0010777: OBContext should be created before authentication check

Openbravo Issue Tracking System - Openbravo ERP
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0010777	Openbravo ERP	A. Platform	public	2009-09-25 14:10	2009-10-20 00:00

Reporter	iperdomo
Assigned To	iperdomo
Priority	urgent	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Platform		OS	20	OS Version	2.6.30-gentoo-r5
Product Version	pi
Target Version		Fixed in Version	2.50MP7
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
Modules	Core
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency Pack	No

Summary	0010777: OBContext should be created before authentication check
Description	DAL uses the OBContext object to perform security check. OBContext holds information about the authenticated user. If some custom authentication manager wants to perform data access through DAL, you get a NPE, because the OBContext is not created yet. Example of the exception: 148962 [http-8880-1] ERROR org.openbravo.erpCommon.security.Menu - HTTPSecureAppServlet.service() - exception caught: java.lang.NullPointerException at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:400) at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:390) at org.openbravo.dal.service.OBDal.get(OBDal.java:158) at org.openbravo.authentication.basic.AutologonAuthenticationManager.authenticate(AutologonAuthenticationManager.java:64) at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:182) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.utils.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:66) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.utils.CharsetFilter.doFilter(CharsetFilter.java:35) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:79) at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46) at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:93) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619)
Steps To Reproduce	* Configure the Autologon authentication manager - Open your Openbravo.properties - Change the this 2 properties: authentication.class=org.openbravo.authentication.basic.AutologonAuthenticationManager authentication.autologon.username=Openbravo * Apply the attached patch path -p1 < /path/to/your/AutologonAuthenticationManager.java.diff * Compile the application and deploy the changes * Login Openbravo * Check the application log for a NPE related to org.openbravo.dal.service.OBDal.checkReadAccess
Proposed Solution	* Create the OBContext and set it to system administrator before the authentication
Additional Information
Tags	No tags attached.
Relationships
Attached Files	AutologonAuthenticationManager.java.diff (1,162) 2009-09-25 14:10 https://issues.openbravo.com/file_download.php?file_id=1792&type=bug

Issue History
Date Modified	Username	Field	Change
2009-09-25 14:10	iperdomo	New Issue
2009-09-25 14:10	iperdomo	Assigned To	=> iperdomo
2009-09-25 14:10	iperdomo	File Added: AutologonAuthenticationManager.java.diff
2009-09-25 14:11	iperdomo	Priority	high => urgent
2009-09-25 14:11	iperdomo	Status	new => scheduled
2009-09-25 14:11	iperdomo	fix_in_branch	=> pi
2009-09-25 15:01	iperdomo	Note Added: 0020375
2009-09-25 16:14	shuehner	Issue Monitored: shuehner
2009-09-28 10:45	hgbot	Checkin
2009-09-28 10:45	hgbot	Note Added: 0020388
2009-09-28 10:45	hgbot	Status	scheduled => resolved
2009-09-28 10:45	hgbot	Resolution	open => fixed
2009-09-28 10:45	hgbot	Fixed in SCM revision	=> http://code.openbravo.com/erp/devel/pi/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^]
2009-09-29 14:18	hgbot	Checkin
2009-09-29 14:18	hgbot	Note Added: 0020518
2009-09-29 14:18	hgbot	Fixed in SCM revision	http://code.openbravo.com/erp/devel/pi/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^] => http://code.openbravo.com/erp/devel/pi-pageddatagrid/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^]
2009-10-19 11:12	mtaal	Status	resolved => closed
2009-10-19 11:12	mtaal	Note Added: 0021160
2009-10-19 11:12	mtaal	Fixed in Version	=> 2.50MP7
2009-10-20 00:00	anonymous	sf_bug_id	0 => 2882005

Notes