Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0010777 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | minor | always | 2009-09-25 14:10 | 2009-10-20 00:00 | |||
| Reporter | iperdomo | View Status | public | |||||
| Assigned To | iperdomo | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 2.50MP7 | |||
| Status | closed | Fix in branch | pi | Fixed in SCM revision | e6579ce4100f | |||
| Projection | none | ETA | none | Target Version | ||||
| OS | Linux 32 bit | Database | PostgreSQL | Java version | 1.6.0_15 | |||
| OS Version | 2.6.30-gentoo-r5 | Database version | 8.3.8 | Ant version | 1.7.1 | |||
| Product Version | pi | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0010777: OBContext should be created before authentication check | |||||||
| Description | DAL uses the OBContext object to perform security check. OBContext holds information about the authenticated user. If some custom authentication manager wants to perform data access through DAL, you get a NPE, because the OBContext is not created yet. Example of the exception: 148962 [http-8880-1] ERROR org.openbravo.erpCommon.security.Menu - HTTPSecureAppServlet.service() - exception caught: java.lang.NullPointerException at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:400) at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:390) at org.openbravo.dal.service.OBDal.get(OBDal.java:158) at org.openbravo.authentication.basic.AutologonAuthenticationManager.authenticate(AutologonAuthenticationManager.java:64) at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:182) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.utils.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:66) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.utils.CharsetFilter.doFilter(CharsetFilter.java:35) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:79) at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46) at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:93) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) | |||||||
| Steps To Reproduce | * Configure the Autologon authentication manager - Open your Openbravo.properties - Change the this 2 properties: authentication.class=org.openbravo.authentication.basic.AutologonAuthenticationManager authentication.autologon.username=Openbravo * Apply the attached patch path -p1 < /path/to/your/AutologonAuthenticationManager.java.diff * Compile the application and deploy the changes * Login Openbravo * Check the application log for a NPE related to org.openbravo.dal.service.OBDal.checkReadAccess | |||||||
| Proposed Solution | * Create the OBContext and set it to system administrator before the authentication | |||||||
| Tags | No tags attached. | |||||||
| Attached Files |  AutologonAuthenticationManager.java.diff [^] (1,162 bytes) 2009-09-25 14:10 [Show Content]
| |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0020375) iperdomo (reporter) 2009-09-25 15:01 |
The patch on the Autologon prints in the standard out (catalina.out) the username with Id 100. Something like: Username:Openbravo Username:Openbravo Username:Openbravo Username:Openbravo If you get this output, means that the issue is fixed. |
|
(0020388) hgbot (developer) 2009-09-28 10:45 |
Repository: erp/devel/pi Changeset: e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 Author: Iván Perdomo <ivan.perdomo <at> openbravo.com> Date: Mon Sep 28 10:41:51 2009 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^] Fixes issue 10777: Set AdminContext before authentication when is not present --- M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java --- |
|
(0020518) hgbot (developer) 2009-09-29 14:18 |
Repository: erp/devel/pi-pageddatagrid Changeset: e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 Author: Iván Perdomo <ivan.perdomo <at> openbravo.com> Date: Mon Sep 28 10:41:51 2009 +0200 URL: http://code.openbravo.com/erp/devel/pi-pageddatagrid/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^] Fixes issue 10777: Set AdminContext before authentication when is not present --- M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java --- |
|
(0021160) mtaal (manager) 2009-10-19 11:12 |
Issue closed |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-09-25 14:10 | iperdomo | New Issue | |
| 2009-09-25 14:10 | iperdomo | Assigned To | => iperdomo |
| 2009-09-25 14:10 | iperdomo | File Added: AutologonAuthenticationManager.java.diff | |
| 2009-09-25 14:11 | iperdomo | Priority | high => urgent |
| 2009-09-25 14:11 | iperdomo | Status | new => scheduled |
| 2009-09-25 14:11 | iperdomo | fix_in_branch | => pi |
| 2009-09-25 15:01 | iperdomo | Note Added: 0020375 | |
| 2009-09-25 16:14 | shuehner | Issue Monitored: shuehner | |
| 2009-09-28 10:45 | hgbot | Checkin | |
| 2009-09-28 10:45 | hgbot | Note Added: 0020388 | |
| 2009-09-28 10:45 | hgbot | Status | scheduled => resolved |
| 2009-09-28 10:45 | hgbot | Resolution | open => fixed |
| 2009-09-28 10:45 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^] |
| 2009-09-29 14:18 | hgbot | Checkin | |
| 2009-09-29 14:18 | hgbot | Note Added: 0020518 | |
| 2009-09-29 14:18 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^] => http://code.openbravo.com/erp/devel/pi-pageddatagrid/rev/e6579ce4100fc6c49ef8b28fc6b8fbd24d521212 [^] |
| 2009-10-19 11:12 | mtaal | Status | resolved => closed |
| 2009-10-19 11:12 | mtaal | Note Added: 0021160 | |
| 2009-10-19 11:12 | mtaal | Fixed in Version | => 2.50MP7 |
| 2009-10-20 00:00 | anonymous | sf_bug_id | 0 => 2882005 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |