Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0025176 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | always | 2013-11-18 18:11 | 2014-01-20 15:28 | |||
| Reporter | caristu | View Status | public | |||||
| Assigned To | shankarb | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 3.0PR14Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | a60184d93ff1 | ||||
| Projection | none | ETA | none | Target Version | 3.0PR14Q2 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | AugustoMauch | |||||||
| OBNetwork customer | OBPS | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | 24709 | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0025176: It's possible to access web services even if the maximum allowed calls is exceeded | |||||||
| Description | It's possible to access web services even if the maximum allowed calls is exceeded if we log-in in the system and after that we open a new tab in the browser. | |||||||
| Steps To Reproduce | 1) Log-in in an instance with the maximum allowed web service calls exceeded 2) Open a new tab. Access any of the standard web services, for example localhost:8080/openbravo/ws/dal/BusinessPartner | |||||||
| Proposed Solution | The BaseWebServiceServlet class is doing the following check: // already logged in? if (OBContext.getOBContext() != null) { doService(request, response); return; } So, if we are already logged the authentication is not done, therefore is not checked if the maximum ws calls has been exceeded. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files |  FixIssue25176.diff [^] (1,084 bytes) 2013-12-30 04:59 [Show Content]
| |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||
|
|||||||||||||||
 Relationships |
|
Notes |
|
|
(0063363) hgbot (developer) 2014-01-12 11:06 |
Repository: erp/devel/pi Changeset: a60184d93ff1f94b2192620cd0f589e0e4f1c09d Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Tue Dec 03 15:28:23 2013 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/a60184d93ff1f94b2192620cd0f589e0e4f1c09d [^] Fixes Issue 0025176: It's possible to access web services even if the maximum allowed calls is exceeded Checking whether web service call is allowed on all cases. --- M src/org/openbravo/service/web/BaseWebServiceServlet.java --- |
|
(0063431) hgbot (developer) 2014-01-16 09:18 |
Repository: erp/pmods/org.openbravo.client.analytics Changeset: 05f3485f6a17ecbe65b4356114315c4a79cd27aa Author: Martin Taal <martin.taal <at> openbravo.com> Date: Thu Jan 16 09:18:24 2014 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.client.analytics/rev/05f3485f6a17ecbe65b4356114315c4a79cd27aa [^] Solve issue 25176 also for OBXMLServlet --- M src/org/openbravo/client/analytics/OBXMLAServlet.java A web/org.openbravo.client.analytics/js/ob-analytics-show-grid-report.js --- |
|
(0063492) hudsonbot (viewer) 2014-01-17 15:49 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9669102eb541 [^] Maturity status: Test |
|
(0063539) AugustoMauch (administrator) 2014-01-20 15:28 |
Code reviewed and verified in pi@a60184d93ff1 |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2013-11-18 18:11 | caristu | New Issue | |
| 2013-11-18 18:11 | caristu | Assigned To | => AugustoMauch |
| 2013-11-18 18:11 | caristu | Modules | => Core |
| 2013-11-18 18:11 | caristu | OBNetwork customer | => Yes |
| 2013-11-18 18:11 | caristu | Support ticket | => 24709 |
| 2013-11-18 18:11 | caristu | Triggers an Emergency Pack | => No |
| 2013-11-18 18:13 | caristu | Issue Monitored: networkb | |
| 2013-11-19 11:33 | caristu | Proposed Solution updated | |
| 2013-12-26 10:10 | shankarb | Assigned To | AugustoMauch => shankarb |
| 2013-12-30 04:59 | shankarb | File Added: FixIssue25176.diff | |
| 2013-12-30 05:04 | shankarb | Status | new => scheduled |
| 2013-12-30 05:04 | shankarb | fix_in_branch | => pi |
| 2014-01-02 12:38 | jonalegriaesarte | Target Version | 3.0MP31 => 3.0MP32 |
| 2014-01-12 11:04 | shankarb | Review Assigned To | => AugustoMauch |
| 2014-01-12 11:04 | shankarb | fix_in_branch | pi => |
| 2014-01-12 11:05 | shankarb | Issue Monitored: AugustoMauch | |
| 2014-01-12 11:06 | hgbot | Checkin | |
| 2014-01-12 11:06 | hgbot | Note Added: 0063363 | |
| 2014-01-12 11:06 | hgbot | Status | scheduled => resolved |
| 2014-01-12 11:06 | hgbot | Resolution | open => fixed |
| 2014-01-12 11:06 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/a60184d93ff1f94b2192620cd0f589e0e4f1c09d [^] |
| 2014-01-16 09:18 | hgbot | Checkin | |
| 2014-01-16 09:18 | hgbot | Note Added: 0063431 | |
| 2014-01-17 15:49 | hudsonbot | Checkin | |
| 2014-01-17 15:49 | hudsonbot | Note Added: 0063492 | |
| 2014-01-20 15:28 | AugustoMauch | Note Added: 0063539 | |
| 2014-01-20 15:28 | AugustoMauch | Status | resolved => closed |
| 2014-01-20 15:28 | AugustoMauch | Fixed in Version | => 3.0MP32 |
| 2014-01-28 13:40 | caristu | Relationship added | related to 0025576 |
| 2014-05-16 13:37 | guillermogil | Relationship added | blocks 0026572 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |