Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0019337Openbravo ERPA. Platformpublic2011-12-20 09:462011-12-20 09:56
immediatecriticalhave not tried
0019337: Api change build 2631
method org.openbravo.service.web.BaseWebServiceServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse): nonfinal in SANDBOX/api-checks/java/reference/java, but final in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631
method org.openbravo.service.web.BaseWebServiceServlet.doBasicAuthentication(javax.servlet.http.HttpServletRequest): missing in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631
method org.openbravo.service.web.BaseWebServiceServlet.isLoggedIn(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse): missing in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631

As part of new pricing policies project, authentication has been removed from BaseWebServiceServlet to use the standard one in Authentication manager. Additionally BaseWebServiceServlet.service method has been made final so subclasses cannot modify it.
These affects to modules extending BaseWebServiceServlet. There are two cases where that can affect them:

-If they override service method. This is now not allowed. They must be fixed to override doService method, which is called from service.
-In case they were using doBasicAuthentication or isLoggedIn to implement authenitcation. This is not allowed anymore, web service authentication must be done using the AuthenicationManager.webServiceAuthenticate method [1], which in fact is called in the final sevice method.

The risk of these changes is *low* because modules providing web services in the documented manner [2] are not affected.

Proposed solution:
Accept these changes as the risk is low and now authentication is enforced to use the new methods

[1] [^]
[2] [^]
No tags attached.
Issue History
2011-12-20 09:46alostaleNew Issue
2011-12-20 09:46alostaleAssigned To => alostale
2011-12-20 09:46alostaleModules => Core
2011-12-20 09:53alostaleProposed Solution updated
2011-12-20 09:53alostaleSummaryApi change build 0002631 => Api change build 2631
2011-12-20 09:56hgbotCheckin
2011-12-20 09:56hgbotNote Added: 0043967
2011-12-20 09:56hgbotStatusnew => resolved
2011-12-20 09:56hgbotResolutionopen => fixed
2011-12-20 09:56hgbotFixed in SCM revision => [^]
2011-12-20 09:56alostaleNote Added: 0043968
2011-12-20 09:56alostaleStatusresolved => closed
2011-12-20 09:56alostaleFixed in Version => 3.0MP7

2011-12-20 09:56   
Repository: erp/devel/api-checks
Changeset: 320ff5578813fb809ade4f8372f9b3a0b3041c76
Author: Asier Lostalé <asier.lostale <at>>
Date: Tue Dec 20 09:55:36 2011 +0100
URL: [^]

fixed issue 19337: Api change build 2631

M java/reference/java.japi.gz
2011-12-20 09:56