W [EMAIL PROTECTED] To: user@ofbiz.apache.org Sent: Wednesday, July 30, 2008 8:31 PM Subject: Re: how to set security and permissions precedence Let me try to break up questions. Should'nt adding base-permission=OFBTOOLS to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect. What is the purpose of the line? Thanks -Milind Please not that opentaps is not at the same level of revision that ofbiz it there have been changes to security. there are examples in the framework/example and framework/exampleext I believe this to better tutorial since they work already. Balaji Sundar sent the following on 7/29/2008 9:40 PM: BJ Freeman wrote: http://docs.ofbiz.org/display/OFBTECH/OFBiz+security Milind W sent the following on 7/29/2008 7:58 PM: hi, Security Permissions I am using ofbiz rev.79258 I want to understand how security works so I made the following modifications to hello1 1)I added base-permission=OFBTOOLS to the ofbiz-component.xml I could still see the application I was assuming the application would as me to login or prevent me from seeing the page. 2)I added security to the main request request-map uri=main security https
Re: how to set security and permissions precedence
. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread. Jacques Le Roux sent the following on 7/30/2008 2:18 PM: OFBiz Wiki is your friend. Just look for OFBTOOLS. You would have get http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 Jacques - Original Message - From: Milind W [EMAIL PROTECTED] To: user@ofbiz.apache.org Sent: Wednesday, July 30, 2008 8:31 PM Subject: Re: how to set security and permissions precedence Let me try to break up questions. Should'nt adding base-permission=OFBTOOLS to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect. What is the purpose of the line? Thanks -Milind Please not that opentaps is not at the same level of revision that ofbiz it there have been changes to security. there are examples in the framework/example and framework/exampleext I believe this to better tutorial since they work already. Balaji Sundar sent the following on 7/29/2008 9:40 PM: BJ Freeman wrote: http://docs.ofbiz.org/display/OFBTECH/OFBiz+security Milind W sent the following on 7/29/2008 7:58 PM: hi, Security Permissions I am using ofbiz rev.79258 I want to understand how security works so I made the following modifications to hello1 1)I added base-permission=OFBTOOLS to the ofbiz-component.xml I could still see the application I was assuming the application would as me to login or prevent me from seeing the page. 2)I added security to the main request request-map uri=main security https=false auth=true/ response name=success type=view value=main/ /request-map This displays java.lang.NullPointerException in the browser. How do permissions precedence work starting from the UI to the entity layer. Help appreciated. Thanks -Milind Here is the log 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:146:WARN ] [RequestManager.getEventPath] Path of event for request checkLogin not found 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:172:WARN
Re: how to set security and permissions precedence
) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread. Jacques Le Roux sent the following on 7/30/2008 2:18 PM: OFBiz Wiki is your friend. Just look for OFBTOOLS. You would have get http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 Jacques - Original Message - From: Milind W [EMAIL PROTECTED] To: user@ofbiz.apache.org Sent: Wednesday, July 30, 2008 8:31 PM Subject: Re: how to set security and permissions precedence Let me try to break up questions. Should'nt adding base-permission=OFBTOOLS to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect
Re: how to set security and permissions precedence
Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread. Jacques Le Roux sent the following on 7/30/2008 2:18 PM: OFBiz Wiki is your friend. Just look for OFBTOOLS. You would have get http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 Jacques - Original Message - From: Milind W [EMAIL PROTECTED] To: user@ofbiz.apache.org Sent: Wednesday, July 30, 2008 8:31 PM Subject: Re: how to set security and permissions precedence Let me try to break up questions. Should'nt adding base-permission=OFBTOOLS to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect. What is the purpose of the line? Thanks -Milind Please not that opentaps is not at the same level of revision that ofbiz it there have been changes to security. there are examples in the framework/example and framework/exampleext I believe this to better tutorial since they work already. Balaji Sundar sent the following on 7/29/2008 9:40 PM: BJ Freeman wrote: http://docs.ofbiz.org/display/OFBTECH/OFBiz+security Milind W sent the following on 7/29/2008 7:58 PM: hi, Security Permissions I am using ofbiz rev.79258 I want to understand how security works so I made the following modifications to hello1 1)I added base-permission=OFBTOOLS to the ofbiz-component.xml I could still see the application I was assuming the application would as me to login or prevent me from seeing the page. 2)I added security to the main request request-map uri=main security https=false auth=true/ response name=success type=view value=main/ /request-map This displays java.lang.NullPointerException in the browser. How do permissions precedence work starting from the UI to the entity layer. Help appreciated. Thanks -Milind Here is the log 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of event
Re: how to set security and permissions precedence
Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main/ /request-map view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / Not with a direct link to the comment where is the explanation ;p Actually it was more a didactic post Jacques From: BJ Freeman [EMAIL PROTECTED] LOL that was the first link I sent on this thread. Jacques Le Roux sent the following on 7/30/2008 2:18 PM: OFBiz Wiki is your friend. Just look for OFBTOOLS. You would have get http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 Jacques - Original Message - From: Milind W [EMAIL PROTECTED] To: user@ofbiz.apache.org Sent: Wednesday, July 30, 2008 8:31 PM Subject: Re: how to set security and permissions precedence Let me try to break up questions. Should'nt adding base-permission=OFBTOOLS to the ofbiz-entity.xml force the user to login with a user id that is associated to the OFBTOOLS security group? I can see the application I created and the line seems to have no effect. What is the purpose of the line? Thanks -Milind Please not that opentaps is not at the same level of revision that ofbiz it there have been changes to security. there are examples in the framework/example and framework/exampleext I believe this to better tutorial since they work already. Balaji Sundar sent the following on 7/29/2008 9:40 PM: BJ Freeman wrote: http://docs.ofbiz.org/display/OFBTECH/OFBiz+security Milind W sent the following on 7/29/2008 7:58 PM: hi, Security Permissions I am using ofbiz rev.79258 I want to understand how security works so I made the following modifications to hello1 1)I added base-permission=OFBTOOLS to the ofbiz-component.xml I could still see the application I was assuming the application would as me to login or prevent me from seeing the page. 2)I added security to the main request request-map uri=main security https=false auth=true/ response name=success type=view value=main/ /request-map This displays java.lang.NullPointerException in the browser. How do permissions precedence work starting from the UI to the entity layer. Help appreciated. Thanks -Milind Here is the log 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ RequestManager.java:159:WARN ] [RequestManager.getEventType] Type of event
Re: how to set security and permissions precedence
Just tried ant clean it made no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value=login/ /request-map request-map uri=main security https=false auth=true / response name=success type=view value=main
Re: how to set security and permissions precedence
bug was fix the news rev works. Milind W sent the following on 8/3/2008 4:27 PM: Just tried ant clean it made no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main/ response name=error type=view value
Re: how to set security and permissions precedence
here is the fix http://svn.apache.org/viewvc?rev=682228view=rev Milind W sent the following on 8/3/2008 4:27 PM: Just tried ant clean it made no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=login/ response name=success type=view value=main
Re: how to set security and permissions precedence
I got the updated files. Did ant clean and then a new build. I still see the SAME behavior described in my previous email. I am attaching my controller.xml here is the fix http://svn.apache.org/viewvc?rev=682228view=rev Milind W sent the following on 8/3/2008 4:27 PM: Just tried ant clean it made no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map request-map uri=login security https=false auth=false/ event type=java path
Re: how to set security and permissions precedence
This works for sure from r682228, please check you locale instance... Except of course if we don't speak about the _SAME behavior_ (see my previous posts in ML) Jacques From: Milind W [EMAIL PROTECTED] I got the updated files. Did ant clean and then a new build. I still see the SAME behavior described in my previous email. I am attaching my controller.xml here is the fix http://svn.apache.org/viewvc?rev=682228view=rev Milind W sent the following on 8/3/2008 4:27 PM: Just tried ant clean it made no difference. I can proceed to main without being redirected to login with rev#679258. Relevant log for rev#679258 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:243:INFO ] [Processing Request]: main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [RequestHandler.java:584:INFO ] servletName=control, view=main sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: apache tomcat/6.0.16 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream and with rev#677863 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:236:INFO ] [Processing Request]: main sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:262:INFO ] reqParams Map: [] 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:263:INFO ] queryString: 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:273:INFO ] checkLogin: queryString= 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ RequestHandler.java:578:INFO ] servletName=control, view=login sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using response.getWriter to write text out instead of response.getOutputStream The loginworker seems to be invoked with rev#677863 and not with rev#679258. Any Idea? Did you try an ant clean ? There have been some changes recently that implie this cleanup. Jacques From: Milind W [EMAIL PROTECTED] Looks like I have a problem making this example work with revision#679258 It worked fine (i.e I was redirected to login screen before I could get to main) with rev#677863 Looks like the view view-map name=login type=screen page=component://marketing/widget/CommonScreens.xml#login / is part of the problem. The CommonScreens.xml has moved and does no longer seem to have the 'login' screen. I tried finding another screen with the 'login' view. I found another one in the 'common' component and modified my hello controller to point to view-map name=login type=screen page=component://common/widget/CommonScreens.xml#login/ but it is no acting the same as previously. Please let me know what is missing (or any suggestion how best to illustrate login) so I can complete and contribute my tutorial for security. Would hate to create a tutorial that worked with one specific build. http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results Thanks -Milind hi, I got login to work by adding the changes below to my controller using ofbiz4.0. I don't think I follow the reason with OFBTOOLS base persmission not taking effect in the ofbiz-component as explained in OFBIZ-829. But I agree with Si Chen on OFBIZ-829 The right way is to assume no permission until one of the list of permissions is met. Seems more intitutive. For now I can workaround it so thanks all. -Milind preprocessor !-- Events to run on every request before security (chains exempt) -- !-- event type=java path=org.ofbiz.webapp.event.TestEvent invoke=test/ -- event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkExternalLoginKey/ /preprocessor !-- Request Mappings -- request-map uri=checkLogin edit=false descriptionVerify a user is logged in./description security https=false auth=false/ event type=java path=org.ofbiz.webapp.control.LoginWorker invoke=checkLogin / response name=success type=view value=main / response name=error type=view value=login / /request-map
