diff --git a/src/org/openbravo/mobile/core/authenticate/MobileKeyAuthenticationManager.java b/src/org/openbravo/mobile/core/authenticate/MobileKeyAuthenticationManager.java --- a/src/org/openbravo/mobile/core/authenticate/MobileKeyAuthenticationManager.java +++ b/src/org/openbravo/mobile/core/authenticate/MobileKeyAuthenticationManager.java @@ -43,7 +43,8 @@ protected String doAuthenticate(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, ServletException, IOException { - final String sUserId = (String) request.getSession().getAttribute("#Authenticated_user"); + String sUserId = request.getSession(false) == null ? "" : (String) request.getSession() + .getAttribute("#Authenticated_user"); if (!StringUtils.isEmpty(sUserId)) { return sUserId; } @@ -54,11 +55,18 @@ .getParameter(MobileAuthenticationKeyUtils.AUTHENTICATION_CLIENT_PARAM); if (token == null || clientId == null) { + if (AuthenticationManager.isStatelessRequest(request)) { + return super.doWebServiceAuthenticate(request); + } return doDefaultAuthenticate(request, response); } try { return doInternalAuthenticate(request, token, clientId); } catch (Throwable t) { + if (AuthenticationManager.isStatelessRequest(request)) { + logger.info("Authentication login failed, stateless so stopping here", t); + throw new AuthenticationException("Authentication Login Failed", t); + } logger.info("Authentication login failed, continueing with standard login approach", t); return super.doAuthenticate(request, response); } @@ -76,6 +84,9 @@ OBContext.setOBContextInSession(request, OBContext.getOBContext()); } + if (AuthenticationManager.isStatelessRequest(request)) { + return authenticationToken.getUserId(); + } // code from DefaultAuthenticationManager // Using the Servlet API instead of vars.setSessionValue to avoid breaking code // vars.setSessionValue always transform the key to upper-case diff --git a/src/org/openbravo/mobile/core/process/JSONRowConverter.java b/src/org/openbravo/mobile/core/process/JSONRowConverter.java --- a/src/org/openbravo/mobile/core/process/JSONRowConverter.java +++ b/src/org/openbravo/mobile/core/process/JSONRowConverter.java @@ -21,6 +21,7 @@ import org.codehaus.jettison.json.JSONArray; import org.codehaus.jettison.json.JSONException; import org.codehaus.jettison.json.JSONObject; +import org.openbravo.authentication.AuthenticationManager; import org.openbravo.base.exception.OBSecurityException; import org.openbravo.base.provider.OBProvider; import org.openbravo.base.secureApp.VariablesSecureApp; @@ -236,11 +237,19 @@ try { objException.put(JsonConstants.RESPONSE_STATUS, JsonConstants.RPCREQUEST_STATUS_FAILURE); - final VariablesSecureApp vars = RequestContext.get().getVariablesSecureApp(); - final OBError obError = Utility.translateError(new DalConnectionProvider(), vars, OBContext - .getOBContext().getLanguage().getLanguage(), localThrowable.getMessage()); + OBError obError; + // in case of stateless then prevent creation of a http session when an error is reported + if (AuthenticationManager.isStatelessRequest(RequestContext.get().getRequest())) { + obError = new OBError(); + obError.setType("Error"); + obError.setMessage(throwable.getMessage()); + } else { + final VariablesSecureApp vars = RequestContext.get().getVariablesSecureApp(); + obError = Utility.translateError(new DalConnectionProvider(), vars, OBContext + .getOBContext().getLanguage().getLanguage(), localThrowable.getMessage()); + } + JSONObject errorObj = new JSONObject(); - if (localThrowable instanceof OBSecurityException) { errorObj.put("message", "OBUIAPP_ActionNotAllowed"); errorObj.put("type", "OBUIAPP_ActionNotAllowed"); diff --git a/src/org/openbravo/mobile/core/process/MobileService.java b/src/org/openbravo/mobile/core/process/MobileService.java --- a/src/org/openbravo/mobile/core/process/MobileService.java +++ b/src/org/openbravo/mobile/core/process/MobileService.java @@ -15,6 +15,7 @@ import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; +import java.util.List; import javax.enterprise.util.AnnotationLiteral; import javax.servlet.ServletConfig; @@ -26,6 +27,7 @@ import org.codehaus.jettison.json.JSONArray; import org.codehaus.jettison.json.JSONException; import org.codehaus.jettison.json.JSONObject; +import org.openbravo.authentication.AuthenticationManager; import org.openbravo.base.weld.WeldUtils; import org.openbravo.service.json.JsonUtils; import org.openbravo.service.web.InvalidRequestException; @@ -59,6 +61,34 @@ doGetOrPost(request, response, getRequestContent(request)); } + public void service(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + String url = request.getRequestURL().toString(); + // determine if the + String[] pathparts = checkSetParameters(request, response); + if (pathparts == null) { + super.service(request, response); + } else if (pathparts.length == 1 || "hql".equals(pathparts[1])) { + super.service(request, response); + } + + // is a service, determine if all its implementations are stateless + try { + final List jsonProcesses = new MobileServiceProcessor() + .getServiceClassInstances(pathparts[1]); + boolean stateless = true; + for (JSONProcess jsonProcess : jsonProcesses) { + stateless &= AuthenticationManager.isStatelessService(jsonProcess.getClass()); + } + if (stateless) { + request.setAttribute(AuthenticationManager.STATELESS_REQUEST, "true"); + } + } catch (Throwable ignore) { + // ignore, will re-appear in further processing and handled better there + } + super.service(request, response); + } + private void doGetOrPost(HttpServletRequest request, HttpServletResponse response, String content) throws IOException, ServletException { diff --git a/src/org/openbravo/mobile/core/process/SecuredJSONProcess.java b/src/org/openbravo/mobile/core/process/SecuredJSONProcess.java --- a/src/org/openbravo/mobile/core/process/SecuredJSONProcess.java +++ b/src/org/openbravo/mobile/core/process/SecuredJSONProcess.java @@ -21,6 +21,7 @@ import org.apache.log4j.Logger; import org.codehaus.jettison.json.JSONException; import org.codehaus.jettison.json.JSONObject; +import org.openbravo.authentication.AuthenticationManager; import org.openbravo.base.exception.OBException; import org.openbravo.client.kernel.RequestContext; import org.openbravo.dal.core.OBContext; @@ -92,6 +93,11 @@ } protected boolean hasPermission() { + if (AuthenticationManager.isStatelessRequest(RequestContext.get().getRequest())) { + log.warn("Allowing permission by default for a stateless request, override the hasPermission method to prevent this warning"); + return true; + } + // cache permission in session if (RequestContext.get().getRequest() != null && RequestContext.get().getSession() != null) { Object sessionValue = RequestContext.get().getSessionAttribute(secureKey); diff --git a/src/org/openbravo/mobile/core/servercontroller/MobileServerRequestExecutor.java b/src/org/openbravo/mobile/core/servercontroller/MobileServerRequestExecutor.java --- a/src/org/openbravo/mobile/core/servercontroller/MobileServerRequestExecutor.java +++ b/src/org/openbravo/mobile/core/servercontroller/MobileServerRequestExecutor.java @@ -103,7 +103,6 @@ + parameters); } hc.connect(); - storeSessionCookie(server.getMobileServerKey(), hc); final InputStream is = hc.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(is, "UTF-8")); @@ -116,6 +115,11 @@ if (log.isDebugEnabled()) { log.debug("Received response (" + logTimeStamp + ") " + sb.toString()); } + + // set the session cookie after trying to get the data, as then connection + // failures are shown earlier + storeSessionCookie(server.getMobileServerKey(), hc); + return sb.toString(); } diff --git a/src/org/openbravo/mobile/core/servercontroller/MobileServerStatusInformation.java b/src/org/openbravo/mobile/core/servercontroller/MobileServerStatusInformation.java --- a/src/org/openbravo/mobile/core/servercontroller/MobileServerStatusInformation.java +++ b/src/org/openbravo/mobile/core/servercontroller/MobileServerStatusInformation.java @@ -20,12 +20,13 @@ import org.codehaus.jettison.json.JSONObject; import org.hibernate.Query; import org.hibernate.Session; -import org.openbravo.client.kernel.RequestContext; +import org.openbravo.authentication.AuthenticationManager; import org.openbravo.dal.core.OBContext; import org.openbravo.dal.service.OBDal; import org.openbravo.mobile.core.process.JSONRowConverter; import org.openbravo.mobile.core.process.ProcessHQLQuery; +@AuthenticationManager.Stateless public class MobileServerStatusInformation extends ProcessHQLQuery { private final static Logger log = Logger.getLogger(MobileServerStatusInformation.class); @@ -47,10 +48,6 @@ w.write("\"serverStatus\": \"" + qryResult + "\""); } - // actively invalidate the session as this service is - // called actively in high frequency - RequestContext.get().getSession().invalidate(); - } catch (Throwable t) { log.error(t.getMessage(), t); JSONRowConverter.addJSONExceptionFields(w, t); diff --git a/src/org/openbravo/mobile/core/servercontroller/RetrieveMobileServerStatus.java b/src/org/openbravo/mobile/core/servercontroller/RetrieveMobileServerStatus.java --- a/src/org/openbravo/mobile/core/servercontroller/RetrieveMobileServerStatus.java +++ b/src/org/openbravo/mobile/core/servercontroller/RetrieveMobileServerStatus.java @@ -12,6 +12,7 @@ import org.codehaus.jettison.json.JSONException; import org.codehaus.jettison.json.JSONObject; +import org.openbravo.authentication.AuthenticationManager; import org.openbravo.dal.core.OBContext; import org.openbravo.dal.service.OBDal; import org.openbravo.dal.service.OBQuery; @@ -44,6 +45,8 @@ * * @author mtaal */ + +@AuthenticationManager.Stateless public class RetrieveMobileServerStatus extends JSONProcessSimple { public JSONObject exec(JSONObject jsonSent) throws JSONException, ServletException {