Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0035172
TypeCategorySeverityReproducibilityDate SubmittedLast Update
feature request[Openbravo ERP] A. Platformminorhave not tried2017-02-06 17:352017-03-15 20:19
ReportermtaalView Statuspublic 
Assigned Tomtaal 
PrioritynormalResolutionfixedFixed in Version3.0PR17Q2
StatusclosedFix in branchFixed in SCM revision1605b906892b
ProjectionnoneETAnoneTarget Version3.0PR17Q2
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0035172: In case of stateless request make sure OBContext is set and let VariableBase and other core ERP code not create a session

DescriptionThe VariableBase [1] always creates a session, also in case of a stateless session.

Also in case of a stateless request we should log an error if a http session gets created.

[1]
https://code.openbravo.com/erp/devel/pi/file/01c864252395/src-core/src/org/openbravo/base/VariablesBase.java#l79 [^]
Steps To ReproduceExecute retail test cases found here [1]

[1]
https://code.openbravo.com/tools/automation/pi-mobile/file/tip/src-test/org/openbravo/test/mobile/retail/pack/webservice/tests/orderloader/RetailOrderLoaderTest.java [^]
Proposed SolutionAdd log statement in the session context listener [1]

Prevent the variable base class from creating a session in case of a stateless request [2].

[1]
https://code.openbravo.com/erp/devel/pi/file/01c864252395/src/org/openbravo/erpCommon/security/SessionListener.java#l151 [^]
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
has duplicate defect 0035144 closedmtaal Retail Modules [Store Server 2402]Stateless Authentication not working with External Order Loader 

-  Notes
(0094139)
hgbot (developer)
2017-02-08 09:38

Repository: tools/automation/pi-mobile
Changeset: c55fdc10cb2447a5d75887ba82739f7be9ceb27a
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Wed Feb 08 09:38:12 2017 +0100
URL: http://code.openbravo.com/tools/automation/pi-mobile/rev/c55fdc10cb2447a5d75887ba82739f7be9ceb27a [^]

Related to issue 35172 and issue 35171: added testcases for stateless/basic authentication
Use new class TestExternalOrderLoader to validate on the server that requests are indeed
stateless.
Explicitly add basic authentication headers

---
M src-test/org/openbravo/test/mobile/retail/extmodules/unittest/suites/StatelessTestSuite.java
M src-test/org/openbravo/test/mobile/retail/mobilecore/webservice/WebServicesHelper.java
M src-test/org/openbravo/test/mobile/retail/pack/webservice/tests/orderloader/BaseRetailOrderLoaderTest.java
A src-test/org/openbravo/test/mobile/retail/extmodules/unittest/tests/statelesswebservice/StatelessRetailOrderLoaderTest.java
A src-test/org/openbravo/test/mobile/retail/extmodules/unittest/tests/statelesswebservice/message-order-minimal-1.json
A src-test/org/openbravo/test/mobile/retail/extmodules/unittest/tests/statelesswebservice/message-order-multiline-1.json
---
(0094142)
hgbot (developer)
2017-02-08 09:42

Repository: erp/devel/pi
Changeset: 1605b906892b1cb17278557e5ed4bbf5043328e1
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Wed Feb 08 09:41:56 2017 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/1605b906892b1cb17278557e5ed4bbf5043328e1 [^]

Fixes issue 35172: In case of stateless request make sure OBContext is set
Prevent VariableBase from creating a session in case of stateless request
Set the OBContext explicitly in case of stateless request
Add a log statement in case a session is created in case of a stateless request

---
M src-core/src/org/openbravo/base/VariablesBase.java
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
M src/org/openbravo/erpCommon/security/SessionListener.java
---
(0094208)
alostale (manager)
2017-02-10 08:52

reviewed
(0095169)
hudsonbot (developer)
2017-03-15 20:19

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2017-02-06 17:35 mtaal New Issue
2017-02-06 17:35 mtaal Assigned To => mtaal
2017-02-06 17:35 mtaal Modules => Core
2017-02-06 17:35 mtaal Triggers an Emergency Pack => No
2017-02-06 17:36 mtaal Summary In case of stateless request then let VariableBase and other core ERP code not create a session => In case of stateless request make sure OBContext is set and let VariableBase and other core ERP code not create a session
2017-02-06 17:36 mtaal Relationship added causes 0035144
2017-02-08 09:38 hgbot Checkin
2017-02-08 09:38 hgbot Note Added: 0094139
2017-02-08 09:39 mtaal Review Assigned To => alostale
2017-02-08 09:42 hgbot Checkin
2017-02-08 09:42 hgbot Note Added: 0094142
2017-02-08 09:42 hgbot Status new => resolved
2017-02-08 09:42 hgbot Resolution open => fixed
2017-02-08 09:42 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/1605b906892b1cb17278557e5ed4bbf5043328e1 [^]
2017-02-08 09:42 mtaal Relationship replaced has duplicate 0035144
2017-02-10 08:52 alostale Note Added: 0094208
2017-02-10 08:52 alostale Status resolved => closed
2017-02-10 08:52 alostale Fixed in Version => 3.0PR17Q2
2017-03-15 20:19 hudsonbot Checkin
2017-03-15 20:19 hudsonbot Note Added: 0095169


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker