Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0039776
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajoralways2018-12-10 16:392018-12-19 22:30
ReporternicolasurizView Statuspublic 
Assigned Tojarmendariz 
PrioritynormalResolutionfixedFixed in Version3.0PR19Q1
StatusclosedFix in branchFixed in SCM revision925d93d4e897
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0039776: OBSecurityException appears after login with user with no roles

DescriptionWhen you attempt to login with an user which has no roles (or no role that allows access to backend), login form shows an error message notifying that. However, if page is reloaded, an error page appears indicating there was an unhandled exception.

Looking at the log file, this exception is caused by the following stacktrace:

2018-12-13 10:56:44,170 [http-bio-8080-exec-10] ERROR org.openbravo.dal.core.ThreadHandler - Your user is not assigned to a Role and it is required to login into Openbravo. Ask the Security Administrator
org.openbravo.base.exception.OBSecurityException: Your user is not assigned to a Role and it is required to login into Openbravo. Ask the Security Administrator
    at org.openbravo.dal.core.OBContext.initialize(OBContext.java:880) ~[classes/:?]
    at org.openbravo.dal.core.OBContext.initialize(OBContext.java:814) ~[classes/:?]
    at org.openbravo.dal.core.OBContext.initialize(OBContext.java:808) ~[classes/:?]
    at org.openbravo.dal.core.OBContext.setFromRequest(OBContext.java:777) ~[classes/:?]
    at org.openbravo.dal.core.OBContext.setOBContext(OBContext.java:419) ~[classes/:?]
    at org.openbravo.dal.core.DalRequestFilter$1.doBefore(DalRequestFilter.java:78) ~[classes/:?]
    at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:45) [classes/:?]
    at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:105) [classes/:?]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.72]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.72]
    at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) [log4j-web-2.11.1.jar:2.11.1]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.72]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.72]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) [catalina.jar:7.0.72]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [catalina.jar:7.0.72]
...
Steps To Reproduce1. Login to backend
2. Create a user without any role or POS Terminal access.
3. Log out from backend
4. Login with the new user created
5. Login form shows an error message. This is OK
6. Refresh the web page
7. An "unexpected error" error page is displayed and it does not allow to keep working.
Proposed SolutionWhen refreshing page, it should render the login page instead of the exception page.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
causes defect 0040787 closedalostale Retail Modules User roles requires backend access to login in WebPOS 

-  Notes
(0108630)
hgbot (developer)
2018-12-17 09:30

Repository: erp/devel/pi
Changeset: 925d93d4e8971f34caf04cd2cad44223fa74bf3c
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Fri Dec 14 12:21:18 2018 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/925d93d4e8971f34caf04cd2cad44223fa74bf3c [^]

Fixed issue 39776: Exception appears after login with user with no roles

Now current session is cleared if a error is found in login process. This
prevents the user to be stuck in a exception screen with no chance to log in
again.

---
M src/org/openbravo/base/secureApp/LoginHandler.java
---
(0108641)
hudsonbot (developer)
2018-12-17 13:48

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/5420c0828280 [^]
Maturity status: Test
(0108676)
hgbot (developer)
2018-12-19 14:52

Repository: erp/devel/pi
Changeset: fd2a2aa98d5430821000a880b9c0c72e53add14a
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Wed Dec 19 14:51:41 2018 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/fd2a2aa98d5430821000a880b9c0c72e53add14a [^]

related to bug 39776: apply format

---
M src/org/openbravo/base/secureApp/LoginHandler.java
---
(0108677)
alostale (developer)
2018-12-19 16:38

reviewed + tested
(0108680)
hudsonbot (developer)
2018-12-19 22:30

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/3349fdedc036 [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2018-12-10 16:39 nicolasuriz New Issue
2018-12-10 16:39 nicolasuriz Assigned To => platform
2018-12-10 16:39 nicolasuriz Modules => Core
2018-12-10 16:39 nicolasuriz Triggers an Emergency Pack => No
2018-12-13 11:40 jarmendariz Assigned To platform => jarmendariz
2018-12-13 11:40 jarmendariz Status new => acknowledged
2018-12-13 11:40 jarmendariz Status acknowledged => scheduled
2018-12-13 17:08 jarmendariz Summary Unexpected error message displayed => OBSecurityException appears after login with user with no roles
2018-12-13 17:08 jarmendariz Description Updated View Revisions
2018-12-13 17:08 jarmendariz Steps to Reproduce Updated View Revisions
2018-12-13 17:08 jarmendariz Proposed Solution updated
2018-12-17 09:30 hgbot Checkin
2018-12-17 09:30 hgbot Note Added: 0108630
2018-12-17 09:30 hgbot Status scheduled => resolved
2018-12-17 09:30 hgbot Resolution open => fixed
2018-12-17 09:30 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/925d93d4e8971f34caf04cd2cad44223fa74bf3c [^]
2018-12-17 12:26 jarmendariz Review Assigned To => alostale
2018-12-17 13:48 hudsonbot Checkin
2018-12-17 13:48 hudsonbot Note Added: 0108641
2018-12-19 14:52 hgbot Checkin
2018-12-19 14:52 hgbot Note Added: 0108676
2018-12-19 16:38 alostale Note Added: 0108677
2018-12-19 16:38 alostale Status resolved => closed
2018-12-19 16:39 alostale Fixed in Version => 3.0PR19Q1
2018-12-19 22:30 hudsonbot Checkin
2018-12-19 22:30 hudsonbot Note Added: 0108680
2019-05-06 15:40 alostale Relationship added causes 0040787


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker