0025176: It's possible to access web services even if the maximum allowed calls is exceeded - Openbravo Issue Tracking System

Openbravo Issue Tracking System - Openbravo ERP

View Issue Details

ID

Project

Category

View Status

Date Submitted

Last Update

0025176

Openbravo ERP

C. Security

public

2013-11-18 18:11

2014-01-20 15:28

Reporter

caristu

Assigned To

shankarb

Priority

urgent

Severity

major

Reproducibility

always

Status

closed

Resolution

fixed

Platform

OS

5

OS Version

Product Version

Target Version

3.0PR14Q2

Fixed in Version

3.0PR14Q2

Merge Request Status

Review Assigned To

AugustoMauch

OBNetwork customer

Web browser

Modules

Core

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

No

Summary

0025176: It's possible to access web services even if the maximum allowed calls is exceeded

Description

It's possible to access web services even if the maximum allowed calls is exceeded if we log-in in the system and after that we open a new tab in the browser.

Steps To Reproduce

1) Log-in in an instance with the maximum allowed web service calls exceeded
2) Open a new tab. Access any of the standard web services, for example localhost:8080/openbravo/ws/dal/BusinessPartner

Proposed Solution

The BaseWebServiceServlet class is doing the following check:

    // already logged in?
    if (OBContext.getOBContext() != null) {
      doService(request, response);
      return;
    }

So, if we are already logged the authentication is not done, therefore is not checked if the maximum ws calls has been exceeded.

Additional Information

Tags

No tags attached.

Relationships

related to	defect	0025576		acknowledged	Triage Platform Base	The number of calls to web services is not computed properly under some circumstances
blocks	defect	0026572		closed	guillermogil	Calls to web service are failing if the role used don't have permission to User window

Attached Files

diff

FixIssue25176.diff (1,084) 2013-12-30 04:59
https://issues.openbravo.com/file_download.php?file_id=6594&type=bug

Issue History

Date Modified

Username

Field

Change

2013-11-18 18:11

New Issue

2013-11-18 18:11

Assigned To

=> AugustoMauch

2013-11-18 18:11

Modules

=> Core

2013-11-18 18:11

Triggers an Emergency Pack

=> No

2013-11-18 18:13

Issue Monitored: networkb

2013-11-19 11:33

Proposed Solution updated

2013-12-26 10:10

shankarb

Assigned To

AugustoMauch => shankarb

2013-12-30 04:59

shankarb

File Added: FixIssue25176.diff

2013-12-30 05:04

shankarb

Status

new => scheduled

2013-12-30 05:04

shankarb

fix_in_branch

=> pi

2014-01-02 12:38

jonalegriaesarte

Target Version

3.0MP31 => 3.0MP32

2014-01-12 11:04

shankarb

Review Assigned To

=> AugustoMauch

2014-01-12 11:04

shankarb

fix_in_branch

pi =>

2014-01-12 11:05

shankarb

Issue Monitored: AugustoMauch

2014-01-12 11:06

Checkin

2014-01-12 11:06

Note Added: 0063363

2014-01-12 11:06

Status

scheduled => resolved

2014-01-12 11:06

Resolution

open => fixed

2014-01-12 11:06

Fixed in SCM revision

=> http://code.openbravo.com/erp/devel/pi/rev/a60184d93ff1f94b2192620cd0f589e0e4f1c09d [^]

2014-01-16 09:18

Checkin

2014-01-16 09:18

Note Added: 0063431

2014-01-17 15:49

Checkin

2014-01-17 15:49

Note Added: 0063492

2014-01-20 15:28

Note Added: 0063539

2014-01-20 15:28

Status

resolved => closed

2014-01-20 15:28

Fixed in Version

=> 3.0MP32

2014-01-28 13:40

Relationship added

related to 0025576

2014-05-16 13:37

Relationship added

blocks 0026572

Notes