Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0039776Openbravo ERPA. Platformpublic2018-12-10 16:392018-12-19 22:30
Reporternicolasuriz 
Assigned Tojarmendariz 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR19Q1 
Merge Request Status
Review Assigned Toalostale
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0039776: OBSecurityException appears after login with user with no roles
DescriptionWhen you attempt to login with an user which has no roles (or no role that allows access to backend), login form shows an error message notifying that. However, if page is reloaded, an error page appears indicating there was an unhandled exception.

Looking at the log file, this exception is caused by the following stacktrace:

2018-12-13 10:56:44,170 [http-bio-8080-exec-10] ERROR org.openbravo.dal.core.ThreadHandler - Your user is not assigned to a Role and it is required to login into Openbravo. Ask the Security Administrator
org.openbravo.base.exception.OBSecurityException: Your user is not assigned to a Role and it is required to login into Openbravo. Ask the Security Administrator
    at org.openbravo.dal.core.OBContext.initialize(OBContext.java:880) ~[classes/:?]
    at org.openbravo.dal.core.OBContext.initialize(OBContext.java:814) ~[classes/:?]
    at org.openbravo.dal.core.OBContext.initialize(OBContext.java:808) ~[classes/:?]
    at org.openbravo.dal.core.OBContext.setFromRequest(OBContext.java:777) ~[classes/:?]
    at org.openbravo.dal.core.OBContext.setOBContext(OBContext.java:419) ~[classes/:?]
    at org.openbravo.dal.core.DalRequestFilter$1.doBefore(DalRequestFilter.java:78) ~[classes/:?]
    at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:45) [classes/:?]
    at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:105) [classes/:?]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.72]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.72]
    at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) [log4j-web-2.11.1.jar:2.11.1]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.72]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.72]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) [catalina.jar:7.0.72]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [catalina.jar:7.0.72]
...
Steps To Reproduce1. Login to backend
2. Create a user without any role or POS Terminal access.
3. Log out from backend
4. Login with the new user created
5. Login form shows an error message. This is OK
6. Refresh the web page
7. An "unexpected error" error page is displayed and it does not allow to keep working.
Proposed SolutionWhen refreshing page, it should render the login page instead of the exception page.
Additional Information
TagsNo tags attached.
Relationships
causes defect 0040787 closed alostale Retail Modules User roles requires backend access to login in WebPOS 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-12-10 16:39nicolasurizNew Issue
2018-12-10 16:39nicolasurizAssigned To => platform
2018-12-10 16:39nicolasurizModules => Core
2018-12-10 16:39nicolasurizResolution time => 1546383600
2018-12-10 16:39nicolasurizTriggers an Emergency Pack => No
2018-12-13 11:40jarmendarizAssigned Toplatform => jarmendariz
2018-12-13 11:40jarmendarizStatusnew => acknowledged
2018-12-13 11:40jarmendarizStatusacknowledged => scheduled
2018-12-13 17:08jarmendarizSummaryUnexpected error message displayed => OBSecurityException appears after login with user with no roles
2018-12-13 17:08jarmendarizDescription Updatedbug_revision_view_page.php?rev_id=18037#r18037
2018-12-13 17:08jarmendarizSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=18039#r18039
2018-12-13 17:08jarmendarizProposed Solution updated
2018-12-17 09:30hgbotCheckin
2018-12-17 09:30hgbotNote Added: 0108630
2018-12-17 09:30hgbotStatusscheduled => resolved
2018-12-17 09:30hgbotResolutionopen => fixed
2018-12-17 09:30hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/925d93d4e8971f34caf04cd2cad44223fa74bf3c [^]
2018-12-17 12:26jarmendarizReview Assigned To => alostale
2018-12-17 13:48hudsonbotCheckin
2018-12-17 13:48hudsonbotNote Added: 0108641
2018-12-19 14:52hgbotCheckin
2018-12-19 14:52hgbotNote Added: 0108676
2018-12-19 16:38alostaleNote Added: 0108677
2018-12-19 16:38alostaleStatusresolved => closed
2018-12-19 16:39alostaleFixed in Version => 3.0PR19Q1
2018-12-19 22:30hudsonbotCheckin
2018-12-19 22:30hudsonbotNote Added: 0108680
2019-05-06 15:40alostaleRelationship addedcauses 0040787

Notes
(0108630)
hgbot   
2018-12-17 09:30   
Repository: erp/devel/pi
Changeset: 925d93d4e8971f34caf04cd2cad44223fa74bf3c
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Fri Dec 14 12:21:18 2018 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/925d93d4e8971f34caf04cd2cad44223fa74bf3c [^]

Fixed issue 39776: Exception appears after login with user with no roles

Now current session is cleared if a error is found in login process. This
prevents the user to be stuck in a exception screen with no chance to log in
again.

---
M src/org/openbravo/base/secureApp/LoginHandler.java
---
(0108641)
hudsonbot   
2018-12-17 13:48   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/5420c0828280 [^]
Maturity status: Test
(0108676)
hgbot   
2018-12-19 14:52   
Repository: erp/devel/pi
Changeset: fd2a2aa98d5430821000a880b9c0c72e53add14a
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Wed Dec 19 14:51:41 2018 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/fd2a2aa98d5430821000a880b9c0c72e53add14a [^]

related to bug 39776: apply format

---
M src/org/openbravo/base/secureApp/LoginHandler.java
---
(0108677)
alostale   
2018-12-19 16:38   
reviewed + tested
(0108680)
hudsonbot   
2018-12-19 22:30   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/3349fdedc036 [^]
Maturity status: Test