Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0036808
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[Openbravo ERP] A. Platformminoralways2017-09-07 19:212022-02-01 08:08
ReportercaristuView Statuspublic 
Assigned ToTriage Platform Base 
PrioritynormalResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0036808: AuthenticationManager should be stateless

DescriptionThe AuthenticationManager class should be stateless. This class is used by the HttpSecureAppServlet[1] instances in order to ensure that the servlet requests are properly authenticated.

If this class would be stateless then it could be declared as a singleton (@ApplicationScoped) within those kind of servlets. Thus, just a single instance of this class will be reused by every servlet. Also this will help to solve any possible multi-thread unsafety in this regard.

[1] https://code.openbravo.com/erp/devel/pi/file/1fe55bea0066/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java#l84 [^]
Steps To ReproduceIn description
Proposed SolutionTo make this class stateless the following attributes should be declared as private and we should handle their assignments properly:

- protected ConnectionProvider conn
- protected String defaultServletUrl
- protected String localAdress

Please note that this will be an API change affecting those classes extending AuthenticationManager. Besides, this change would require to review those classes in deep in order to ensure that they can work properly as singletons.

TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0035164 closedcaristu AuthenticationManager.username thread unsafe 

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2017-09-07 19:21 caristu New Issue
2017-09-07 19:21 caristu Assigned To => platform
2017-09-07 19:21 caristu Modules => Core
2017-09-07 19:21 caristu Triggers an Emergency Pack => No
2017-09-07 19:21 caristu Relationship added related to 0035164
2022-02-01 08:08 alostale Assigned To platform => Triage Platform Base


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker