I am sure the community will be glad to see the documentation you provide from you experience. hang in there it does get easier.
Milind W sent the following on 8/4/2008 9:01 PM: > hi BJ, > I finally got the login to work. > I think its sad that its difficult to learn ofbiz and I think it does not > have to be this way and no I am not trying to learn opentaps. I was trying > to use the login screens from the 'common' application but then starting > running into issues with UI labels etc. I wanted to build the simplest > application to demonstrate login and probably contribute a tutorial for > the same. > So I looked at the login.ftl in the 'common' (component or application not > sure what the correct term is) and reused that. > Now every thing works as I expect it to. > Thanks > -Milind > > >> this is where using the example, exampleext, and the >> wiki startup example will help. >> this is where ofbiz is different than opentaps. >> and the links to the information that has been give you in the past come >> into play. >> there is no quick way to learn ofbiz. >> :) >> error is saying the main decorator has not been defined in the web.xml >> parms. >> >> you should check you complete component against the framework/example. >> >> Milind W sent the following on 8/3/2008 11:07 PM: >>> I changed my controller to conform with the example controller.xml. >>> Now it does attempt to send me to the login screen but get the following >>> error. >>> >>> org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen >>> [component://common/widget/CommonScreens.xml#login]: >>> java.lang.IllegalArgumentException: Could not find screen with name >>> [main-decorator] in the same file as the screen with name [login] (Could >>> not find screen with name [main-decorator] in the same file as the >>> screen >>> with name [login]) >>> >>> Help! >>>> your controller does not conform to the current svn controllers. >>>> please review them. >>>> >>>> >>>> Milind W sent the following on 8/3/2008 5:35 PM: >>>>> I got the updated files. >>>>> Did ant clean and then a new build. >>>>> I still see the SAME behavior described in my previous email. >>>>> I am attaching my controller.xml >>>>> >>>>>> here is the fix >>>>>> http://svn.apache.org/viewvc?rev=682228&view=rev >>>>>> >>>>>> Milind W sent the following on 8/3/2008 4:27 PM: >>>>>>> Just tried "ant clean" it made no difference. >>>>>>> I can proceed to main without being redirected to login with >>>>>>> rev#679258. >>>>>>> >>>>>>> >>>>>>> Relevant log for rev#679258 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response >>>>>>> is >>>>>>> a >>>>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) >>>>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main >>>>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>> UtilJ2eeCompat.java:69 >>>>>>> :INFO ] serverInfo: apache tomcat/6.0.16 >>>>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [ >>>>>>> UtilJ2eeCompat.java:78 >>>>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write >>>>>>> text >>>>>>> out >>>>>>> instead of response.getOutputStream >>>>>>> >>>>>>> and with rev#677863 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:236:INFO ] [Processing Request]: main >>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:262:INFO ] reqParams Map: [] >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:263:INFO ] queryString: >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:273:INFO ] checkLogin: queryString= >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response >>>>>>> is >>>>>>> a >>>>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> RequestHandler.java:578:INFO ] servletName=control, view=login >>>>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20 >>>>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [ >>>>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using >>>>>>> response.getWriter to write text out instead of >>>>>>> response.getOutputStream >>>>>>> >>>>>>> The loginworker seems to be invoked with rev#677863 and not with >>>>>>> rev#679258. >>>>>>> Any Idea? >>>>>>> >>>>>>>> Did you try an "ant clean" ? There have been some changes recently >>>>>>>> that >>>>>>>> implie this cleanup. >>>>>>>> >>>>>>>> Jacques >>>>>>>> >>>>>>>> From: "Milind W" <[EMAIL PROTECTED]> >>>>>>>>> Looks like I have a problem making this example work with >>>>>>>>> revision#679258 >>>>>>>>> >>>>>>>>> It worked fine (i.e I was redirected to login screen before I >>>>>>>>> could >>>>>>>>> get >>>>>>>>> to >>>>>>>>> main) with rev#677863 >>>>>>>>> >>>>>>>>> Looks like the view >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>> is part of the problem. The CommonScreens.xml has moved and does >>>>>>>>> no >>>>>>>>> longer >>>>>>>>> seem to have the 'login' screen. >>>>>>>>> >>>>>>>>> I tried finding another screen with the 'login' view. I found >>>>>>>>> another >>>>>>>>> one >>>>>>>>> in the 'common' component and modified my hello controller to >>>>>>>>> point >>>>>>>>> to >>>>>>>>> <view-map name="login" type="screen" >>>>>>>>> page="component://common/widget/CommonScreens.xml#login"/> >>>>>>>>> but it is no acting the same as previously. >>>>>>>>> >>>>>>>>> Please let me know what is missing (or any suggestion how best to >>>>>>>>> illustrate login) so I can complete and contribute my tutorial for >>>>>>>>> security. Would hate to create a tutorial that worked with one >>>>>>>>> specific >>>>>>>>> build. >>>>>>>>> >>>>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> -Milind >>>>>>>>> >>>>>>>>>> hi, >>>>>>>>>> I got login to work by adding the changes below to my controller >>>>>>>>>> using >>>>>>>>>> ofbiz4.0. >>>>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission >>>>>>>>>> not >>>>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829. >>>>>>>>>> But I agree with Si Chen on OFBIZ-829 >>>>>>>>>> "The right way is to assume no permission until one of the list >>>>>>>>>> of >>>>>>>>>> permissions is met." Seems more intitutive. >>>>>>>>>> For now I can workaround it so thanks all. >>>>>>>>>> -Milind >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <preprocessor> >>>>>>>>>> <!