Anonymous | Login
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformcriticalhave not tried2011-12-20 09:462011-12-20 09:56
ReporteralostaleView Statuspublic 
Assigned Toalostale 
PriorityimmediateResolutionfixedFixed in Version3.0MP7
StatusclosedFix in branchFixed in SCM revision320ff5578813
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo

0019337: Api change build 2631

method org.openbravo.service.web.BaseWebServiceServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse): nonfinal in SANDBOX/api-checks/java/reference/java, but final in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631
method org.openbravo.service.web.BaseWebServiceServlet.doBasicAuthentication(javax.servlet.http.HttpServletRequest): missing in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631
method org.openbravo.service.web.BaseWebServiceServlet.isLoggedIn(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse): missing in /srv/hudson/workspace/int-full-oracle/SANDBOX/api-checks/output/2631

As part of new pricing policies project, authentication has been removed from BaseWebServiceServlet to use the standard one in Authentication manager. Additionally BaseWebServiceServlet.service method has been made final so subclasses cannot modify it.
Steps To Reproduce-
Proposed SolutionRisk:
These affects to modules extending BaseWebServiceServlet. There are two cases where that can affect them:

-If they override service method. This is now not allowed. They must be fixed to override doService method, which is called from service.
-In case they were using doBasicAuthentication or isLoggedIn to implement authenitcation. This is not allowed anymore, web service authentication must be done using the AuthenicationManager.webServiceAuthenticate method [1], which in fact is called in the final sevice method.

The risk of these changes is *low* because modules providing web services in the documented manner [2] are not affected.

Proposed solution:
Accept these changes as the risk is low and now authentication is enforced to use the new methods

[1] [^]
[2] [^]
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
hgbot (developer)
2011-12-20 09:56

Repository: erp/devel/api-checks
Changeset: 320ff5578813fb809ade4f8372f9b3a0b3041c76
Author: Asier Lostalé <asier.lostale <at>>
Date: Tue Dec 20 09:55:36 2011 +0100
URL: [^]

fixed issue 19337: Api change build 2631

M java/reference/java.japi.gz
alostale (developer)
2011-12-20 09:56


- Issue History
Date Modified Username Field Change
2011-12-20 09:46 alostale New Issue
2011-12-20 09:46 alostale Assigned To => alostale
2011-12-20 09:46 alostale Modules => Core
2011-12-20 09:53 alostale Proposed Solution updated
2011-12-20 09:53 alostale Summary Api change build 0002631 => Api change build 2631
2011-12-20 09:56 hgbot Checkin
2011-12-20 09:56 hgbot Note Added: 0043967
2011-12-20 09:56 hgbot Status new => resolved
2011-12-20 09:56 hgbot Resolution open => fixed
2011-12-20 09:56 hgbot Fixed in SCM revision => [^]
2011-12-20 09:56 alostale Note Added: 0043968
2011-12-20 09:56 alostale Status resolved => closed
2011-12-20 09:56 alostale Fixed in Version => 3.0MP7

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker