Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0025176
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securitymajoralways2013-11-18 18:112014-01-20 15:28
ReportercaristuView Statuspublic 
Assigned Toshankarb 
PriorityurgentResolutionfixedFixed in Version3.0PR14Q2
StatusclosedFix in branchFixed in SCM revisiona60184d93ff1
ProjectionnoneETAnoneTarget Version3.0PR14Q2
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned ToAugustoMauch
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0025176: It's possible to access web services even if the maximum allowed calls is exceeded

DescriptionIt's possible to access web services even if the maximum allowed calls is exceeded if we log-in in the system and after that we open a new tab in the browser.
Steps To Reproduce1) Log-in in an instance with the maximum allowed web service calls exceeded
2) Open a new tab. Access any of the standard web services, for example localhost:8080/openbravo/ws/dal/BusinessPartner
Proposed SolutionThe BaseWebServiceServlet class is doing the following check:

    // already logged in?
    if (OBContext.getOBContext() != null) {
      doService(request, response);
      return;
    }

So, if we are already logged the authentication is not done, therefore is not checked if the maximum ws calls has been exceeded.
TagsNo tags attached.
Attached Filesdiff file icon FixIssue25176.diff [^] (1,084 bytes) 2013-12-30 04:59 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0025576 acknowledgedplatform The number of calls to web services is not computed properly under some circumstances 
blocks defect 0026572 closedguillermogil Calls to web service are failing if the role used don't have permission to User window 

-  Notes
(0063363)
hgbot (developer)
2014-01-12 11:06

Repository: erp/devel/pi
Changeset: a60184d93ff1f94b2192620cd0f589e0e4f1c09d
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Tue Dec 03 15:28:23 2013 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/a60184d93ff1f94b2192620cd0f589e0e4f1c09d [^]

Fixes Issue 0025176: It's possible to access web services even if the maximum allowed calls is exceeded

Checking whether web service call is allowed on all cases.

---
M src/org/openbravo/service/web/BaseWebServiceServlet.java
---
(0063431)
hgbot (developer)
2014-01-16 09:18

Repository: erp/pmods/org.openbravo.client.analytics
Changeset: 05f3485f6a17ecbe65b4356114315c4a79cd27aa
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Thu Jan 16 09:18:24 2014 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.client.analytics/rev/05f3485f6a17ecbe65b4356114315c4a79cd27aa [^]

Solve issue 25176 also for OBXMLServlet

---
M src/org/openbravo/client/analytics/OBXMLAServlet.java
A web/org.openbravo.client.analytics/js/ob-analytics-show-grid-report.js
---
(0063492)
hudsonbot (developer)
2014-01-17 15:49

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9669102eb541 [^]
Maturity status: Test
(0063539)
AugustoMauch (developer)
2014-01-20 15:28

Code reviewed and verified in pi@a60184d93ff1

- Issue History
Date Modified Username Field Change
2013-11-18 18:11 caristu New Issue
2013-11-18 18:11 caristu Assigned To => AugustoMauch
2013-11-18 18:11 caristu Modules => Core
2013-11-18 18:11 caristu Triggers an Emergency Pack => No
2013-11-18 18:13 caristu Issue Monitored: networkb
2013-11-19 11:33 caristu Proposed Solution updated
2013-12-26 10:10 shankarb Assigned To AugustoMauch => shankarb
2013-12-30 04:59 shankarb File Added: FixIssue25176.diff
2013-12-30 05:04 shankarb Status new => scheduled
2013-12-30 05:04 shankarb fix_in_branch => pi
2014-01-02 12:38 jonalegriaesarte Target Version 3.0MP31 => 3.0MP32
2014-01-12 11:04 shankarb Review Assigned To => AugustoMauch
2014-01-12 11:04 shankarb fix_in_branch pi =>
2014-01-12 11:05 shankarb Issue Monitored: AugustoMauch
2014-01-12 11:06 hgbot Checkin
2014-01-12 11:06 hgbot Note Added: 0063363
2014-01-12 11:06 hgbot Status scheduled => resolved
2014-01-12 11:06 hgbot Resolution open => fixed
2014-01-12 11:06 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/a60184d93ff1f94b2192620cd0f589e0e4f1c09d [^]
2014-01-16 09:18 hgbot Checkin
2014-01-16 09:18 hgbot Note Added: 0063431
2014-01-17 15:49 hudsonbot Checkin
2014-01-17 15:49 hudsonbot Note Added: 0063492
2014-01-20 15:28 AugustoMauch Note Added: 0063539
2014-01-20 15:28 AugustoMauch Status resolved => closed
2014-01-20 15:28 AugustoMauch Fixed in Version => 3.0MP32
2014-01-28 13:40 caristu Relationship added related to 0025576
2014-05-16 13:37 guillermogil Relationship added blocks 0026572


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker