Security Issues
Shrek
This is a very good piece of work done Compl.
I have some issues related to Security.
In trying to use this I have figured out the Roles and Permissions
nodes but am unable to configure anything significant with respect to
security.
A Topic has Roles & Permissions which are visible on pressing ~.
Now what?
I am unable to add a Role. It says that a "Role must be created under
Topics" - What is this supposed to mean?
How can I add new Roles and map them to Persmissions of a node?
Any help in this regard shall be highly appreciated.
Compl Yue Still
Sorry this is just a regression bug since I last refactoring.
The line at common/src/av/wow/comm/CreateRole.java:71 was changed to:
if (topic != null)
{
scener.getConnection().postGuidance(
new ScenerMessage(JOptionPane.ERROR_MESSAGE,
CREATE_ROLE_WRONG_PLACE));
return;
}
where it should really be:
if (topic == null)
{
scener.getConnection().postGuidance(
new ScenerMessage(JOptionPane.ERROR_MESSAGE,
CREATE_ROLE_WRONG_PLACE));
return;
}
If you are compiling WoW from source, just change this and recompile
will fix.
Cheers,
Compl
Shrek
I managed to change the code and have recompiled the same.
Now I have encountered yet another problem.
1. I am unable o delete any roles that I may have wrongly created.
2. I am unable to add any role under Persmissions - > Allow *** by -
> .
Cheers,
SB
Compl Yue Still
It's okay here for my setup, and I suspect it may be a confusion
problem about current WoW menu/short-cut design, since:
1. To delete a role, you have to use the popup-menu, the Del key just
won't work since the swing action is actually different from the ideas
deletion action.
2. To do this, you have to first clip (select+ctrl^C or right-click
+"Clip Selection") the role, then right click the "Allow ***" node,
and select "Attach Clipped Feasors".
I guess this is the problem, and I myself is not so good at UI design,
but I admit current security operation interfaces are less intuitive
than reasonable.
I hope we can figure these out and found better ways as WoW grows.
But if the above steps neither get you through, let me know more
details like the tomcat log and browser java console output etc, to
find more problems.
Good Luck,
Compl
Shrek
> won't work since the swing action is actually different from the ideas
> deletion action.
I am not using the Del key but the menu only. I am logged in as a
'mighty' user.
Yet I am unable to delete the 'test' role I had created. I am able to
delete anything else that I may have created.
> 2. To do this, you have to first clip (select+ctrl^C or right-click
> +"Clip Selection") the role, then right click the "Allow ***" node,
> and select "Attach Clipped Feasors".
This is functioning as you have mentioned. Thanks.
> But if the above steps neither get you through, let me know more
> details like the tomcat log and browser java console output etc, to
> find more problems.
There is nothing in either of the logs that I can send to you.
Anything else that may be helpful?
Cheers,
SB
Compl Yue Still
a role.
Does it always fail at your site? If so would you package your db data
files (generated by H2), or mysql dumped script or your db's data for
me to test it out?
Or if you want to trace into the code by yourself, just start up
tomcat with jpda and attach your eclipse as the debugger, then set
some breakpoints. An ideal position is in common/src/av/wow/comm/
DeleteRole.java. Stepping through the code should show why it's
happening..
Shrek
Root' and working fine in the other 'Provinces'. I shall investigate
it further as you have suggested and get back to you.
Thanks,
SB
Compl Yue Still
TOB database, I have fixed the db and uploaded a new release of WoW 6
bundled with the updated version of tob, so please download the latest
source/war package from http://wow.dev.java.net to get over all
problems encountered so far.
Shrek
I have deployed the new war and old problems seem to have been fixed
but not completely.
I am presenting a scenario which is still giving problems and I have
no clue of what may be going wrong:
1. I login as Admin.
2. The Admin creates a new Province - P
3. On P, Admin creates roles - Senior Users, Mighty Users, Anyone,
Senior
4. On P, Admin adds permissions -
(@1) Deny [Change Security] by : Senior Users, Senior
(@2) Allow [All(*)] by: Mighty Users, Senior Users, Senior
(@100) Allow [Read] by: Anyone
(@100) Allow [View Message] by: Anyone
5. Then Admin creates a user 'sb' with Level - Senior and activates
the account. An e-mail is received successfully.
6. Next the User tries to access the site : https://localhost:8443/wow/traverse/P
and logs in with the received password. The site does not open and the
circles don't stop.
What am I doing wrong/missing in the above steps? Kindly advise. Is
there any place where security configuration is explained in detail?
Thanks,
SB
On Mar 5, 2:30 pm, "Compl Yue Still" <complyst...@gmail.com> wrote:
> I reproduced this problem, and finally found it's due to a bug of the
> TOB database, I have fixed the db and uploaded a new release of WoW 6
> bundled with the updated version of tob, so please download the latest
> source/war package fromhttp://wow.dev.java.netto get over all
> problems encountered so far.
Compl Yue Still
This is just because the roles used to identify users by their levels
are different from those manually created, you find these roles under
the site-root node and the users-root node, but no way to create them
by hand.
If you create your own roles and grant them permissions, you need to
let them "embrace" your user in order to give the user those
permissions.
And WoW traverser clipboard is shared session wide, so you can "clip"
a role or a user, and use them in another window, only if the windows
are in a same session connected to the WoW web server.
I'm sorry it's still this confusing, there is no detailed doc about
this so far. Your advice is pretty informative, I will add such docs
ASAP.
Thanks for your intensive trailing!
Wishes,
Compl
> > source/war package fromhttp://wow.dev.java.nettoget over all
> > problems encountered so far.- Hide quoted text -
>
> - Show quoted text -