0035164: AuthenticationManager.username thread unsafe - Openbravo Issue Tracking System

Openbravo Issue Tracking System - Openbravo ERP

View Issue Details

ID

Project

Category

View Status

Date Submitted

Last Update

0035164

Openbravo ERP

A. Platform

public

2017-02-06 08:35

2017-09-21 16:49

Reporter

alostale

Assigned To

caristu

Priority

urgent

Severity

major

Reproducibility

random

Status

closed

Resolution

fixed

Platform

OS

5

OS Version

Product Version

Target Version

Fixed in Version

3.0PR17Q4

Merge Request Status

Review Assigned To

alostale

OBNetwork customer

No

Web browser

Modules

Core

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

No

Summary

0035164: AuthenticationManager.username thread unsafe

Description

AuthenticationManager class has a member username which is set and accessed by different methods [1].

An instance of AuthenticationManager is kept in the HttpSecureAppServlet as a member [2] of the servlet. Therefore username can be accessed in an inconsistent state.

[1] https://code.openbravo.com/erp/devel/pi/file/0c91a26dca81/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java#l83 [^]
[2] https://code.openbravo.com/erp/devel/pi/file/0c91a26dca81/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java#l83 [^]

Steps To Reproduce

Would need to create an artificial test to reproduce this behavior, though it possibly is reproducible in real cases.

Proposed Solution

Additional Information

Tags

Relationships

related to	design defect	0036808		new	Triage Platform Base	AuthenticationManager should be stateless
depends on	defect	0036807		closed	caristu	API Change: remove AuthenticationManager.username field
blocks	design defect	0034664		acknowledged	Triage Platform Base	multi thread unsafeties

Attached Files

Issue History

Date Modified

Username

Field

Change

2017-02-06 08:35

New Issue

2017-02-06 08:35

Assigned To

=> platform

2017-02-06 08:35

OBNetwork customer

=> No

2017-02-06 08:35

Modules

=> Core

2017-02-06 08:35

Triggers an Emergency Pack

=> No

2017-02-06 08:35

Relationship added

blocks 0034664

2017-02-06 08:35

Tag Attached: multiThread

2017-02-06 08:35

Status

new => acknowledged

2017-09-07 11:50

Assigned To

platform => caristu

2017-09-07 11:50

Status

acknowledged => scheduled

2017-09-07 11:59

Checkin

2017-09-07 11:59

Note Added: 0098883

2017-09-07 19:09

Relationship added

depends on 0036807

2017-09-07 19:21

Relationship added

related to 0036808

2017-09-08 13:18

Note Added: 0098912

2017-09-08 13:18

Status

scheduled => resolved

2017-09-08 13:18

Fixed in SCM revision

=> 282b45a9521e

2017-09-08 13:18

Resolution

open => fixed

2017-09-08 13:18

Note Edited: 0098912

bug_revision_view_page.php?bugnote_id=0098912#r15853

2017-09-08 13:19

Review Assigned To

=> alostale

2017-09-08 13:20

Note Edited: 0098912

bug_revision_view_page.php?bugnote_id=0098912#r15854

2017-09-08 13:32

Fixed in SCM revision

282b45a9521e => 282b45a9521ehttps://code.openbravo.com/erp/devel/pi/rev/282b45a9521e [^]

2017-09-08 13:32

Fixed in SCM revision

282b45a9521ehttps://code.openbravo.com/erp/devel/pi/rev/282b45a9521e [^] => https://code.openbravo.com/erp/devel/pi/rev/282b45a9521e [^]

2017-09-08 13:38

Note Edited: 0098912

bug_revision_view_page.php?bugnote_id=0098912#r15855

2017-09-12 09:29

Checkin

2017-09-12 09:29

Note Added: 0098963

2017-09-12 09:34

Checkin

2017-09-12 09:34

Note Added: 0098966

2017-09-12 10:57

Note Added: 0098972

2017-09-12 10:57

Status

resolved => closed

2017-09-12 10:57

Fixed in Version

=> 3.0PR17Q4

2017-09-21 16:49

Checkin

2017-09-21 16:49

Note Added: 0099366

2017-09-21 16:49

Checkin

2017-09-21 16:49

Note Added: 0099370

2017-09-21 16:49

Checkin

2017-09-21 16:49

Note Added: 0099377

2017-09-21 16:49

Checkin

2017-09-21 16:49

Note Added: 0099378

Notes