Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0009249 | Openbravo ERP | C. Security | public | 2009-06-01 05:51 | 2009-07-16 17:55 |
|
| Reporter | eintelau | |
| Assigned To | mtaal | |
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | out of date | |
| Platform | | OS | 20 | OS Version | 5.2 |
| Product Version | pi | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0009249: LAM Authentication Manager doesn't set OBContext |
| Description | The LAM Authentication Manager does not initialise OBContext when a user is authenticated. This results in NullPointerExceptions when processing later requests. |
| Steps To Reproduce | 1) Setup & enable LAM Authentication
2) Try to logon |
| Proposed Solution | Initialise OBContext in LAM Auth Manager the same as the Default Auth Manager does |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2009-06-01 05:51 | eintelau | New Issue | |
| 2009-06-01 05:51 | eintelau | Assigned To | => rafaroda |
| 2009-06-01 05:55 | hgbot | Checkin | |
| 2009-06-01 05:55 | hgbot | Note Added: 0016778 | |
| 2009-06-01 05:55 | hgbot | Status | new => resolved |
| 2009-06-01 05:55 | hgbot | Resolution | open => fixed |
| 2009-06-01 05:55 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/c28006936476f9fd3163f3688b8844870994e488 [^] |
| 2009-06-02 06:30 | hgbot | Checkin | |
| 2009-06-02 06:30 | hgbot | Note Added: 0016833 | |
| 2009-06-02 06:30 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/c28006936476f9fd3163f3688b8844870994e488 [^] => http://code.openbravo.com/erp/devel/pi/rev/ec6df60991831f01333f8e6ae389cb58dcd5d03d [^] |
| 2009-06-02 22:53 | mtaal | Note Added: 0016893 | |
| 2009-06-02 22:53 | mtaal | Assigned To | rafaroda => mtaal |
| 2009-06-02 22:53 | mtaal | Status | resolved => new |
| 2009-06-02 22:53 | mtaal | Resolution | fixed => open |
| 2009-06-02 22:53 | mtaal | Note Added: 0016894 | |
| 2009-06-02 22:54 | mtaal | Note Added: 0016895 | |
| 2009-06-04 02:05 | eintelau | Note Added: 0016928 | |
| 2009-06-04 23:34 | mtaal | Note Added: 0016965 | |
| 2009-06-05 13:14 | psarobe | Status | new => scheduled |
| 2009-06-05 13:14 | psarobe | fix_in_branch | => pi |
| 2009-06-10 11:50 | mtaal | Note Added: 0017168 | |
| 2009-06-10 11:50 | mtaal | Status | scheduled => feedback |
| 2009-07-03 10:38 | mtaal | Status | feedback => closed |
| 2009-07-03 10:38 | mtaal | Note Added: 0017770 | |
| 2009-07-03 10:38 | mtaal | Resolution | open => out of date |
| 2009-07-16 17:55 | anonymous | sf_bug_id | 0 => 2822553 |
|
Notes |
|
|
(0016778)
|
|
hgbot
|
|
2009-06-01 05:55
|
|
|
|
|
(0016833)
|
|
hgbot
|
|
2009-06-02 06:30
|
|
Repository: erp/devel/pi
Changeset: ec6df60991831f01333f8e6ae389cb58dcd5d03d
Author: Ben Sommerville <ben.sommerville <at> eintel.com.au>
Date: Tue Jun 02 14:29:19 2009 +1000
URL: http://code.openbravo.com/erp/devel/pi/rev/ec6df60991831f01333f8e6ae389cb58dcd5d03d [^]
Re issue 9249: Set #Authenticated_user session attribute before initialising OBContext
---
M src/org/openbravo/authentication/lam/LamAuthenticationManager.java
---
|
|
|
|
(0016893)
|
|
mtaal
|
|
2009-06-02 22:53
|
|
Hi,
After some more checking I think the following changes are required:
1) the OBContext should have a static OBContext available for the 0 user. This context can be used if no context is yet available and admin read mode is required. This is needed in the HttpSecureAppServlet just before:
if (strWarehouse == null) {
if (!strRole.equals("0")) {
2) in LoginUtils.fillSessionArguments(...) the real OBContext should be used.
3) The OBContext assumes that the session attribute #AUTHENTICATED_USER is set. I am not sure if this session attribute is outdated or not. When looking at LoginUtils.fillSessionArguments(....) it seems that #AD_User_ID needs to be used.
With the above changes the authentication managers do not need to know about the OBContext.
Re-opening issue and assigning it to me to make the necessary changes.
gr. Martin |
|
|
|
(0016894)
|
|
mtaal
|
|
2009-06-02 22:53
|
|
See previous comment.
gr. Martin |
|
|
|
(0016895)
|
|
mtaal
|
|
2009-06-02 22:54
|
|
|
|
|
|
Martin,
Those fixes are much better than handling the OBContext separately in each AuthenticationManager. My fix was a quick patch to get around the immediate problem, happy to see it removed in favour of a more general solution
regards
Ben Sommerville. |
|
|
|
(0016965)
|
|
mtaal
|
|
2009-06-04 23:34
|
|
|
|
|
(0017168)
|
|
mtaal
|
|
2009-06-10 11:50
|
|
Hi Ben,
Did you have time to look at the changes/solution?
gr. Martin |
|
|
|
(0017770)
|
|
mtaal
|
|
2009-07-03 10:38
|
|
|
No feedback received, closing this issue |
|