0036808: AuthenticationManager should be stateless - Openbravo Issue Tracking System

Openbravo Issue Tracking System - Openbravo ERP

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0036808

Openbravo ERP

A. Platform

public

2017-09-07 19:21

2022-02-01 08:08

Reporter

caristu

Assigned To

Triage Platform Base

Priority

normal

Severity

minor

Reproducibility

always

Status

new

Resolution

open

Platform

OS Version

Product Version

Target Version

Fixed in Version

Merge Request Status

Review Assigned To

OBNetwork customer

Web browser

Modules

Core

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

Summary

0036808: AuthenticationManager should be stateless

Description

The AuthenticationManager class should be stateless. This class is used by the HttpSecureAppServlet[1] instances in order to ensure that the servlet requests are properly authenticated.

If this class would be stateless then it could be declared as a singleton (@ApplicationScoped) within those kind of servlets. Thus, just a single instance of this class will be reused by every servlet. Also this will help to solve any possible multi-thread unsafety in this regard.

[1] https://code.openbravo.com/erp/devel/pi/file/1fe55bea0066/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java#l84 [^]

Steps To Reproduce

In description

Proposed Solution

To make this class stateless the following attributes should be declared as private and we should handle their assignments properly:

- protected ConnectionProvider conn
- protected String defaultServletUrl
- protected String localAdress

Please note that this will be an API change affecting those classes extending AuthenticationManager. Besides, this change would require to review those classes in deep in order to ensure that they can work properly as singletons.

Additional Information