Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0034486 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| feature request | [Openbravo ERP] A. Platform | major | have not tried | 2016-11-14 12:08 | 2016-12-16 18:39 | |||
| Reporter | mtaal | View Status | public | |||||
| Assigned To | mtaal | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 3.0PR17Q1 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 94063c13f456 | ||||
| Projection | none | ETA | none | Target Version | 3.0PR17Q1 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | alostale | |||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0034486: Support web/mobile service requests which do not create a http session but still supports login | |||||||
| Description | As Openbravo is used more and more in multi-server environments with webservices used for integrations we need to support fast web services which have a low resource usage. Currently in Openbravo every web service request will create a http session. In system to system webservice calls it is often not possible to keep track of the http session. So each webservice request will create a new http session. This is not a good approach in high volume webservice request environments. | |||||||
| Steps To Reproduce | Check webservice testcases | |||||||
| Proposed Solution | Support stateless webservice request by either passing in a parameter to the request (stateless=true) or annotation the webservice implementation that it works stateless. | |||||||
| Tags | Performance | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0091445) hgbot (developer) 2016-11-14 12:22 |
Repository: erp/devel/pi Changeset: b59cceedafd36944a56a5cf3aa12e3e143f1e084 Author: Martin Taal <martin.taal <at> openbravo.com> Date: Mon Nov 14 12:22:05 2016 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^] Fixes issue 34486: Support stateless requests Various code changes to prevent http session creation in some cases and set the correct attribute in the http request object to track that a request is stateless. Summary of changes: - JsonUtils: prevent creation of a session when generating error message - AuthenticationManager: define the stateless parameter and annotation, some common utility methods, prevent setting dbsession record when stateless request, and prevent creating session when clearing the session - DefaultAuthenticationManager: when stateless use the webservice login approach - HttpSecureAppServlet: small change to prevent accidental creation of http session, move common code to method, use it to check license restrictions when doing stateless request - BaseWebServiceServlet: set the stateless request attribute if this is a stateless request - WebServiceServlet: moved code to parent class for re-use and checking if a webservice is stateless --- M modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonUtils.java M src/org/openbravo/authentication/AuthenticationManager.java M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java M src/org/openbravo/service/web/BaseWebServiceServlet.java M src/org/openbravo/service/web/WebServiceServlet.java --- |
|
(0091544) mtaal (viewer) 2016-11-15 11:07 |
Documentation will be added after review here: http://wiki.openbravo.com/wiki/How_to_create_a_new_REST_webservice [^] |
|
(0091820) alostale (viewer) 2016-11-25 10:37 |
When stateless ws call is performed, no record is added to AD_Session. This causes counting ws calls to be incorrect. https://docs.google.com/spreadsheets/d/18l2biKWeG6iGDIPqO6VuYQ_TtP_6YxyQU4KSrPvQlJ8/edit#gid=0 [^] |
|
(0091861) mtaal (viewer) 2016-11-25 18:04 |
I checked the code and the stateless calls are now by default doing a webservice authentication. This is done in the DefaultAuthenticationManager [1]. It is correct that currently no ad_session record is created. But the webservice count is checked [2]. I didn't see that the ws count was using the ad_session. Where is this? In any case I think we can say that stateless requests are always webservice-like requests. So the authenticate should always go through the webserviceauthenticate flow. Still an ad_session can be created but I think it should be de-activated right away (when creating it) as it otherwise always stays alive. Right away, as I can't really de-activate the ad_session record at the end of the request as there is no good way to preserve/store the session id (yes using thread-local but it feels a bit to heavy for this and would need to be added in several places). [1] https://code.openbravo.com/erp/devel/pi/file/f169cafac730/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java#l62 [^] [2] https://code.openbravo.com/erp/devel/pi/file/f169cafac730/src/org/openbravo/authentication/AuthenticationManager.java#l228 [^] |
|
(0092047) hgbot (developer) 2016-12-02 19:38 |
Repository: erp/devel/pi Changeset: 94063c13f4568cc96d809faad6d7c6801df369ce Author: Martin Taal <martin.taal <at> openbravo.com> Date: Fri Dec 02 19:38:20 2016 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/94063c13f4568cc96d809faad6d7c6801df369ce [^] Fixes issue 34486: Support web/mobile service requests which do not create a http session but still supports login Create a dbsession record also for stateless webservice requests --- M src/org/openbravo/authentication/AuthenticationManager.java --- |
|
(0092048) mtaal (viewer) 2016-12-02 19:47 |
Documentation: http://wiki.openbravo.com/wiki/How_to_create_a_new_REST_webservice#Stateless_Webservice_Requests_-_HTTP_Session [^] |
|
(0092049) mtaal (viewer) 2016-12-02 19:48 |
See the related issue 34277 for testcases |
|
(0092302) alostale (viewer) 2016-12-13 10:25 |
Code reviewed and tested |
|
(0092613) hudsonbot (viewer) 2016-12-16 18:38 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^] Maturity status: Test |
|
(0092688) hudsonbot (viewer) 2016-12-16 18:39 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2016-11-14 12:08 | mtaal | New Issue | |
| 2016-11-14 12:08 | mtaal | Assigned To | => mtaal |
| 2016-11-14 12:08 | mtaal | OBNetwork customer | => No |
| 2016-11-14 12:08 | mtaal | Modules | => Core |
| 2016-11-14 12:08 | mtaal | Triggers an Emergency Pack | => No |
| 2016-11-14 12:08 | mtaal | Relationship added | related to 0034277 |
| 2016-11-14 12:12 | mtaal | Review Assigned To | => alostale |
| 2016-11-14 12:12 | mtaal | Type | defect => feature request |
| 2016-11-14 12:22 | hgbot | Checkin | |
| 2016-11-14 12:22 | hgbot | Note Added: 0091445 | |
| 2016-11-14 12:22 | hgbot | Status | new => resolved |
| 2016-11-14 12:22 | hgbot | Resolution | open => fixed |
| 2016-11-14 12:22 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^] |
| 2016-11-14 12:25 | mtaal | Relationship added | related to 0034481 |
| 2016-11-15 11:07 | mtaal | Note Added: 0091544 | |
| 2016-11-25 10:37 | alostale | Note Added: 0091820 | |
| 2016-11-25 10:37 | alostale | Status | resolved => new |
| 2016-11-25 10:37 | alostale | Resolution | fixed => open |
| 2016-11-25 18:04 | mtaal | Note Added: 0091861 | |
| 2016-12-02 19:38 | hgbot | Checkin | |
| 2016-12-02 19:38 | hgbot | Note Added: 0092047 | |
| 2016-12-02 19:38 | hgbot | Status | new => resolved |
| 2016-12-02 19:38 | hgbot | Resolution | open => fixed |
| 2016-12-02 19:38 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^] => http://code.openbravo.com/erp/devel/pi/rev/94063c13f4568cc96d809faad6d7c6801df369ce [^] |
| 2016-12-02 19:47 | mtaal | Note Added: 0092048 | |
| 2016-12-02 19:48 | mtaal | Note Added: 0092049 | |
| 2016-12-13 10:25 | alostale | Tag Attached: Performance | |
| 2016-12-13 10:25 | alostale | Note Added: 0092302 | |
| 2016-12-13 10:25 | alostale | Status | resolved => closed |
| 2016-12-13 10:25 | alostale | Fixed in Version | => 3.0PR17Q1 |
| 2016-12-13 11:40 | caristu | Relationship added | causes 0034721 |
| 2016-12-16 18:38 | hudsonbot | Checkin | |
| 2016-12-16 18:38 | hudsonbot | Note Added: 0092613 | |
| 2016-12-16 18:39 | hudsonbot | Checkin | |
| 2016-12-16 18:39 | hudsonbot | Note Added: 0092688 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |