LOGIsoft:
Also, refering to the Servoy Developer User’s Guide (the notes on pages 450 and 451), I was wondering what happens in the case where User A in module_A belongs to a Group that has Admin access, but to a limited-access Group in module_B. Since the combination of Groups spans multiple modules and the entire solution, and that if a user is in multiple groups the highest access rights will be applied to them, does this mean that User A will finally have full access to all modules, since he is defined that way in one of them? Or is the access rights promotion done on a module by module basis?
Hope this is clearly stated…
‘Group promotion’ is my attempt, albeit in a clumsy way, to represent the way Servoy combines and defines the actual access rights for a user.
The reason I was asking this is because we may or may not want a User with a high access level in one or more modules to have these same access rights in all modules, or even in the solution proper per se.
If that is the case, as I suspect it is, then I would rather suggest that users have their rights based on a module-by-module level, instead of a solution-wide all-encompassing higher-hierarchy combination.
NOTE: If a user is in multiple groups, the highest access rights will be applied to them. For example, if a user is in one group that has read-only access to a field and in a second group that has full access, the user will have full access to the specified field.
NOTE: Groups with the same name that are added to a solution or the module(s) of a solution will be combined. Suppose you have added a group called “Users” in the module mod_contacts that includes 2 users: a,b. And you have added a group called “Users” to the module mod_companies with 1 user: c. When these two modules are added to the same solution, the “Users” group will contain these users: a,b,c.
Let’s say we have the following situation:
Ms. Jones, working in Accounting, has access to all financial information for Acme Company. [Module Finances with group ‘Accounting’ - Admin access]
However, she may not (obviously) need full access to Administrative Procedures. [Module AdminProc with group ‘Accounting’ - Limited access]
She may also have the role of aministrative assistant to one of the bosses. [Module HumanResources with group ‘BossAssist’ - Admin acces for her boss only]
How can I effectively make sure that, in this case, Ms. Jones doesn’t see everything in the Procedures module? And what about having some sort of row-level access (to prevent her from seeing stuff belonging to the other bosses, for instance)?
I’m beginning to wonder if, for anything slightly sophisticated and modular, we need to put in almost as many different groups as there are users, or at least as there are modules…
I’m beginning to wonder if, for anything slightly sophisticated and modular, we need to put in almost as many different groups as there are users, or at least as there are modules…
I can imagine that this assumption is a little over the top but yes, the more groups you want to differentiate for the more rules you will have to apply.
Makes sense to me…
The method webshop_login() will at last show a loginform.
On the loginform, the user must enter username/password/language and then press a Login button
The onAction on the loginbutton is doLogin()
The doLogin() method looks like this:
function doLogin()
{
// Some checks
application.output('BEFORE LOGIN')
var _ok = security.login(_servoy_username, _uid, security.getGroups().getColumnAsArray(2))
application.output('AFTER LOGIN')
// Some more actions
}
What I see in my login that the security.login() is being called, but it never reaches the AFTER LOGIN.
What happens is that the original deeplink is called again!
I would expect that security.login() returns true/false and continues the processing
And that causes lot of troubles in my webshop and lot of errors in the log.
Can anyone tell me something usefull about this situation?
And also the security.logoff(), does it work like it should work.
Now I have the following coding:
var _webshop_id = globals.webshop_id
security.logout()
globals.globis_webshop_login(_webshop_id);
I want to do a logoff, and then I call a global method that will show the login form again.
What happens now is, that after the security.logout() that the next line gives an error. See the log:
2008-10-09 12:06 http-8080-4 ERROR com.servoy.j2db.util.Debug undefined is not a function.
