Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0040887Openbravo ERPA. Platformpublic2019-05-16 11:272019-05-24 08:42
immediatemajorhave not tried
Production - Confirmed Stable
3.0PR17Q2 [^]
0040887: incorrect audit trail for DAL WebServices
Data changes performed by DAL WebServices are incorrectly audited.

User and process is set randomly. As these requests are not updating ad_context_info table, in case it was previously set within the same database connection that has now been retrieved from the connection pool, it will be reused.
1. Log in as System Administrator
2. Open Tables and Columns window
3. Select C_City table and set it to fully audited
4. Rebuild and restart Tomcat
5. Execute WSUpdateTest (which creates entries in C_City)
6. Query ad_audit_trail
   -> Check that entries for c_city have random user + process

No tags attached.
blocks defect 0040886 closed alostale incorrect audit trail for DAL WebServices 
Issue History
2019-05-16 11:30alostaleTypedefect => backport
2019-05-16 11:30alostaleTarget Version => 3.0PR19Q2
2019-05-17 11:33alostaleTarget Version3.0PR19Q2 => 3.0PR19Q2.1
2019-05-21 14:10hgbotCheckin
2019-05-21 14:10hgbotNote Added: 0111951
2019-05-21 14:10hgbotStatusscheduled => resolved
2019-05-21 14:10hgbotResolutionopen => fixed
2019-05-21 14:10hgbotFixed in SCM revision => [^]
2019-05-24 08:42caristuNote Added: 0112110
2019-05-24 08:42caristuStatusresolved => closed
2019-05-24 08:42caristuFixed in Version => 3.0PR19Q2.1

2019-05-21 14:10   
Repository: erp/backports/3.0PR19Q2.1
Changeset: cfd8a82453fc52ec9ddde74f7b801a85690706ce
Author: Asier Lostalé <asier.lostale <at>>
Date: Thu May 16 12:11:51 2019 +0200
URL: [^]

fixed bug 40887: incorrect audit trail for DAL WebServices

  DAL WebServices were incorrectly audited because ad_context_info was not set as
  it was disabled for the thread during login and they are executed in the same

  This fix consists in:
    1. Now after login completion, thread is reset to allow auditing of actions
       occurred afterward.
    2. Correct user id and new WebService process type is set to be audited. Note
       this didn't occur even before the regression was introduced, reulting in
       records in ad_audit_trail without user or process information.

M src-db/database/sourcedata/AD_REF_LIST.xml
M src/org/openbravo/erpCommon/security/
M src/org/openbravo/service/web/
2019-05-24 08:42