0041134: Stateless Requests should not check concurrent user limit

Openbravo Issue Tracking System - Openbravo ERP
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0041134	Openbravo ERP	C. Security	public	2019-06-20 13:36	2019-08-22 14:44

Reporter	gorkaion
Assigned To	caristu
Priority	high	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Platform		OS	5	OS Version
Product Version
Target Version		Fixed in Version	3.0PR19Q4
Merge Request Status
Review Assigned To	alostale
OBNetwork customer
Web browser
Modules	Core
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency Pack	No

Summary	0041134: Stateless Requests should not check concurrent user limit
Description	When executing a ExternalOrderLoader requests. It defined as a stateless request so it does not generate any session. But if all the concurrent users are currently logged a "No valid license" exception is thrown. Stateless request should be able to login and execute normally even if the concurrent user limit is reached. The authentication is done by the HttpSecureAppServlet. In the service method after the authentication in case of stateless request it is checked the forceSysAdminLogin() method. This method returns true in case the concurrent user limit is reached. Even though this kind of requests should not check it.
Steps To Reproduce	On an activated instance consume all available concurrent users. Try to execute a call to ExternalOrderLoader using SoapUI or similar.
Proposed Solution	Modify the ActivationKey.checkOPSLimitations so when there is no activeSession (stateless request) the concurrent user limitation is not checked. Patch provided.
Additional Information
Tags	No tags attached.
Relationships
Attached Files	issue41134.diff (642) 2019-06-20 13:37 https://issues.openbravo.com/file_download.php?file_id=13029&type=bug

Issue History
Date Modified	Username	Field	Change
2019-06-20 13:36	gorkaion	New Issue
2019-06-20 13:36	gorkaion	Assigned To	=> platform
2019-06-20 13:36	gorkaion	Modules	=> Core
2019-06-20 13:36	gorkaion	Resolution time	=> 1562796000
2019-06-20 13:36	gorkaion	Triggers an Emergency Pack	=> No
2019-06-20 13:37	gorkaion	File Added: issue41134.diff
2019-06-28 14:24	caristu	Assigned To	platform => caristu
2019-06-28 14:24	caristu	Status	new => acknowledged
2019-07-05 17:46	hgbot	Checkin
2019-07-05 17:46	hgbot	Note Added: 0113205
2019-07-05 18:11	hgbot	Checkin
2019-07-05 18:11	hgbot	Note Added: 0113206
2019-07-05 18:11	hgbot	Status	acknowledged => resolved
2019-07-05 18:11	hgbot	Resolution	open => fixed
2019-07-05 18:11	hgbot	Fixed in SCM revision	=> http://code.openbravo.com/erp/devel/pi/rev/aac71461cf2f41f3a421ea1bb1d100d3b1ef962c [^]
2019-07-05 18:11	caristu	Review Assigned To	=> alostale
2019-07-05 18:11	caristu	Proposed Solution updated
2019-07-12 11:41	alostale	Note Added: 0113324
2019-07-12 11:41	alostale	Status	resolved => closed
2019-07-12 11:41	alostale	Fixed in Version	=> 3.0PR19Q4
2019-08-22 14:44	hudsonbot	Checkin
2019-08-22 14:44	hudsonbot	Note Added: 0114138
2019-08-22 14:44	hudsonbot	Checkin
2019-08-22 14:44	hudsonbot	Note Added: 0114139

Notes