Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0041134
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securitymajoralways2019-06-20 13:362019-08-22 14:44
ReportergorkaionView Statuspublic 
Assigned Tocaristu 
PriorityhighResolutionfixedFixed in Version3.0PR19Q4
StatusclosedFix in branchFixed in SCM revisionaac71461cf2f
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0041134: Stateless Requests should not check concurrent user limit

DescriptionWhen executing a ExternalOrderLoader requests. It defined as a stateless request so it does not generate any session. But if all the concurrent users are currently logged a "No valid license" exception is thrown.

Stateless request should be able to login and execute normally even if the concurrent user limit is reached.

The authentication is done by the HttpSecureAppServlet. In the service method after the authentication in case of stateless request it is checked the forceSysAdminLogin() method. This method returns true in case the concurrent user limit is reached. Even though this kind of requests should not check it.
Steps To ReproduceOn an activated instance consume all available concurrent users.
Try to execute a call to ExternalOrderLoader using SoapUI or similar.
Proposed Solution
Modify the ActivationKey.checkOPSLimitations so when there is no activeSession (stateless request) the concurrent user limitation is not checked. Patch provided.
TagsNo tags attached.
Attached Filesdiff file icon issue41134.diff [^] (642 bytes) 2019-06-20 13:37 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0113205)
hgbot (developer)
2019-07-05 17:46

Repository: erp/devel/pi
Changeset: 17f2fcf4f7ea4bbc1915efd7e07ce882678503b7
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Fri Jul 05 17:46:35 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/17f2fcf4f7ea4bbc1915efd7e07ce882678503b7 [^]

related to issue 41134: apply correct formatting

---
M src/org/openbravo/erpCommon/obps/ActivationKey.java
---
(0113206)
hgbot (developer)
2019-07-05 18:11

Repository: erp/devel/pi
Changeset: aac71461cf2f41f3a421ea1bb1d100d3b1ef962c
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Fri Jul 05 18:10:55 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/aac71461cf2f41f3a421ea1bb1d100d3b1ef962c [^]

fixes issue 41134: Stateless Requests should not check concurrent user limit

  In case of stateless requests check OBPS limitations but do not check if the concurrent user limit is reached

---
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
M src/org/openbravo/erpCommon/obps/ActivationKey.java
---
(0113324)
alostale (developer)
2019-07-12 11:41

reviewed + tested
(0114138)
hudsonbot (developer)
2019-08-22 14:44

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/ad3efd3bd07c [^]
Maturity status: Test
(0114139)
hudsonbot (developer)
2019-08-22 14:44

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/ad3efd3bd07c [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2019-06-20 13:36 gorkaion New Issue
2019-06-20 13:36 gorkaion Assigned To => platform
2019-06-20 13:36 gorkaion Modules => Core
2019-06-20 13:36 gorkaion Triggers an Emergency Pack => No
2019-06-20 13:37 gorkaion File Added: issue41134.diff
2019-06-28 14:24 caristu Assigned To platform => caristu
2019-06-28 14:24 caristu Status new => acknowledged
2019-07-05 17:46 hgbot Checkin
2019-07-05 17:46 hgbot Note Added: 0113205
2019-07-05 18:11 hgbot Checkin
2019-07-05 18:11 hgbot Note Added: 0113206
2019-07-05 18:11 hgbot Status acknowledged => resolved
2019-07-05 18:11 hgbot Resolution open => fixed
2019-07-05 18:11 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/aac71461cf2f41f3a421ea1bb1d100d3b1ef962c [^]
2019-07-05 18:11 caristu Review Assigned To => alostale
2019-07-05 18:11 caristu Proposed Solution updated
2019-07-12 11:41 alostale Note Added: 0113324
2019-07-12 11:41 alostale Status resolved => closed
2019-07-12 11:41 alostale Fixed in Version => 3.0PR19Q4
2019-08-22 14:44 hudsonbot Checkin
2019-08-22 14:44 hudsonbot Note Added: 0114138
2019-08-22 14:44 hudsonbot Checkin
2019-08-22 14:44 hudsonbot Note Added: 0114139


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker