Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0025176Openbravo ERPC. Securitypublic2013-11-18 18:112014-01-20 15:28
caristu 
shankarb 
urgentmajoralways
closedfixed 
5
 
3.0PR14Q23.0PR14Q2 
AugustoMauch
Core
No
0025176: It's possible to access web services even if the maximum allowed calls is exceeded
It's possible to access web services even if the maximum allowed calls is exceeded if we log-in in the system and after that we open a new tab in the browser.
1) Log-in in an instance with the maximum allowed web service calls exceeded
2) Open a new tab. Access any of the standard web services, for example localhost:8080/openbravo/ws/dal/BusinessPartner
The BaseWebServiceServlet class is doing the following check:

    // already logged in?
    if (OBContext.getOBContext() != null) {
      doService(request, response);
      return;
    }

So, if we are already logged the authentication is not done, therefore is not checked if the maximum ws calls has been exceeded.
No tags attached.
related to defect 0025576 acknowledged platform The number of calls to web services is not computed properly under some circumstances 
blocks defect 0026572 closed guillermogil Calls to web service are failing if the role used don't have permission to User window 
diff FixIssue25176.diff (1,084) 2013-12-30 04:59
https://issues.openbravo.com/file_download.php?file_id=6594&type=bug
Issue History
2013-11-18 18:11caristuNew Issue
2013-11-18 18:11caristuAssigned To => AugustoMauch
2013-11-18 18:11caristuModules => Core
2013-11-18 18:11caristuTriggers an Emergency Pack => No
2013-11-18 18:13caristuIssue Monitored: networkb
2013-11-19 11:33caristuProposed Solution updated
2013-12-26 10:10shankarbAssigned ToAugustoMauch => shankarb
2013-12-30 04:59shankarbFile Added: FixIssue25176.diff
2013-12-30 05:04shankarbStatusnew => scheduled
2013-12-30 05:04shankarbfix_in_branch => pi
2014-01-02 12:38jonalegriaesarteTarget Version3.0MP31 => 3.0MP32
2014-01-12 11:04shankarbReview Assigned To => AugustoMauch
2014-01-12 11:04shankarbfix_in_branchpi =>
2014-01-12 11:05shankarbIssue Monitored: AugustoMauch
2014-01-12 11:06hgbotCheckin
2014-01-12 11:06hgbotNote Added: 0063363
2014-01-12 11:06hgbotStatusscheduled => resolved
2014-01-12 11:06hgbotResolutionopen => fixed
2014-01-12 11:06hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/a60184d93ff1f94b2192620cd0f589e0e4f1c09d [^]
2014-01-16 09:18hgbotCheckin
2014-01-16 09:18hgbotNote Added: 0063431
2014-01-17 15:49hudsonbotCheckin
2014-01-17 15:49hudsonbotNote Added: 0063492
2014-01-20 15:28AugustoMauchNote Added: 0063539
2014-01-20 15:28AugustoMauchStatusresolved => closed
2014-01-20 15:28AugustoMauchFixed in Version => 3.0MP32
2014-01-28 13:40caristuRelationship addedrelated to 0025576
2014-05-16 13:37guillermogilRelationship addedblocks 0026572

Notes
(0063363)
hgbot   
2014-01-12 11:06   
Repository: erp/devel/pi
Changeset: a60184d93ff1f94b2192620cd0f589e0e4f1c09d
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Tue Dec 03 15:28:23 2013 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/a60184d93ff1f94b2192620cd0f589e0e4f1c09d [^]

Fixes Issue 0025176: It's possible to access web services even if the maximum allowed calls is exceeded

Checking whether web service call is allowed on all cases.

---
M src/org/openbravo/service/web/BaseWebServiceServlet.java
---
(0063431)
hgbot   
2014-01-16 09:18   
Repository: erp/pmods/org.openbravo.client.analytics
Changeset: 05f3485f6a17ecbe65b4356114315c4a79cd27aa
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Thu Jan 16 09:18:24 2014 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.client.analytics/rev/05f3485f6a17ecbe65b4356114315c4a79cd27aa [^]

Solve issue 25176 also for OBXMLServlet

---
M src/org/openbravo/client/analytics/OBXMLAServlet.java
A web/org.openbravo.client.analytics/js/ob-analytics-show-grid-report.js
---
(0063492)
hudsonbot   
2014-01-17 15:49   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9669102eb541 [^]
Maturity status: Test
(0063539)
AugustoMauch   
2014-01-20 15:28   
Code reviewed and verified in pi@a60184d93ff1