Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0035172Openbravo ERPA. Platformpublic2017-02-06 17:352017-03-15 20:19
Reportermtaal 
Assigned Tomtaal 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR17Q2Fixed in Version3.0PR17Q2 
Merge Request Status
Review Assigned Toalostale
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0035172: In case of stateless request make sure OBContext is set and let VariableBase and other core ERP code not create a session
DescriptionThe VariableBase [1] always creates a session, also in case of a stateless session.

Also in case of a stateless request we should log an error if a http session gets created.

[1]
https://code.openbravo.com/erp/devel/pi/file/01c864252395/src-core/src/org/openbravo/base/VariablesBase.java#l79 [^]
Steps To ReproduceExecute retail test cases found here [1]

[1]
https://code.openbravo.com/tools/automation/pi-mobile/file/tip/src-test/org/openbravo/test/mobile/retail/pack/webservice/tests/orderloader/RetailOrderLoaderTest.java [^]
Proposed SolutionAdd log statement in the session context listener [1]

Prevent the variable base class from creating a session in case of a stateless request [2].

[1]
https://code.openbravo.com/erp/devel/pi/file/01c864252395/src/org/openbravo/erpCommon/security/SessionListener.java#l151 [^]
Additional Information
TagsNo tags attached.
Relationships
has duplicate defect 0035144 closed mtaal Retail Modules [Store Server 2402]Stateless Authentication not working with External Order Loader 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2017-02-06 17:35mtaalNew Issue
2017-02-06 17:35mtaalAssigned To => mtaal
2017-02-06 17:35mtaalModules => Core
2017-02-06 17:35mtaalTriggers an Emergency Pack => No
2017-02-06 17:36mtaalSummaryIn case of stateless request then let VariableBase and other core ERP code not create a session => In case of stateless request make sure OBContext is set and let VariableBase and other core ERP code not create a session
2017-02-06 17:36mtaalRelationship addedcauses 0035144
2017-02-08 09:38hgbotCheckin
2017-02-08 09:38hgbotNote Added: 0094139
2017-02-08 09:39mtaalReview Assigned To => alostale
2017-02-08 09:42hgbotCheckin
2017-02-08 09:42hgbotNote Added: 0094142
2017-02-08 09:42hgbotStatusnew => resolved
2017-02-08 09:42hgbotResolutionopen => fixed
2017-02-08 09:42hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/1605b906892b1cb17278557e5ed4bbf5043328e1 [^]
2017-02-08 09:42mtaalRelationship replacedhas duplicate 0035144
2017-02-10 08:52alostaleNote Added: 0094208
2017-02-10 08:52alostaleStatusresolved => closed
2017-02-10 08:52alostaleFixed in Version => 3.0PR17Q2
2017-03-15 20:19hudsonbotCheckin
2017-03-15 20:19hudsonbotNote Added: 0095169

Notes
(0094139)
hgbot   
2017-02-08 09:38   
Repository: tools/automation/pi-mobile
Changeset: c55fdc10cb2447a5d75887ba82739f7be9ceb27a
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Wed Feb 08 09:38:12 2017 +0100
URL: http://code.openbravo.com/tools/automation/pi-mobile/rev/c55fdc10cb2447a5d75887ba82739f7be9ceb27a [^]

Related to issue 35172 and issue 35171: added testcases for stateless/basic authentication
Use new class TestExternalOrderLoader to validate on the server that requests are indeed
stateless.
Explicitly add basic authentication headers

---
M src-test/org/openbravo/test/mobile/retail/extmodules/unittest/suites/StatelessTestSuite.java
M src-test/org/openbravo/test/mobile/retail/mobilecore/webservice/WebServicesHelper.java
M src-test/org/openbravo/test/mobile/retail/pack/webservice/tests/orderloader/BaseRetailOrderLoaderTest.java
A src-test/org/openbravo/test/mobile/retail/extmodules/unittest/tests/statelesswebservice/StatelessRetailOrderLoaderTest.java
A src-test/org/openbravo/test/mobile/retail/extmodules/unittest/tests/statelesswebservice/message-order-minimal-1.json
A src-test/org/openbravo/test/mobile/retail/extmodules/unittest/tests/statelesswebservice/message-order-multiline-1.json
---
(0094142)
hgbot   
2017-02-08 09:42   
Repository: erp/devel/pi
Changeset: 1605b906892b1cb17278557e5ed4bbf5043328e1
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Wed Feb 08 09:41:56 2017 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/1605b906892b1cb17278557e5ed4bbf5043328e1 [^]

Fixes issue 35172: In case of stateless request make sure OBContext is set
Prevent VariableBase from creating a session in case of stateless request
Set the OBContext explicitly in case of stateless request
Add a log statement in case a session is created in case of a stateless request

---
M src-core/src/org/openbravo/base/VariablesBase.java
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
M src/org/openbravo/erpCommon/security/SessionListener.java
---
(0094208)
alostale   
2017-02-10 08:52   
reviewed
(0095169)
hudsonbot   
2017-03-15 20:19   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^]
Maturity status: Test