I got the updated files. Did ant clean and then a new build. I still see the SAME behavior described in my previous email. I am attaching my controller.xml
> here is the fix > http://svn.apache.org/viewvc?rev=682228&view=rev > > Milind W sent the following on 8/3/2008 4:27 PM: >> Just tried "ant clean" it made no difference. >> I can proceed to main without being redirected to login with rev#679258. >> >> >> Relevant log for rev#679258 >> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >> [RequestHandler.java:243:INFO ] [Processing Request]: main >> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is >> a >> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >> [RequestHandler.java:584:INFO ] servletName=control, view=main >> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >> UtilJ2eeCompat.java:69 >> :INFO ] serverInfo: apache tomcat/6.0.16 >> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >> UtilJ2eeCompat.java:78 >> :INFO ] Apache Tomcat detected, using response.getWriter to write text >> out >> instead of response.getOutputStream >> >> and with rev#677863 >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> RequestHandler.java:236:INFO ] [Processing Request]: main >> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> LoginWorker.java:262:INFO ] reqParams Map: [] >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> LoginWorker.java:263:INFO ] queryString: >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> LoginWorker.java:273:INFO ] checkLogin: queryString= >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a >> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> RequestHandler.java:578:INFO ] servletName=control, view=login >> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >> response.getWriter to write text out instead of response.getOutputStream >> >> The loginworker seems to be invoked with rev#677863 and not with >> rev#679258. >> Any Idea? >> >>> Did you try an "ant clean" ? There have been some changes recently that >>> implie this cleanup. >>> >>> Jacques >>> >>> From: "Milind W" <[EMAIL PROTECTED]> >>>> Looks like I have a problem making this example work with >>>> revision#679258 >>>> >>>> It worked fine (i.e I was redirected to login screen before I could >>>> get >>>> to >>>> main) with rev#677863 >>>> >>>> Looks like the view >>>> <view-map name="login" type="screen" >>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>> is part of the problem. The CommonScreens.xml has moved and does no >>>> longer >>>> seem to have the 'login' screen. >>>> >>>> I tried finding another screen with the 'login' view. I found another >>>> one >>>> in the 'common' component and modified my hello controller to point to >>>> <view-map name="login" type="screen" >>>> page="component://common/widget/CommonScreens.xml#login"/> >>>> but it is no acting the same as previously. >>>> >>>> Please let me know what is missing (or any suggestion how best to >>>> illustrate login) so I can complete and contribute my tutorial for >>>> security. Would hate to create a tutorial that worked with one >>>> specific >>>> build. >>>> >>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>> >>>> Thanks >>>> -Milind >>>> >>>>> hi, >>>>> I got login to work by adding the changes below to my controller >>>>> using >>>>> ofbiz4.0. >>>>> I don't think I follow the reason with OFBTOOLS base persmission not >>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>> But I agree with Si Chen on OFBIZ-829 >>>>> "The right way is to assume no permission until one of the list of >>>>> permissions is met." Seems more intitutive. >>>>> For now I can workaround it so thanks all. >>>>> -Milind >>>>> >>>>> >>>>> >>>>> <preprocessor> >>>>> <!-- Events to run on every request before security (chains >>>>> exempt) --> >>>>> <!-- <event type="java" >>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>> invoke="test"/> --> >>>>> <event type="java" >>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>> invoke="checkExternalLoginKey"/> >>>>> </preprocessor> >>>>> >>>>> <!-- Request Mappings --> >>>>> >>>>> <request-map uri="checkLogin" edit="false"> >>>>> <description>Verify a user is logged in.</description> >>>>> <security https="false" auth="false"/> >>>>> <event type="java" >>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>> invoke="checkLogin" /> >>>>> <response name="success" type="view" value="main" /> >>>>> <response name="error" type="view" value="login" /> >>>>> </request-map> >>>>> >>>>> <request-map uri="login"> >>>>> <security https="false" auth="false"/> >>>>> <event type="java" >>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>> invoke="login"/> >>>>> <response name="success" type="view" value="main"/> >>>>> <response name="error" type="view" value="login"/> >>>>> </request-map> >>>>> >>>>> >>>>> <request-map uri="main"> >>>>> <security https="false" auth="true" /> >>>>> <response name="success" type="view" value="main"/> >>>>> </request-map> >>>>> >>>>> <view-map name="login" type="screen" >>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>> >>>>> >>>>>> Not with a direct link to the comment where is the explanation ;p >>>>>> Actually it was more a didactic post >>>>>> >>>>>> Jacques >>>>>> >>>>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>>>> LOL >>>>>>> that was the first link I sent on this thread. >>>>>>> >>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>> >>>>>>>> You would have get >>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>> >>>>>>>> >>>>>>>> Jacques >>>>>>>> >>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>> <[EMAIL PROTECTED]> >>>>>>>> To: <user@ofbiz.apache.org> >>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>> >>>>>>>> >>>>>>>>> Let me try to break up questions. >>>>>>>>> Should'nt adding >>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>> to the ofbiz-entity.xml force the user to login with a user id >>>>>>>>> that >>>>>>>>> is >>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>> I can see the application I created and the line seems to have no >>>>>>>>> effect. >>>>>>>>> What is the purpose of the line? >>>>>>>>> Thanks >>>>>>>>> -Milind >>>>>>>>> >>>>>>>>>> Please not that opentaps is not at the same level of revision >>>>>>>>>> that >>>>>>>>>> ofbiz >>>>>>>>>> it >>>>>>>>>> there have been changes to security. >>>>>>>>>> there are examples in the >>>>>>>>>> framework/example >>>>>>>>>> and >>>>>>>>>> framework/exampleext >>>>>>>>>> I believe this to better tutorial >>>>>>>>>> since they work already. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>> >>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>> >>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>> hi, >>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>> following >>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>> application >>>>>>>>>>>>> would >>>>>>>>>>>>> as >>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>> </request-map> >>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>> browser. >>>>>>>>>>>>> How do permissions precedence work starting from the UI to >>>>>>>>>>>>> the >>>>>>>>>>>>> entity >>>>>>>>>>>>> layer. >>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>> Thanks >>>>>>>>>>>>> -Milind >>>>>>>>>>>>> >>>>>>>>>>>>> Here is the log >>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType] >>>>>>>>>>>>> Type >>>>>>>>>>>>> of >>>>>>>>>>>>> event >>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath] >>>>>>>>>>>>> Path >>>>>>>>>>>>> of >>>>>>>>>>>>> event >>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>> Method >>>>>>>>>>>>> of >>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>> Message: null >>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>> >>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>> >>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>> >>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>> >>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>> >>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>> >>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>> >>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>> >>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>> >>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>> >>>> >> >> >> >> >> > >
<?xml version="1.0" encoding="UTF-8" ?> <site-conf xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.ofbiz.org/dtds/site-conf.xsd"> <description>First Hello World Site Configuration File</description> <owner>Open For Business Project (c) 2005 </owner> <errorpage>/error/error.jsp</errorpage> <handler name="java" type="request" class="org.ofbiz.webapp.event.JavaEventHandler"/> <handler name="soap" type="request" class="org.ofbiz.webapp.event.SOAPEventHandler"/> <handler name="service" type="request" class="org.ofbiz.webapp.event.ServiceEventHandler"/> <handler name="service-multi" type="request" class="org.ofbiz.webapp.event.ServiceMultiEventHandler"/> <handler name="simple" type="request" class="org.ofbiz.webapp.event.SimpleEventHandler"/> <handler name="ftl" type="view" class="org.ofbiz.webapp.ftl.FreeMarkerViewHandler"/> <handler name="jsp" type="view" class="org.ofbiz.webapp.view.JspViewHandler"/> <handler name="screen" type="view" class="org.ofbiz.widget.screen.ScreenWidgetViewHandler"/> <handler name="http" type="view" class="org.ofbiz.webapp.view.HttpViewHandler"/> <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="check509CertLogin"/> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkRequestHeaderLogin"/> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> </postprocessor> <!-- Security Mappings --> <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="false" auth="false"/> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="login"> <security https="false" auth="false"/> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <!-- Request Mappings --> <request-map uri="main"> <security https="false" auth="false"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="main"/> </request-map> <request-map uri="news"> <response name="success" type="view" value="news"/> </request-map> <request-map uri="weather"> <response name="success" type="view" value="weather"/> </request-map> <request-map uri="sports"> <response name="success" type="view" value="sports"/> </request-map> <request-map uri="horoscope"> <response name="success" type="view" value="horoscope"/> </request-map> <request-map uri="people"> <response name="success" type="view" value="people"/> </request-map> <request-map uri="guestbook"> <response name="success" type="view" value="guestbook"/> </request-map> <request-map uri="hobbies"> <response name="success" type="view" value="hobbies"/> </request-map> <request-map uri="createPerson"> <event type="service" invoke="createHelloPerson"/> <response name="success" type="view" value="guestbook"/> <response name="error" type="view" value="guestbook"/> </request-map> <request-map uri="createPersonHobby"> <event type="service" invoke="createHelloPersonHobby"/> <response name="success" type="view" value="hobbies"/> <response name="error" type="view" value="hobbies"/> </request-map> <!-- end of request mappings --> <!-- View Mappings --> <view-map name="error" page="/error/error.jsp"/> <view-map name="login" type="screen" page="component://common/widget/CommonScreens.xml#login"/> <!-- <view-map name="login" type="screen" page="component://marketing/widget/sfa/CommonScreens.xml#login"/> --> <view-map name="main" type="screen" page="component://hello3/widget/HelloScreens.xml#main"/> <view-map name="news" type="screen" page="component://hello3/widget/HelloScreens.xml#news"/> <view-map name="weather" type="screen" page="component://hello3/widget/HelloScreens.xml#weather"/> <view-map name="sports" type="screen" page="component://hello3/widget/HelloScreens.xml#sports"/> <view-map name="horoscope" type="screen" page="component://hello3/widget/HelloScreens.xml#horoscope"/> <view-map name="people" type="screen" page="component://hello3/widget/HelloScreens.xml#people"/> <view-map name="guestbook" type="screen" page="component://hello3/widget/HelloScreens.xml#guestbook"/> <view-map name="hobbies" type="screen" page="component://hello3/widget/HelloScreens.xml#hobbies"/> <!-- end of view mappings --> </site-conf>