[Opensource] User Privilege Problem
Larry Hamel
larry at codeguild.com
Thu Jan 22 14:23:12 PST 2004
I believe "everybody" in expresso means everyone with an expresso login.
you can substitute your own login tables for expresso user tables--there's a place for that in expresso-config, like
<expresso-config>
<logDirectory>%web-app%../../logs</logDirectory>
<strongCrypto>n</strongCrypto>
<servletAPI>2_3</servletAPI>
<cryptoKey>Sample Test Key - Change for serious deployment</cryptoKey>
<encryptMode>AES</encryptMode>
<class-handlers>
<class-handler name="userInfo" classHandler="com.jcorporate.expresso.services.dbobj.DefaultUserInfo"/>
<class-handler name="orderedCache" classHandler="com.jcorporate.expresso.core.cache.OrderedCache"/>
...
see the userInfo class handler? that's where you would put a different class that implemented UserInfo.
larry
At 08:39 AM 1/22/2004, you wrote:
>Hi All,
>
>I have my own users table to check the userid and password for my application developed using Expresso. But when I used a userid and password which exist in my users table but not exist in Expresso's user table, Expresso generated the following error message. I checked the DB Object Security and Controller Security from Expresso security wizard, the group named "Everybody has privilege" is allowed to access all my application's controllers and dbobjects. What should I do next? Do I need to add all the users in my users tables (for example, over 100 users) to Expresso user table? Anybody knows, thanks!
>
>Errors generated by Expresso:
>
>You are logged in as 'sthompson' in database/context 'default'
>
>com.jcorporate.expresso.core.db.exception.DBRecordNotFoundException: (com.jcorporate.expresso.services.dbobj.DefaultUserInfo) No such record for record with key '21' in database 'default' at com.jcorporate.expresso.core.dbobj.DBObject.retrieve(DBObject.java:5312) at com.jcorporate.expresso.core.dbobj.SecuredDBObject.retrieve(SecuredDBObject.java:670) at com.jcorporate.expresso.core.security.User.retrieve(User.java:955) at com.jcorporate.expresso.core.controller.DBController.stateAllowed(DBController.java:376) at com.jcorporate.expresso.core.controller.Controller.newState(Controller.java:1169) at com.jcorporate.expresso.core.controller.Controller.newState(Controller.java:1142) at com.jcorporate.expresso.core.controller.Controller.execute(Controller.java:1804) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:226) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.St
ava:190) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2347) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:468) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1027) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1125) at java.lang.Thread.run(Thread.java:536) com.jcorporate.expresso.core.controller.ControllerException: Unable to check Controller security at com.jcorporate.expresso.core.controller.DBController.stateAllowed(DBController.java:581) at com.jcorporate.expresso.core.
:1169) at com.jcorporate.expresso.core.controller.Controller.newState(Controller.java:1142) at com.jcorporate.expresso.core.controller.Controller.execute(Controller.java:1804) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:226) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:190) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2347) at org.apache.catalina.core.StandardHostValve.invoke(Stand
0) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:468) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1027) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1125) at java.lang.Thread.run(Thread.java:536)
>
>Thanks!
>
>Regards,
>
>Sally
>
>
>Do you Yahoo!?
>Yahoo! SiteBuilder - Free web site building tool. <http://us.rd.yahoo.com/evt=21608/*http://webhosting.yahoo.com/ps/sb/>Try it!
More information about the Opensource
mailing list