-- Events to run on every request before security >>>>>>>>>> (chains >>>>>>>>>> exempt) --> >>>>>>>>>> <!-- <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.event.TestEvent" >>>>>>>>>> invoke="test"/> --> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="checkExternalLoginKey"/> >>>>>>>>>> </preprocessor> >>>>>>>>>> >>>>>>>>>> <!-- Request Mappings --> >>>>>>>>>> >>>>>>>>>> <request-map uri="checkLogin" edit="false"> >>>>>>>>>> <description>Verify a user is logged in.</description> >>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="checkLogin" /> >>>>>>>>>> <response name="success" type="view" value="main" /> >>>>>>>>>> <response name="error" type="view" value="login" /> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> <request-map uri="login"> >>>>>>>>>> <security https="false" auth="false"/> >>>>>>>>>> <event type="java" >>>>>>>>>> path="org.ofbiz.webapp.control.LoginWorker" >>>>>>>>>> invoke="login"/> >>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <request-map uri="main"> >>>>>>>>>> <security https="false" auth="true" /> >>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>> </request-map> >>>>>>>>>> >>>>>>>>>> <view-map name="login" type="screen" >>>>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" /> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Not with a direct link to the comment where is the explanation >>>>>>>>>>> ;p >>>>>>>>>>> Actually it was more a didactic post >>>>>>>>>>> >>>>>>>>>>> Jacques >>>>>>>>>>> >>>>>>>>>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>>>>>>>>> LOL >>>>>>>>>>>> that was the first link I sent on this thread. >>>>>>>>>>>> >>>>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM: >>>>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS. >>>>>>>>>>>>> >>>>>>>>>>>>> You would have get >>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Jacques >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- From: "Milind W" >>>>>>>>>>>>> <[EMAIL PROTECTED]> >>>>>>>>>>>>> To: <user@ofbiz.apache.org> >>>>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM >>>>>>>>>>>>> Subject: Re: how to set security and permissions precedence >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> Let me try to break up questions. >>>>>>>>>>>>>> Should'nt adding >>>>>>>>>>>>>> base-permission="OFBTOOLS" >>>>>>>>>>>>>> to the ofbiz-entity.xml force the user to login with a user >>>>>>>>>>>>>> id >>>>>>>>>>>>>> that >>>>>>>>>>>>>> is >>>>>>>>>>>>>> associated to the OFBTOOLS security group? >>>>>>>>>>>>>> I can see the application I created and the line seems to >>>>>>>>>>>>>> have >>>>>>>>>>>>>> no >>>>>>>>>>>>>> effect. >>>>>>>>>>>>>> What is the purpose of the line? >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Please not that opentaps is not at the same level of >>>>>>>>>>>>>>> revision >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> ofbiz >>>>>>>>>>>>>>> it >>>>>>>>>>>>>>> there have been changes to security. >>>>>>>>>>>>>>> there are examples in the >>>>>>>>>>>>>>> framework/example >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> framework/exampleext >>>>>>>>>>>>>>> I believe this to better tutorial >>>>>>>>>>>>>>> since they work already. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM: >>>>>>>>>>>>>>>> BJ Freeman wrote: >>>>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM: >>>>>>>>>>>>>>>>>> hi, >>>>>>>>>>>>>>>>>> Security Permissions >>>>>>>>>>>>>>>>>> I am using ofbiz rev.79258 >>>>>>>>>>>>>>>>>> I want to understand how security works so I made the >>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>> modifications to hello1 >>>>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the >>>>>>>>>>>>>>>>>> ofbiz-component.xml >>>>>>>>>>>>>>>>>> I could still see the application I was assuming the >>>>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>>>> would >>>>>>>>>>>>>>>>>> as >>>>>>>>>>>>>>>>>> me to login or prevent me from seeing the page. >>>>>>>>>>>>>>>>>> 2)I added <security> to the main request >>>>>>>>>>>>>>>>>> <request-map uri="main"> >>>>>>>>>>>>>>>>>> <security https="false" auth="true"/> >>>>>>>>>>>>>>>>>> <response name="success" type="view" value="main"/> >>>>>>>>>>>>>>>>>> </request-map> >>>>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException" in the >>>>>>>>>>>>>>>>>> browser. >>>>>>>>>>>>>>>>>> How do permissions precedence work starting from the UI >>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> entity >>>>>>>>>>>>>>>>>> layer. >>>>>>>>>>>>>>>>>> Help appreciated. >>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>> -Milind >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Here is the log >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]: main >>>>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1 >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:159:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventType] >>>>>>>>>>>>>>>>>> Type >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:146:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventPath] >>>>>>>>>>>>>>>>>> Path >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event >>>>>>>>>>>>>>>>>> for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> RequestManager.java:172:WARN ] >>>>>>>>>>>>>>>>>> [RequestManager.getEventMethod] >>>>>>>>>>>>>>>>>> Method >>>>>>>>>>>>>>>>>> of >>>>>>>>>>>>>>>>>> event for request "checkLogin" not found >>>>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [ >>>>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR] >>>>>>>>>>>>>>>>>> ---- runtime exception report >>>>>>>>>>>>>>>>>> -------------------------------------------------- >>>>>>>>>>>>>>>>>> Error in request handler: >>>>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException >>>>>>>>>>>>>>>>>> Message: null >>>>>>>>>>>>>>>>>> ---- stack trace >>>>>>>>>>>>>>>>>> --------------------------------------------------------------- >>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source) >>>>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source) >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595) >>>>>>>>>>>>>>>>>> -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php >>>>>>> >>>>>>> >>> >>> >>> >>> >> > > > > >