Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0034331
TypeCategorySeverityReproducibilityDate SubmittedLast Update
feature request[Openbravo ERP] A. Platformmajorhave not tried2016-10-28 10:442016-12-28 11:20
ReportermtaalView Statuspublic 
Assigned Tomtaal 
PrioritynormalResolutionfixedFixed in Version3.0PR17Q1
StatusclosedFix in branchFixed in SCM revision3871cdf1a2e9
ProjectionnoneETAnoneTarget Version3.0PR17Q1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned ToSandrahuguet
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0034331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment

DescriptionSee the related issue. In webpos we need to support multi-server requests. To accomplish this we have to set the Access-Control-Allow-Origin header to the allowed domain.

This has to happen in both the retail as well as in core erp BaseKernelServlet as it is being used by mobile warehouse.
Steps To ReproduceSee related issue
Proposed SolutionThe proposal is to implement a generic AllowedHttpOriginProvider class in core which can be supplied by modules to compute the Access-Control-Allow-Origin header setting.

This class will be used by a utility method to compute the correct the cors headers to be returned to the caller. The generic utility method can then be used by all the relevant classes to set the cors headers.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to feature request 00342673.0PR17Q1 closedmtaal Openbravo ERP Let the basekernelservlet handle cors requests 
related to defect 0037627 closedjarmendariz Openbravo ERP AllowedCrossDomainsHandler.getInstance().setCORSHeaders is not executed calling to WebServices 
blocks design defect 0034330RR17Q1 closedmtaal Retail Modules Support multi-server requests in a better more secure way 

-  Notes
(0091769)
hgbot (developer)
2016-11-23 20:55

 Repository: erp/devel/pi
Changeset: a0080aeca8605919ce2a1a17dfe9c686ea79aace
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Wed Nov 23 20:55:26 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/a0080aeca8605919ce2a1a17dfe9c686ea79aace [^]

Fixes issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment
Implement utility class which supports setting cors headers and checking validity of a http origins. Add
cors header setting to main OB servlet.

- AllowedCrossDomainsHandler: new class, main entry point for servlets to set cors headers, provides utility methods to check origin validity, calls AllowedCrossDomainsChecker classes which implement the actual checking logic. The AllowedCrossDomainsChecker can be implemented by a module.
- HttpSecureAppServlet: set cors header and handle the OPTIONS http method

---
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
A src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
---
(0091770)
hgbot (developer)
2016-11-24 08:50

 Repository: erp/devel/pi
Changeset: 9f77b61ad54251a56d2e5056c41ade7a8f0cb996
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Thu Nov 24 08:49:33 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/9f77b61ad54251a56d2e5056c41ade7a8f0cb996 [^]

Related to issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment
Do not log/do anything if no checkers defined

---
M src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
---
(0091821)
alostale (manager)
2016-11-25 10:49

 Found some small issues in code review:

* AllowedCrossDomainsHandler: Why is it Apache license?
* AllowedCrossDomainsHandler.isAllowedOrigin: can be private
* AllowedCrossDomainsHandler.AllowedCrossDomainsChecker: Add @ApplicationScoped anotation so by default sublcasses inherit it also
(0091870)
hgbot (developer)
2016-11-27 21:10

 Repository: erp/devel/pi
Changeset: 3d24fc9233285a621a20c0da0ae464cffee7c6f0
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Sun Nov 27 21:10:20 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/3d24fc9233285a621a20c0da0ae464cffee7c6f0 [^]

Fixes issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment
Solve code review comments: changed license text, update visibility and set application scoped

---
M src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
---
(0091998)
alostale (manager)
2016-12-02 08:12

 code reviewed
(0092065)
mtaal (manager)
2016-12-03 12:31

 adding one more smaller commit to make method public available
(0092066)
hgbot (developer)
2016-12-03 12:33

 Repository: erp/devel/pi
Changeset: 61868ad9886813a957b6ad11608afc5a5034f2b7
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Sat Dec 03 12:32:30 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/61868ad9886813a957b6ad11608afc5a5034f2b7 [^]

Fixes issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment
Make method public so that it can be used by others to check if a url is in an allowed domain

---
M src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
---
(0092073)
hgbot (developer)
2016-12-03 12:46

 Repository: erp/devel/pi
Changeset: b84917f47a7f82a4360f47593f4dfd1199cc0505
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Sat Dec 03 12:46:21 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/b84917f47a7f82a4360f47593f4dfd1199cc0505 [^]

Related to issue 34331: Support pre-defined allowed domains for cross-domain requests
Remove unintended javadoc

---
M src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
---
(0092264)
hgbot (developer)
2016-12-09 16:46

 Repository: erp/devel/pi
Changeset: 75e2d670435ea372cf33a44b661c5af8f22d04c4
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Fri Dec 09 16:45:43 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/75e2d670435ea372cf33a44b661c5af8f22d04c4 [^]

Related to issue 34331: Support pre-defined allowed domains for cross-domain requests
Handle null origin

---
M src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
---
(0092298)
alostale (manager)
2016-12-13 08:20

 code reviewed
(0092653)
hudsonbot (developer)
2016-12-16 18:38

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test
(0092654)
hudsonbot (developer)
2016-12-16 18:38

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test
(0092666)
hudsonbot (developer)
2016-12-16 18:39

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test
(0092689)
hudsonbot (developer)
2016-12-16 18:39

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test
(0092690)
hudsonbot (developer)
2016-12-16 18:39

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test
(0092695)
hudsonbot (developer)
2016-12-16 18:39

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test
(0093002)
hgbot (developer)
2016-12-27 07:02

 Repository: erp/devel/pi
Changeset: 3871cdf1a2e9b1e8fb5a5ceece5f117fce1532a5
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Tue Dec 27 07:01:53 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/3871cdf1a2e9b1e8fb5a5ceece5f117fce1532a5 [^]

Fixes issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment
Added new public method to validate that an invalid origin is set on the header, other method is made private
again to limit public methods.

---
M src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
---
(0093004)
hgbot (developer)
2016-12-27 07:57

 Repository: erp/devel/api-checks
Changeset: a276b0b823195ff56044760a26b90170c1921f77
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Tue Dec 27 07:56:29 2016 +0100
URL: http://code.openbravo.com/erp/devel/api-checks/rev/a276b0b823195ff56044760a26b90170c1921f77 [^]

Related to issue 34331: Support pre-defined allowed domains for cross-domain
Update java api as the change done by previous commit in the same issue is not
an api change as it makes a method private which was added in this release.

---
M java/reference/java.japi.gz
---
(0093019)
hudsonbot (developer)
2016-12-27 12:41

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/631648405cf0 [^]
Maturity status: Test
(0093038)
Sandrahuguet (developer)
2016-12-28 11:20

 verified

- Issue History
Date Modified Username Field Change
2016-10-28 10:44 mtaal New Issue
2016-10-28 10:44 mtaal Assigned To => mtaal
2016-10-28 10:44 mtaal Modules => Core
2016-10-28 10:44 mtaal Triggers an Emergency Pack => No
2016-10-28 10:45 mtaal Relationship added blocks 0034330
2016-10-28 10:45 mtaal Relationship added related to 0034267
2016-11-23 20:51 mtaal Review Assigned To => alostale
2016-11-23 20:55 hgbot Checkin
2016-11-23 20:55 hgbot Note Added: 0091769
2016-11-23 20:55 hgbot Status new => resolved
2016-11-23 20:55 hgbot Resolution open => fixed
2016-11-23 20:55 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/a0080aeca8605919ce2a1a17dfe9c686ea79aace [^]
2016-11-24 08:50 hgbot Checkin
2016-11-24 08:50 hgbot Note Added: 0091770
2016-11-25 10:49 alostale Note Added: 0091821
2016-11-25 10:49 alostale Status resolved => new
2016-11-25 10:49 alostale Resolution fixed => open
2016-11-27 21:10 hgbot Checkin
2016-11-27 21:10 hgbot Note Added: 0091870
2016-11-27 21:10 hgbot Status new => resolved
2016-11-27 21:10 hgbot Resolution open => fixed
2016-11-27 21:10 hgbot Fixed in SCM revision http://code.openbravo.com/erp/devel/pi/rev/a0080aeca8605919ce2a1a17dfe9c686ea79aace [^] => http://code.openbravo.com/erp/devel/pi/rev/3d24fc9233285a621a20c0da0ae464cffee7c6f0 [^]
2016-12-02 08:12 alostale Note Added: 0091998
2016-12-02 08:12 alostale Status resolved => closed
2016-12-02 08:12 alostale Fixed in Version => 3.0PR17Q1
2016-12-03 12:31 mtaal Note Added: 0092065
2016-12-03 12:31 mtaal Status closed => new
2016-12-03 12:31 mtaal Resolution fixed => open
2016-12-03 12:31 mtaal Fixed in Version 3.0PR17Q1 =>
2016-12-03 12:33 hgbot Checkin
2016-12-03 12:33 hgbot Note Added: 0092066
2016-12-03 12:33 hgbot Status new => resolved
2016-12-03 12:33 hgbot Resolution open => fixed
2016-12-03 12:33 hgbot Fixed in SCM revision http://code.openbravo.com/erp/devel/pi/rev/3d24fc9233285a621a20c0da0ae464cffee7c6f0 [^] => http://code.openbravo.com/erp/devel/pi/rev/61868ad9886813a957b6ad11608afc5a5034f2b7 [^]
2016-12-03 12:46 hgbot Checkin
2016-12-03 12:46 hgbot Note Added: 0092073
2016-12-09 16:46 hgbot Checkin
2016-12-09 16:46 hgbot Note Added: 0092264
2016-12-13 08:20 alostale Note Added: 0092298
2016-12-13 08:20 alostale Status resolved => closed
2016-12-13 08:20 alostale Fixed in Version => 3.0PR17Q1
2016-12-16 18:38 hudsonbot Checkin
2016-12-16 18:38 hudsonbot Note Added: 0092653
2016-12-16 18:38 hudsonbot Checkin
2016-12-16 18:38 hudsonbot Note Added: 0092654
2016-12-16 18:39 hudsonbot Checkin
2016-12-16 18:39 hudsonbot Note Added: 0092666
2016-12-16 18:39 hudsonbot Checkin
2016-12-16 18:39 hudsonbot Note Added: 0092689
2016-12-16 18:39 hudsonbot Checkin
2016-12-16 18:39 hudsonbot Note Added: 0092690
2016-12-16 18:39 hudsonbot Checkin
2016-12-16 18:39 hudsonbot Note Added: 0092695
2016-12-27 06:59 mtaal Status closed => new
2016-12-27 06:59 mtaal Resolution fixed => open
2016-12-27 06:59 mtaal Fixed in Version 3.0PR17Q1 =>
2016-12-27 06:59 mtaal Review Assigned To alostale => Sandrahuguet
2016-12-27 07:02 hgbot Checkin
2016-12-27 07:02 hgbot Note Added: 0093002
2016-12-27 07:02 hgbot Status new => resolved
2016-12-27 07:02 hgbot Resolution open => fixed
2016-12-27 07:02 hgbot Fixed in SCM revision http://code.openbravo.com/erp/devel/pi/rev/61868ad9886813a957b6ad11608afc5a5034f2b7 [^] => http://code.openbravo.com/erp/devel/pi/rev/3871cdf1a2e9b1e8fb5a5ceece5f117fce1532a5 [^]
2016-12-27 07:57 hgbot Checkin
2016-12-27 07:57 hgbot Note Added: 0093004
2016-12-27 12:41 hudsonbot Checkin
2016-12-27 12:41 hudsonbot Note Added: 0093019
2016-12-28 11:20 Sandrahuguet Note Added: 0093038
2016-12-28 11:20 Sandrahuguet Status resolved => closed
2016-12-28 11:20 Sandrahuguet Fixed in Version => 3.0PR17Q1
2018-01-26 14:54 caristu Relationship added related to 0037627

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker