hi BJ, I finally got the login to work. I think its sad that its difficult to learn ofbiz and I think it does not have to be this way and no I am not trying to learn opentaps. I was trying to use the login screens from the 'common' application but then starting running into issues with UI labels etc. I wanted to build the simplest application to demonstrate login and probably contribute a tutorial for the same. So I looked at the login.ftl in the 'common' (component or application not sure what the correct term is) and reused that. Now every thing works as I expect it to. Thanks -Milind
> this is where using the example, exampleext, and the > wiki startup example will help. > this is where ofbiz is different than opentaps. > and the links to the information that has been give you in the past come > into play. > there is no quick way to learn ofbiz. > :) > error is saying the main decorator has not been defined in the web.xml > parms. > > you should check you complete component against the framework/example. > > Milind W sent the following on 8/3/2008 11:07 PM: >> I changed my controller to conform with the example controller.xml. >> Now it does attempt to send me to the login screen but get the following >> error. >> >> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >> [component://common/widget/CommonScreens.xml#login]: >> java.lang.IllegalArgumentException: Could not find screen with name >> [main-decorator] in the same file as the screen with name [login] (Could >> not find screen with name [main-decorator] in the same file as the >> screen >> with name [login]) >> >> Help! >>> your controller does not conform to the current svn controllers. >>> please review them. >>> >>> >>> Milind W sent the following on 8/3/2008 5:35 PM: >>>> I got the updated files. >>>> Did ant clean and then a new build. >>>> I still see the SAME behavior described in my previous email. >>>> I am attaching my controller.xml >>>> >>>>> here is the fix >>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>> >>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>> Just tried "ant clean" it made no difference. >>>>>> I can proceed to main without being redirected to login with >>>>>> rev#679258. >>>>>> >>>>>> >>>>>> Relevant log for rev#679258 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response >>>>>> is >>>>>> a >>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>> UtilJ2eeCompat.java:69 >>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>> UtilJ2eeCompat.java:78 >>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>> text >>>>>> out >>>>>> instead of response.getOutputStream >>>>>> >>>>>> and with rev#677863 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response >>>>>> is >>>>>> a >>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>> response.getWriter to write text out instead of >>>>>> response.getOutputStream >>>>>> >>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>> rev#679258. >>>>>> Any Idea? >>>>>> >>>>>>> Did you try an "ant clean" ? There have been some changes recently >>>>>>> that >>>>>>> implie this cleanup. >>>>>>> >>>>>>> Jacques >>>>>>> >>>>>>> From: "Milind W" <[EMAIL PROTECTED]> >>>>>>>> Looks like I have a problem making this example work with >>>>>>>> revision#679258 >>>>>>>> >>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>> could >>>>>>>> get >>>>>>>> to >>>>>>>> main) with rev#677863 >>>>>>>> >>>>>>>> Looks like the view >>>>>>>> <view-map name="login" type="screen" >>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>> no >>>>>>>> longer >>>>>>>> seem to have the 'login' screen. >>>>>>>> >>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>> another >>>>>>>> one >>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>> point >>>>>>>> to >>>>>>>> <view-map name="login" type="screen" >>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>> but it is no acting the same as previously. >>>>>>>> >>>>>>>> Please let me know what is missing (or any suggestion how best to >>>>>>>> illustrate login) so I can complete and contribute my tutorial for >>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>> specific >>>>>>>> build. >>>>>>>> >>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>> >>>>>>>> Thanks >>>>>>>> -Milind >>>>>>>> >>>>>>>>> hi, >>>>>>>>> I got login to work by adding the changes below to my controller >>>>>>>>> using >>>>>>>>> ofbiz4.0. >>>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission >>>>>>>>> not >>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>> of >>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>> -Milind >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> <preprocessor> >>>>>>>>> <!-- Events to run on every request before security >>>>>>>>> (chains >>>>>>>>> exempt) --> >>>>>>>>> <!-- <event type="java" >>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>> invoke="test"/> --> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>> </preprocessor> >>>>>>>>> >>>>>>>>> <!-- Request Mappings --> >>>>>>>>> >>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>> <security https="false" auth="false"/> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="checkLogin" /> >>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> <request-map uri="login"> >>>>>>>>> <security https="false" auth="false"/> >>>>>>>>> <event type="java" >>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>> invoke="login"/> >>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> >>>>>>>>> <request-map uri="main"> >>>>>>>>> <security https="false" auth="true" /> >>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>> ;p >>>>>>>>>> Actually it was more a didactic post >>>>>>>>>> >>>>>>>>>> Jacques >>>>>>>>>> >>>>>>>>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>>>>>>>> LOL >>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>> >>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>> >>>>>>>>>>>> You would have get >>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Jacques >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>> <[EMAIL PROTECTED]> >>>>>>>>>>>> To: <user@ofbiz.apache.org> >>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>> id >>>>>>>>>>>>> that >>>>>>>>>>>>> is >>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>> have >>>>>>>>>>>>> no >>>>>>>>>>>>> effect. >>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>> Thanks >>>>>>>>>>>>> -Milind >>>>>>>>>>>>> >>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>> revision >>>>>>>>>>>>>> that >>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>> it >>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>> and >>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>> >>>>>> >>>>>> >>> >> >> >> >> >> > >