Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0034486
TypeCategorySeverityReproducibilityDate SubmittedLast Update
feature request[Openbravo ERP] A. Platformmajorhave not tried2016-11-14 12:082016-12-16 18:39
ReportermtaalView Statuspublic 
Assigned Tomtaal 
PrioritynormalResolutionfixedFixed in Version3.0PR17Q1
StatusclosedFix in branchFixed in SCM revision94063c13f456
ProjectionnoneETAnoneTarget Version3.0PR17Q1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0034486: Support web/mobile service requests which do not create a http session but still supports login

DescriptionAs Openbravo is used more and more in multi-server environments with webservices used for integrations we need to support fast web services which have a low resource usage.

Currently in Openbravo every web service request will create a http session. In system to system webservice calls it is often not possible to keep track of the http session. So each webservice request will create a new http session. This is not a good approach in high volume webservice request environments.
Steps To ReproduceCheck webservice testcases
Proposed SolutionSupport stateless webservice request by either passing in a parameter to the request (stateless=true) or annotation the webservice implementation that it works stateless.
TagsPerformance
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to feature request 0034277RR17Q1 closedmtaal Retail Modules Support stateless web/mobile service requests which do not create a http session but still supports login 
related to feature request 00344813.0PR17Q1 closedmtaal Openbravo ERP Webservice and standard login support different request parameters for login, support same parameters in webservice/standard 
causes defect 0034721 closedmtaal Openbravo ERP Error thrown in the log after invoking a JSON Rest Web Service 

-  Notes
(0091445)
hgbot (developer)
2016-11-14 12:22

Repository: erp/devel/pi
Changeset: b59cceedafd36944a56a5cf3aa12e3e143f1e084
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Mon Nov 14 12:22:05 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^]

Fixes issue 34486: Support stateless requests
Various code changes to prevent http session creation in some cases and set the correct attribute in the http request object
to track that a request is stateless.

Summary of changes:
- JsonUtils: prevent creation of a session when generating error message
- AuthenticationManager: define the stateless parameter and annotation, some common utility methods, prevent setting dbsession record when stateless request, and prevent creating session when clearing the session
- DefaultAuthenticationManager: when stateless use the webservice login approach
- HttpSecureAppServlet: small change to prevent accidental creation of http session, move common code to method, use it to check license restrictions when doing stateless request
- BaseWebServiceServlet: set the stateless request attribute if this is a stateless request
- WebServiceServlet: moved code to parent class for re-use and checking if a webservice is stateless

---
M modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonUtils.java
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
M src/org/openbravo/service/web/BaseWebServiceServlet.java
M src/org/openbravo/service/web/WebServiceServlet.java
---
(0091544)
mtaal (manager)
2016-11-15 11:07

Documentation will be added after review here:
http://wiki.openbravo.com/wiki/How_to_create_a_new_REST_webservice [^]
(0091820)
alostale (manager)
2016-11-25 10:37

When stateless ws call is performed, no record is added to AD_Session. This causes counting ws calls to be incorrect.

https://docs.google.com/spreadsheets/d/18l2biKWeG6iGDIPqO6VuYQ_TtP_6YxyQU4KSrPvQlJ8/edit#gid=0 [^]
(0091861)
mtaal (manager)
2016-11-25 18:04

I checked the code and the stateless calls are now by default doing a webservice authentication. This is done in the DefaultAuthenticationManager [1]. It is correct that currently no ad_session record is created. But the webservice count is checked [2]. I didn't see that the ws count was using the ad_session. Where is this?

In any case I think we can say that stateless requests are always webservice-like requests. So the authenticate should always go through the webserviceauthenticate flow.
Still an ad_session can be created but I think it should be de-activated right away (when creating it) as it otherwise always stays alive. Right away, as I can't really de-activate the ad_session record at the end of the request as there is no good way to preserve/store the session id (yes using thread-local but it feels a bit to heavy for this and would need to be added in several places).

[1]
https://code.openbravo.com/erp/devel/pi/file/f169cafac730/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java#l62 [^]

[2]
https://code.openbravo.com/erp/devel/pi/file/f169cafac730/src/org/openbravo/authentication/AuthenticationManager.java#l228 [^]
(0092047)
hgbot (developer)
2016-12-02 19:38

Repository: erp/devel/pi
Changeset: 94063c13f4568cc96d809faad6d7c6801df369ce
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Fri Dec 02 19:38:20 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/94063c13f4568cc96d809faad6d7c6801df369ce [^]

Fixes issue 34486: Support web/mobile service requests which do not create a http session but still supports login
Create a dbsession record also for stateless webservice requests

---
M src/org/openbravo/authentication/AuthenticationManager.java
---
(0092048)
mtaal (manager)
2016-12-02 19:47

Documentation:
http://wiki.openbravo.com/wiki/How_to_create_a_new_REST_webservice#Stateless_Webservice_Requests_-_HTTP_Session [^]
(0092049)
mtaal (manager)
2016-12-02 19:48

See the related issue 34277 for testcases
(0092302)
alostale (manager)
2016-12-13 10:25

Code reviewed and tested
(0092613)
hudsonbot (developer)
2016-12-16 18:38

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test
(0092688)
hudsonbot (developer)
2016-12-16 18:39

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/dc8bf00badd0 [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2016-11-14 12:08 mtaal New Issue
2016-11-14 12:08 mtaal Assigned To => mtaal
2016-11-14 12:08 mtaal Modules => Core
2016-11-14 12:08 mtaal Triggers an Emergency Pack => No
2016-11-14 12:08 mtaal Relationship added related to 0034277
2016-11-14 12:12 mtaal Review Assigned To => alostale
2016-11-14 12:12 mtaal Type defect => feature request
2016-11-14 12:22 hgbot Checkin
2016-11-14 12:22 hgbot Note Added: 0091445
2016-11-14 12:22 hgbot Status new => resolved
2016-11-14 12:22 hgbot Resolution open => fixed
2016-11-14 12:22 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^]
2016-11-14 12:25 mtaal Relationship added related to 0034481
2016-11-15 11:07 mtaal Note Added: 0091544
2016-11-25 10:37 alostale Note Added: 0091820
2016-11-25 10:37 alostale Status resolved => new
2016-11-25 10:37 alostale Resolution fixed => open
2016-11-25 18:04 mtaal Note Added: 0091861
2016-12-02 19:38 hgbot Checkin
2016-12-02 19:38 hgbot Note Added: 0092047
2016-12-02 19:38 hgbot Status new => resolved
2016-12-02 19:38 hgbot Resolution open => fixed
2016-12-02 19:38 hgbot Fixed in SCM revision http://code.openbravo.com/erp/devel/pi/rev/b59cceedafd36944a56a5cf3aa12e3e143f1e084 [^] => http://code.openbravo.com/erp/devel/pi/rev/94063c13f4568cc96d809faad6d7c6801df369ce [^]
2016-12-02 19:47 mtaal Note Added: 0092048
2016-12-02 19:48 mtaal Note Added: 0092049
2016-12-13 10:25 alostale Tag Attached: Performance
2016-12-13 10:25 alostale Note Added: 0092302
2016-12-13 10:25 alostale Status resolved => closed
2016-12-13 10:25 alostale Fixed in Version => 3.0PR17Q1
2016-12-13 11:40 caristu Relationship added causes 0034721
2016-12-16 18:38 hudsonbot Checkin
2016-12-16 18:38 hudsonbot Note Added: 0092613
2016-12-16 18:39 hudsonbot Checkin
2016-12-16 18:39 hudsonbot Note Added: 0092688


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker