Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0035164 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | random | 2017-02-06 08:35 | 2017-09-21 16:49 | |||
| Reporter | alostale | View Status | public | |||||
| Assigned To | caristu | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 3.0PR17Q4 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 282b45a9521e | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | alostale | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0035164: AuthenticationManager.username thread unsafe | |||||||
| Description | AuthenticationManager class has a member username which is set and accessed by different methods [1]. An instance of AuthenticationManager is kept in the HttpSecureAppServlet as a member [2] of the servlet. Therefore username can be accessed in an inconsistent state. [1] https://code.openbravo.com/erp/devel/pi/file/0c91a26dca81/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java#l83 [^] [2] https://code.openbravo.com/erp/devel/pi/file/0c91a26dca81/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java#l83 [^] | |||||||
| Steps To Reproduce | Would need to create an artificial test to reproduce this behavior, though it possibly is reproducible in real cases. | |||||||
| Tags | multiThread | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0098883) hgbot (developer) 2017-09-07 11:59 |
Repository: erp/devel/pi Changeset: d21362467e8bd529b903fff261f950bf8a75c693 Author: Carlos Aristu <carlos.aristu <at> openbravo.com> Date: Thu Sep 07 11:56:46 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/d21362467e8bd529b903fff261f950bf8a75c693 [^] related to issue 35164: initial code improvements - Reorder the modifiers of the getAuthenticationManager method to comply with the Java Language Specification - Created new private constant for "#AD_SESSION_ID" - Use faster indexOf(char) method --- M src/org/openbravo/authentication/AuthenticationManager.java --- |
|
(0098912) caristu (developer) 2017-09-08 13:18 edited on: 2017-09-08 13:38 |
Repository: erp/devel/pi Changeset: 282b45a9521e Author: Carlos Aristu <carlos.aristu <at> openbravo.com> Date: Fri Sep 08 13:09:04 2017 +0200 URL: https://code.openbravo.com/erp/devel/pi/rev/282b45a9521e [^] fixes issue 36807: remove AuthenticationManager.username field --- M src/org/openbravo/authentication/AuthenticationManager.java M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java --- |
|
(0098963) hgbot (developer) 2017-09-12 09:29 |
Repository: erp/devel/pi Changeset: 93aa822ffff308bd1420fd928ba20c6157c579bc Author: Carlos Aristu <carlos.aristu <at> openbravo.com> Date: Tue Sep 12 09:21:01 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/93aa822ffff308bd1420fd928ba20c6157c579bc [^] related to issue 35164: code review improvements - Initialize the ThreadLocal variable (loginName) on every call to authenticate. Thus, we ensure that its value is cleaned up when Tomcat reuses a thread. - Use new UserLoginInfo to keep the login credentials instead of using a map. --- M src/org/openbravo/authentication/AuthenticationManager.java M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java --- |
|
(0098966) hgbot (developer) 2017-09-12 09:34 |
Repository: erp/devel/pi Changeset: efcc5da08f96ef95133a3bfef76f08a35282dcbe Author: Carlos Aristu <carlos.aristu <at> openbravo.com> Date: Tue Sep 12 09:33:36 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/efcc5da08f96ef95133a3bfef76f08a35282dcbe [^] related to issue 35164: use correct param name in javadoc --- M src/org/openbravo/authentication/AuthenticationManager.java --- |
|
(0098972) alostale (manager) 2017-09-12 10:57 |
reviewed + tested |
|
(0099366) hudsonbot (developer) 2017-09-21 16:49 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^] Maturity status: Test |
|
(0099370) hudsonbot (developer) 2017-09-21 16:49 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^] Maturity status: Test |
|
(0099377) hudsonbot (developer) 2017-09-21 16:49 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^] Maturity status: Test |
|
(0099378) hudsonbot (developer) 2017-09-21 16:49 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2017-02-06 08:35 | alostale | New Issue | |
| 2017-02-06 08:35 | alostale | Assigned To | => platform |
| 2017-02-06 08:35 | alostale | Modules | => Core |
| 2017-02-06 08:35 | alostale | Triggers an Emergency Pack | => No |
| 2017-02-06 08:35 | alostale | Relationship added | blocks 0034664 |
| 2017-02-06 08:35 | alostale | Tag Attached: multiThread | |
| 2017-02-06 08:35 | alostale | Status | new => acknowledged |
| 2017-09-07 11:50 | caristu | Assigned To | platform => caristu |
| 2017-09-07 11:50 | caristu | Status | acknowledged => scheduled |
| 2017-09-07 11:59 | hgbot | Checkin | |
| 2017-09-07 11:59 | hgbot | Note Added: 0098883 | |
| 2017-09-07 19:09 | caristu | Relationship added | depends on 0036807 |
| 2017-09-07 19:21 | caristu | Relationship added | related to 0036808 |
| 2017-09-08 13:18 | caristu | Note Added: 0098912 | |
| 2017-09-08 13:18 | caristu | Status | scheduled => resolved |
| 2017-09-08 13:18 | caristu | Fixed in SCM revision | => 282b45a9521e |
| 2017-09-08 13:18 | caristu | Resolution | open => fixed |
| 2017-09-08 13:18 | caristu | Note Edited: 0098912 | View Revisions |
| 2017-09-08 13:19 | caristu | Review Assigned To | => alostale |
| 2017-09-08 13:20 | caristu | Note Edited: 0098912 | View Revisions |
| 2017-09-08 13:32 | caristu | Fixed in SCM revision | 282b45a9521e => 282b45a9521ehttps://code.openbravo.com/erp/devel/pi/rev/282b45a9521e [^] |
| 2017-09-08 13:32 | caristu | Fixed in SCM revision | 282b45a9521ehttps://code.openbravo.com/erp/devel/pi/rev/282b45a9521e [^] => https://code.openbravo.com/erp/devel/pi/rev/282b45a9521e [^] |
| 2017-09-08 13:38 | caristu | Note Edited: 0098912 | View Revisions |
| 2017-09-12 09:29 | hgbot | Checkin | |
| 2017-09-12 09:29 | hgbot | Note Added: 0098963 | |
| 2017-09-12 09:34 | hgbot | Checkin | |
| 2017-09-12 09:34 | hgbot | Note Added: 0098966 | |
| 2017-09-12 10:57 | alostale | Note Added: 0098972 | |
| 2017-09-12 10:57 | alostale | Status | resolved => closed |
| 2017-09-12 10:57 | alostale | Fixed in Version | => 3.0PR17Q4 |
| 2017-09-21 16:49 | hudsonbot | Checkin | |
| 2017-09-21 16:49 | hudsonbot | Note Added: 0099366 | |
| 2017-09-21 16:49 | hudsonbot | Checkin | |
| 2017-09-21 16:49 | hudsonbot | Note Added: 0099370 | |
| 2017-09-21 16:49 | hudsonbot | Checkin | |
| 2017-09-21 16:49 | hudsonbot | Note Added: 0099377 | |
| 2017-09-21 16:49 | hudsonbot | Checkin | |
| 2017-09-21 16:49 | hudsonbot | Note Added: 0099378 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |