Openbravo Issue Tracking System - Openbravo ERP | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0019337 | Openbravo ERP | A. Platform | public | 2011-12-20 09:46 | 2011-12-20 09:56 |
| Reporter | alostale | ||||
| Assigned To | alostale | ||||
| Priority | immediate | Severity | critical | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Platform | OS | 5 | OS Version | ||
| Product Version | |||||
| Target Version | Fixed in Version | 3.0MP7 | |||
| Merge Request Status | |||||
| Review Assigned To | |||||
| OBNetwork customer | |||||
| Web browser | |||||
| Modules | Core | ||||
| Support ticket | |||||
| Regression level | |||||
| Regression date | |||||
| Regression introduced in release | |||||
| Regression introduced by commit | |||||
| Triggers an Emergency Pack | No | ||||
| Summary | 0019337: Api change build 2631 | ||||
| Description | Bad method org.openbravo.service.web.BaseWebServiceServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse): nonfinal in SANDBOX/api-checks/java/reference/java, but final in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631 Missing method org.openbravo.service.web.BaseWebServiceServlet.doBasicAuthentication(javax.servlet.http.HttpServletRequest): missing in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631 method org.openbravo.service.web.BaseWebServiceServlet.isLoggedIn(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse): missing in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631 As part of new pricing policies project, authentication has been removed from BaseWebServiceServlet to use the standard one in Authentication manager. Additionally BaseWebServiceServlet.service method has been made final so subclasses cannot modify it. | ||||
| Steps To Reproduce | - | ||||
| Proposed Solution | Risk: These affects to modules extending BaseWebServiceServlet. There are two cases where that can affect them: -If they override service method. This is now not allowed. They must be fixed to override doService method, which is called from service. -In case they were using doBasicAuthentication or isLoggedIn to implement authenitcation. This is not allowed anymore, web service authentication must be done using the AuthenicationManager.webServiceAuthenticate method [1], which in fact is called in the final sevice method. The risk of these changes is *low* because modules providing web services in the documented manner [2] are not affected. Proposed solution: Accept these changes as the risk is low and now authentication is enforced to use the new methods [1] http://wiki.openbravo.com/wiki/Authentication#Web_Services_and_Connectors [^] [2] http://wiki.openbravo.com/wiki/How_to_create_a_new_REST_webservice [^] | ||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2011-12-20 09:46 | alostale | New Issue | |||
| 2011-12-20 09:46 | alostale | Assigned To | => alostale | ||
| 2011-12-20 09:46 | alostale | Modules | => Core | ||
| 2011-12-20 09:53 | alostale | Proposed Solution updated | |||
| 2011-12-20 09:53 | alostale | Summary | Api change build 0002631 => Api change build 2631 | ||
| 2011-12-20 09:56 | hgbot | Checkin | |||
| 2011-12-20 09:56 | hgbot | Note Added: 0043967 | |||
| 2011-12-20 09:56 | hgbot | Status | new => resolved | ||
| 2011-12-20 09:56 | hgbot | Resolution | open => fixed | ||
| 2011-12-20 09:56 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/api-checks/rev/320ff5578813fb809ade4f8372f9b3a0b3041c76 [^] | ||
| 2011-12-20 09:56 | alostale | Note Added: 0043968 | |||
| 2011-12-20 09:56 | alostale | Status | resolved => closed | ||
| 2011-12-20 09:56 | alostale | Fixed in Version | => 3.0MP7 | ||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||