Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0034486Openbravo ERPA. Platformpublic2016-11-14 12:082016-12-16 18:39
Reportermtaal 
Assigned Tomtaal 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR17Q1Fixed in Version3.0PR17Q1 
Merge Request Status
Review Assigned Toalostale
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0034486: Support web/mobile service requests which do not create a http session but still supports login
DescriptionAs Openbravo is used more and more in multi-server environments with webservices used for integrations we need to support fast web services which have a low resource usage.

Currently in Openbravo every web service request will create a http session. In system to system webservice calls it is often not possible to keep track of the http session. So each webservice request will create a new http session. This is not a good approach in high volume webservice request environments.
Steps To ReproduceCheck webservice testcases
Proposed SolutionSupport stateless webservice request by either passing in a parameter to the request (stateless=true) or annotation the webservice implementation that it works stateless.
Additional Information
TagsPerformance
Relationships
related to feature request 0034277RR17Q1 closed mtaal Retail Modules Support stateless web/mobile service requests which do not create a http session but still supports login 
related to feature request 00344813.0PR17Q1 closed mtaal Openbravo ERP Webservice and standard login support different request parameters for login, support same parameters in webservice/standard 
causes defect 0034721 closed mtaal Openbravo ERP Error thrown in the log after invoking a JSON Rest Web Service 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2016-11-14 12:08mtaalNew Issue
2016-11-14 12:08mtaalAssigned To => mtaal
2016-11-14 12:08mtaalOBNetwork customer => No
2016-11-14 12:08mtaalModules => Core
2016-11-14 12:08mtaalTriggers an Emergency Pack => No
2016-11-14 12:08mtaalRelationship addedrelated to 0034277
2016-11-14 12:12mtaalReview Assigned To => alostale
2016-11-14 12:12mtaalTypedefect => feature request
2016-11-14 12:22hgbotCheckin
2016-11-14 12:22hgbotNote Added: 0091445
2016-11-14 12:22hgbotStatusnew => resolved
2016-11-14 12:22hgbotResolutionopen => fixed
2016-11-14 12:22hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^]
2016-11-14 12:25mtaalRelationship addedrelated to 0034481
2016-11-15 11:07mtaalNote Added: 0091544
2016-11-25 10:37alostaleNote Added: 0091820
2016-11-25 10:37alostaleStatusresolved => new
2016-11-25 10:37alostaleResolutionfixed => open
2016-11-25 18:04mtaalNote Added: 0091861
2016-12-02 19:38hgbotCheckin
2016-12-02 19:38hgbotNote Added: 0092047
2016-12-02 19:38hgbotStatusnew => resolved
2016-12-02 19:38hgbotResolutionopen => fixed
2016-12-02 19:38hgbotFixed in SCM revisionhttp://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^] => http://code.openbravo.com/erp/devel/pi/rev/94063c13f4568cc96d809faad6d7c6801df369ce [^]
2016-12-02 19:47mtaalNote Added: 0092048
2016-12-02 19:48mtaalNote Added: 0092049
2016-12-13 10:25alostaleTag Attached: Performance
2016-12-13 10:25alostaleNote Added: 0092302
2016-12-13 10:25alostaleStatusresolved => closed
2016-12-13 10:25alostaleFixed in Version => 3.0PR17Q1
2016-12-13 11:40caristuRelationship addedcauses 0034721
2016-12-16 18:38hudsonbotCheckin
2016-12-16 18:38hudsonbotNote Added: 0092613
2016-12-16 18:39hudsonbotCheckin
2016-12-16 18:39hudsonbotNote Added: 0092688

Notes
(0091445)
hgbot   
2016-11-14 12:22   
Repository: erp/devel/pi
Changeset: b59cceedafd36944a56a5cf3aa12e3e143f1e084
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Mon Nov 14 12:22:05 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^]

Fixes issue 34486: Support stateless requests
Various code changes to prevent http session creation in some cases and set the correct attribute in the http request object
to track that a request is stateless.

Summary of changes:
- JsonUtils: prevent creation of a session when generating error message
- AuthenticationManager: define the stateless parameter and annotation, some common utility methods, prevent setting dbsession record when stateless request, and prevent creating session when clearing the session
- DefaultAuthenticationManager: when stateless use the webservice login approach
- HttpSecureAppServlet: small change to prevent accidental creation of http session, move common code to method, use it to check license restrictions when doing stateless request
- BaseWebServiceServlet: set the stateless request attribute if this is a stateless request
- WebServiceServlet: moved code to parent class for re-use and checking if a webservice is stateless

---
M modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonUtils.java
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
M src/org/openbravo/service/web/BaseWebServiceServlet.java
M src/org/openbravo/service/web/WebServiceServlet.java
---
(0091544)
mtaal   
2016-11-15 11:07   
Documentation will be added after review here:
http://wiki.openbravo.com/wiki/How_to_create_a_new_REST_webservice [^]
(0091820)
alostale   
2016-11-25 10:37   
When stateless ws call is performed, no record is added to AD_Session. This causes counting ws calls to be incorrect.

https://docs.google.com/spreadsheets/d/18l2biKWeG6iGDIPqO6VuYQ_TtP_6YxyQU4KSrPvQlJ8/edit#gid=0 [^]
(0091861)
mtaal   
2016-11-25 18:04   
I checked the code and the stateless calls are now by default doing a webservice authentication. This is done in the DefaultAuthenticationManager [1]. It is correct that currently no ad_session record is created. But the webservice count is checked [2]. I didn't see that the ws count was using the ad_session. Where is this?

In any case I think we can say that stateless requests are always webservice-like requests. So the authenticate should always go through the webserviceauthenticate flow.
Still an ad_session can be created but I think it should be de-activated right away (when creating it) as it otherwise always stays alive. Right away, as I can't really de-activate the ad_session record at the end of the request as there is no good way to preserve/store the session id (yes using thread-local but it feels a bit to heavy for this and would need to be added in several places).

[1]
https://code.openbravo.com/erp/devel/pi/file/f169cafac730/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java#l62 [^]

[2]
https://code.openbravo.com/erp/devel/pi/file/f169cafac730/src/org/openbravo/authentication/AuthenticationManager.java#l228 [^]
(0092047)
hgbot   
2016-12-02 19:38   
Repository: erp/devel/pi
Changeset: 94063c13f4568cc96d809faad6d7c6801df369ce
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Fri Dec 02 19:38:20 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/94063c13f4568cc96d809faad6d7c6801df369ce [^]

Fixes issue 34486: Support web/mobile service requests which do not create a http session but still supports login
Create a dbsession record also for stateless webservice requests

---
M src/org/openbravo/authentication/AuthenticationManager.java
---
(0092048)
mtaal   
2016-12-02 19:47   
Documentation:
http://wiki.openbravo.com/wiki/How_to_create_a_new_REST_webservice#Stateless_Webservice_Requests_-_HTTP_Session [^]
(0092049)
mtaal   
2016-12-02 19:48   
See the related issue 34277 for testcases
(0092302)
alostale   
2016-12-13 10:25   
Code reviewed and tested
(0092613)
hudsonbot   
2016-12-16 18:38   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test
(0092688)
hudsonbot   
2016-12-16 18:39   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test