Re: [smartweb-user] [auth] Create groups

[Rocco F. <rfu...@sm...>]

I want you to see how I configured the file and first of all you explain
well the project that I need to develop.
In practice I have to create a small portal with different pages and more I
have to manage the administration with few simple functions.
In practice I do the inclusion and deletion of content that can be seen by
all users who arrive on the site.
Then there are pages to view other content a few users who are then sent a
username and password.
So in practice I have to manage 3 types of groups, after a guest can only
display pages unprotected and then two other registered and User Admin.
I'm not interested in protecting special resources or other but simply make
a distinction between a registered user and an administrator
and then when you go to log if an administrator on the page to send him
confidential where manage the site
while if you are a registered user sends it in another page where you can
only see content to registered users.
So if I understand well enough that I create the file. Xml as follows
(immediately below) and then with the appropriate Web pages create and
insert new users to group
I've created.

<security xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="security.xsd">
    <scopetypes>
    </scopetypes>
    <handlers/>
    <global>

        <authentication
type="net.smartlab.web.auth.handlers.PasswordAuthenticationHandler" />
        <registration
type="net.smartlab.web.auth.handlers.EmailVerifierRegistrationHandler">
            <param name="systemName">http://demo.smartlab.net</param>
            <param name="smtp.host">localhost</param>
            <param name="smtp.port">22</param>
            <param name="smtp.user">root</param>
            <param name="smtp.pass">root</param>
            <param name="from">web...@sm...</param>
            <param name="requestObject">Please confirm your
registration</param>
            <param name="requestBody"><![CDATA[Dear ${user.display}, we
recently received a registration request from you. If you EXPLICITLY
REQUESTED the account activation you should confirm this email belongs to
you clicking the following link: ${systemName}/smartweb/verify.do?user=${
user.id}&amp;ticket=${user.properties.trace}  If you NEVER REQUESTED to
register on our system please DO NOT follow the above link: instead you
should report the abuse to ${mail.from} replying to this email.  Thank you,
The SmartLab Team]]></param>
            <param name="responseObject">Registration confirmed</param>
            <param name="responseBody"><![CDATA[Dear ${user.display},Welcome
to ${systemName} Thank you,The SmartLab Team]]></param>
        </registration>
    </global>
    <roles>
        <role id="guest" handler="morning,load">
            <description>Unfrequent visitor</description>
            <privilege resource="net.smartlab.web.auth.Domain"
element="login" modifier="x"/>
            <privilege resource="net.smartlab.web.auth.Domain"
element="logout" modifier="x"/>
            <privilege resource="net.smartlab.web.auth.Domain"
element="register" modifier="x"/>
            <privilege
resource="net.smartlab.web.auth.aspects.MethodAuthorizationInterceptorTest"
element="methodTestOK" modifier="x"/>
        </role>
        <role id="user">
            <description>Registered visitor</description>
            <privilege resource="*" element="*" modifier="rx"/>
        </role>
        <role id="admin">
            <description>System Admin</description>
            <privilege resource="*" element="*" modifier="rwx"/>
        </role>
    </roles>
</security>

Perhaps the part of guest since it does not have the resources gesitre can
also delete or leave it like that?
thank you


2008/5/8 Rocco Fusella <rfu...@sm...>:

> Thank you for guide now I read it and if I have problems you do know,
> indeed I will certainly hear :-)
>
> 2008/5/8 Stefano V <st...@gm...>:
>
> I just write for you simple guide to install smarteb-auth with the firsts
>> steps to configure the module.
>> (I hope "someone" can add  it to the official smartweb-auth documentation
>> on the site)
>> If  I understand, your fault is  you want add privilege from the java
>> code.
>> At this time this feature is not supported because  I think is securer
>> leave the privilege only on the configuration file ( so you can change only
>> at deployment time the privilege )
>> If you want change dinamically permission to someone you MUST change his
>> role.
>>
>> bye
>> stefano
>>
>>
>> 2008/5/8 Rocco Fusella <rfu...@sm...>:
>>
>>> I have to create a portal with two groups of users, I do not want to
>>> special permits and privileges to them but only to distinguish a page from
>>> each other and show then the code concerned.
>>> I was trying to use this code but I do not know if they are on the right
>>> track because me an error. Given the code is that the error for
>>> completeness.
>>>
>>> Privilege read=new
>>> Privilege(Privilege.STRING_ANY,Privilege.STRING_ANY,Privilege.READ);
>>>             Privilege write=new
>>> Privilege(Privilege.STRING_ANY,Privilege.STRING_ANY,Privilege.WRITE);
>>>             Privilege execute=new
>>> Privilege(Privilege.STRING_ANY,Privilege.STRING_ANY,Privilege.EXECUTE);
>>>
>>>             Role admin=new Role("ruolo_amministratore","Ruolo
>>> Amministratore");
>>>             admin.add(read);
>>>             admin.add(write);
>>>             admin.add(execute);
>>>             RoleFactory.getInstance().update(admin);
>>>
>>>             Role utente=new Role("ruolo_utente","Ruolo Utente");
>>>             utente.add(read);
>>>             utente.add(execute);
>>>             RoleFactory.getInstance().update(utente);
>>>
>>>             Permission pAdmin=new Permission();
>>>             pAdmin.setRoleId(admin.getId());
>>>             PermissionFactory.getInstance().update(pAdmin);
>>>
>>>             Permission pUtente=new Permission();
>>>             pUtente.setRoleId(utente.getId());
>>>             PermissionFactory.getInstance().update(pUtente);
>>>
>>>             Group gruppo1=new Group();
>>>             gruppo1.setDescription("Amministratore Portale");
>>>             gruppo1.setDisplay("Amministratore");
>>>             gruppo1.add(pAdmin);
>>>             GroupFactory.getInstance().update(gruppo1);
>>>
>>>             Group gruppo2=new Group();
>>>             gruppo2.setDescription("Utente Registrato");
>>>             gruppo2.setDisplay("Utente");
>>>             gruppo2.add(pUtente);
>>>             GroupFactory.getInstance().update(gruppo2);
>>>
>>>             User user1=new User();
>>>             user1.setDisplay("admin");
>>>             user1.setUsername("admin");
>>>             user1.setPassword("admin");
>>>             UserFactory.getInstance().update(user1);
>>>
>>>             User user2=new User();
>>>             user2.setDisplay("admin");
>>>             user2.setUsername("admin");
>>>             user2.setPassword("admin");
>>>             UserFactory.getInstance().update(user2);
>>>
>>>             user1.add(gruppo1);
>>>             user2.add(gruppo2);
>>>             UserFactory.getInstance().update(user2);
>>>             UserFactory.getInstance().update(user1);
>>>
>>> While this is the error code that generates me
>>>
>>>
>>> 453  WARN  [main]     net.smartlab.web.auth.RoleFactory     -
>>> Configuration Exception
>>> net.smartlab.config.ConfigurationException:
>>> java.lang.NullPointerException
>>>     at
>>> net.smartlab.config.XMLConfiguration.update(XMLConfiguration.java:174)
>>>     at
>>> net.smartlab.config.XMLConfiguration.<init>(XMLConfiguration.java:82)
>>>     at
>>> net.smartlab.web.config.FileDomainConfigurationStrategy.getConfiguration(FileDomainConfigurationStrategy.java:48)
>>>     at net.smartlab.web.Domain.getConfiguration(Domain.java:160)
>>>     at net.smartlab.web.auth.RoleFactory.getInstance(RoleFactory.java:86)
>>>     at
>>> net.smartlab.catalogo.GroupFactoryTest.testUpdate(GroupFactoryTest.java:48)
>>>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>>>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>>>     at java.lang.reflect.Method.invoke(Unknown Source)
>>>     at junit.framework.TestCase.runTest(TestCase.java:154)
>>>     at junit.framework.TestCase.runBare(TestCase.java:127)
>>>     at junit.framework.TestResult$1.protect(TestResult.java:106)
>>>     at junit.framework.TestResult.runProtected(TestResult.java:124)
>>>     at junit.framework.TestResult.run(TestResult.java:109)
>>>     at junit.framework.TestCase.run(TestCase.java:118)
>>>     at
>>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:478)
>>>     at
>>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:344)
>>>     at
>>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
>>> Caused by: java.lang.NullPointerException
>>>     at
>>> net.smartlab.config.XMLConfiguration.update(XMLConfiguration.java:171)
>>>     ... 18 more
>>> java.lang.IllegalArgumentException: No destination bean specified
>>>     at
>>> org.apache.commons.beanutils.BeanUtilsBean.copyProperties(BeanUtilsBean.java:217)
>>>     at
>>> org.apache.commons.beanutils.BeanUtils.copyProperties(BeanUtils.java:114)
>>>     at net.smartlab.web.auth.RoleFactory.update(RoleFactory.java:154)
>>>     at
>>> net.smartlab.catalogo.GroupFactoryTest.testUpdate(GroupFactoryTest.java:48)
>>>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>>>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>>>     at java.lang.reflect.Method.invoke(Unknown Source)
>>>     at junit.framework.TestCase.runTest(TestCase.java:154)
>>>     at junit.framework.TestCase.runBare(TestCase.java:127)
>>>     at junit.framework.TestResult$1.protect(TestResult.java:106)
>>>     at junit.framework.TestResult.runProtected(TestResult.java:124)
>>>     at junit.framework.TestResult.run(TestResult.java:109)
>>>     at junit.framework.TestCase.run(TestCase.java:118)
>>>     at
>>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:478)
>>> 484  DEBUG [main] net.smartlab.catalogo.GroupFactoryTest     - tearDown()
>>> - start
>>>     at
>>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:344)
>>>     at
>>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
>>>
>>> From what could depend?
>>> Thank you.
>>>
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>>> Don't miss this year's exciting event. There's still time to save $100.
>>> Use priority code J8TL2D2.
>>>
>>> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>>> _______________________________________________
>>> smartweb-user mailing list
>>> sma...@li...
>>> https://lists.sourceforge.net/lists/listinfo/smartweb-user
>>>
>>>
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>> Don't miss this year's exciting event. There's still time to save $100.
>> Use priority code J8TL2D2.
>>
>> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>> _______________________________________________
>> smartweb-user mailing list
>> sma...@li...
>> https://lists.sourceforge.net/lists/listinfo/smartweb-user
>>
>>
>