2008-10-09 12:06 http-8080-4 INFO com.servoy.j2db.util.Debug Unregistering client: 51240b06-5090-48fa-a1c8-3da0466d3313
2008-10-09 12:06 http-8080-4 INFO com.servoy.j2db.util.Debug no record found
2008-10-09 12:06 http-8080-4 INFO com.servoy.j2db.util.Debug shutDown
And next there is an error thrown:
TypeError: undefined is not a function. (onDisconnect; line 15)
at org.mozilla.javascript.NativeGlobal.constructError(NativeGlobal.java:584)
at org.mozilla.javascript.NativeGlobal.constructError(NativeGlobal.java:544)
at org.mozilla.javascript.NativeGlobal.typeError1(NativeGlobal.java:554)
at org.mozilla.javascript.ScriptRuntime.call(ScriptRuntime.java:1239)
at org.mozilla.javascript.gen.c1082.call(onDisconnect:15)
at com.servoy.j2db.scripting.f.executeFunction(Unknown Source)
at com.servoy.j2db.FormController.a(Unknown Source)
at com.servoy.j2db.FormController.executeFunction(Unknown Source)
at com.servoy.j2db.FormController$a.a(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor.fireActionCommand(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor.onEvent(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor$1.onEvent(Unknown Source)
at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:163)
at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:293)
at org.apache.wicket.request.target.component.listener.BehaviorRequestTarget.processEvents(BehaviorRequestTarget.java:100)
at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:91)
at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1171)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1248)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1349)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:387)
at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
I want to keep full control over my application and now I can’t logout and return to my login thru a global method.
// After logout I want to show the login form again using a global method
security.logout()
globals.showLoginForm(globals.webshop_id)
jcompagner:
logout() if the solution needs authentication will result in a closeSolution()
Does that mean that when I switch off authentication, that the call to globals.showLoginForm() will succeed?
jcompagner:
If you just want to relogin the user cant you use the solution/method/arguments in closeSolution?
When authentication is on I can’t do the coding above, but do you say that I can put the globals.showLoginForm(globals.webshop_id) in my onCloseSolution method?
Will the global variables still have their value?
when you close a solution you cant do anything
you want to show your login form again? Then first the solution has to be loaded again that doesnt happen like that
Yes if your solution doesnt need authentication we dont close the solution.
this way you can control what solution is loaded and what method with what argument is called if you want that after the logout (and the close solution that logout does)
2008-10-22 13:28 http-8080-2 INFO com.servoy.j2db.util.Debug shutDown
2008-10-22 13:28 http-8080-2 ERROR com.servoy.j2db.util.Debug Throwable
TypeError: undefined is not a function. (onOK; line 100)
at org.mozilla.javascript.NativeGlobal.constructError(NativeGlobal.java:584)
at org.mozilla.javascript.NativeGlobal.constructError(NativeGlobal.java:544)
at org.mozilla.javascript.NativeGlobal.typeError1(NativeGlobal.java:554)
at org.mozilla.javascript.ScriptRuntime.call(ScriptRuntime.java:1239)
at org.mozilla.javascript.gen.c382.call(onOK:100)
at com.servoy.j2db.scripting.f.executeFunction(Unknown Source)
at com.servoy.j2db.FormController.a(Unknown Source)
at com.servoy.j2db.FormController.executeFunction(Unknown Source)
at com.servoy.j2db.FormController$a.a(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor.fireActionCommand(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor.onEvent(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor$1.onEvent(Unknown Source)
at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:163)
at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:293)
at org.apache.wicket.request.target.component.listener.BehaviorRequestTarget.processEvents(BehaviorRequestTarget.java:100)
at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:91)
at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1171)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1248)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1349)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:387)
at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
2008-10-22 13:28 http-8080-2 ERROR com.servoy.j2db.util.Debug undefined is not a function.
2008-10-22 13:28 http-8080-2 INFO com.servoy.j2db.util.Debug Unregistering client: e5f5b11e-33c3-4345-a0a4-ad6ad9766622
2008-10-22 13:28 http-8080-2 INFO com.servoy.j2db.util.Debug no record found
2008-10-22 13:28 http-8080-2 INFO com.servoy.j2db.util.Debug shutDown
Looks like application.getServerURL() is not returning the correct URL. Is there a place where I must change localhost by 192.168.73.200 (or the real hostname)
I tried also in smart client. There I see client URL and not server URL.