Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0010777Openbravo ERPA. Platformpublic2009-09-25 14:102009-10-20 00:00
Reporteriperdomo 
Assigned Toiperdomo 
PriorityurgentSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS20OS Version2.6.30-gentoo-r5
Product Versionpi 
Target VersionFixed in Version2.50MP7 
Merge Request Status
Review Assigned To
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0010777: OBContext should be created before authentication check
DescriptionDAL uses the OBContext object to perform security check. OBContext holds information about the authenticated user.

If some custom authentication manager wants to perform data access through DAL, you get a NPE, because the OBContext is not created yet.

Example of the exception:
148962 [http-8880-1] ERROR org.openbravo.erpCommon.security.Menu - HTTPSecureAppServlet.service() - exception caught:
java.lang.NullPointerException
    at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:400)
    at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:390)
    at org.openbravo.dal.service.OBDal.get(OBDal.java:158)
    at org.openbravo.authentication.basic.AutologonAuthenticationManager.authenticate(AutologonAuthenticationManager.java:64)
    at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:182)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.utils.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.utils.CharsetFilter.doFilter(CharsetFilter.java:35)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:79)
    at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46)
    at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:93)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:619)
Steps To Reproduce* Configure the Autologon authentication manager
- Open your Openbravo.properties
- Change the this 2 properties:
  authentication.class=org.openbravo.authentication.basic.AutologonAuthenticationManager
  authentication.autologon.username=Openbravo

* Apply the attached patch
  path -p1 < /path/to/your/AutologonAuthenticationManager.java.diff

* Compile the application and deploy the changes

* Login Openbravo

* Check the application log for a NPE related to org.openbravo.dal.service.OBDal.checkReadAccess
Proposed Solution* Create the OBContext and set it to system administrator before the authentication
Additional Information
TagsNo tags attached.
Relationships
Attached Filesdiff AutologonAuthenticationManager.java.diff (1,162) 2009-09-25 14:10
https://issues.openbravo.com/file_download.php?file_id=1792&type=bug
Issue History
Date ModifiedUsernameFieldChange
2009-09-25 14:10iperdomoNew Issue
2009-09-25 14:10iperdomoAssigned To => iperdomo
2009-09-25 14:10iperdomoFile Added: AutologonAuthenticationManager.java.diff
2009-09-25 14:10iperdomoOBNetwork customer => No
2009-09-25 14:11iperdomoPriorityhigh => urgent
2009-09-25 14:11iperdomoStatusnew => scheduled
2009-09-25 14:11iperdomofix_in_branch => pi
2009-09-25 15:01iperdomoNote Added: 0020375
2009-09-25 16:14shuehnerIssue Monitored: shuehner
2009-09-28 10:45hgbotCheckin
2009-09-28 10:45hgbotNote Added: 0020388
2009-09-28 10:45hgbotStatusscheduled => resolved
2009-09-28 10:45hgbotResolutionopen => fixed
2009-09-28 10:45hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^]
2009-09-29 14:18hgbotCheckin
2009-09-29 14:18hgbotNote Added: 0020518
2009-09-29 14:18hgbotFixed in SCM revisionhttp://code.openbravo.com/erp/devel/pi/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^] => http://code.openbravo.com/erp/devel/pi-pageddatagrid/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^]
2009-10-19 11:12mtaalStatusresolved => closed
2009-10-19 11:12mtaalNote Added: 0021160
2009-10-19 11:12mtaalFixed in Version => 2.50MP7
2009-10-20 00:00anonymoussf_bug_id0 => 2882005

Notes
(0020375)
iperdomo   
2009-09-25 15:01   
The patch on the Autologon prints in the standard out (catalina.out) the username with Id 100. Something like:
Username:Openbravo
Username:Openbravo
Username:Openbravo
Username:Openbravo

If you get this output, means that the issue is fixed.
(0020388)
hgbot   
2009-09-28 10:45   
Repository: erp/devel/pi
Changeset: e6579ce4100fc6c49ef8b28fc6b8fbd24d521212
Author: Iván Perdomo <ivan.perdomo <at> openbravo.com>
Date: Mon Sep 28 10:41:51 2009 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^]

Fixes issue 10777: Set AdminContext before authentication when is not present

---
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
---
(0020518)
hgbot   
2009-09-29 14:18   
Repository: erp/devel/pi-pageddatagrid
Changeset: e6579ce4100fc6c49ef8b28fc6b8fbd24d521212
Author: Iván Perdomo <ivan.perdomo <at> openbravo.com>
Date: Mon Sep 28 10:41:51 2009 +0200
URL: http://code.openbravo.com/erp/devel/pi-pageddatagrid/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^]

Fixes issue 10777: Set AdminContext before authentication when is not present

---
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
---
(0021160)
mtaal   
2009-10-19 11:12   
Issue closed