Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0041134 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | always | 2019-06-20 13:36 | 2019-08-22 14:44 | |||
| Reporter | gorkaion | View Status | public | |||||
| Assigned To | caristu | |||||||
| Priority | high | Resolution | fixed | Fixed in Version | 3.0PR19Q4 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | aac71461cf2f | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | alostale | |||||||
| OBNetwork customer | Gold | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | 10489 | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0041134: Stateless Requests should not check concurrent user limit | |||||||
| Description | When executing a ExternalOrderLoader requests. It defined as a stateless request so it does not generate any session. But if all the concurrent users are currently logged a "No valid license" exception is thrown. Stateless request should be able to login and execute normally even if the concurrent user limit is reached. The authentication is done by the HttpSecureAppServlet. In the service method after the authentication in case of stateless request it is checked the forceSysAdminLogin() method. This method returns true in case the concurrent user limit is reached. Even though this kind of requests should not check it. | |||||||
| Steps To Reproduce | On an activated instance consume all available concurrent users. Try to execute a call to ExternalOrderLoader using SoapUI or similar. | |||||||
| Proposed Solution | Modify the ActivationKey.checkOPSLimitations so when there is no activeSession (stateless request) the concurrent user limitation is not checked. Patch provided. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files |  issue41134.diff [^] (642 bytes) 2019-06-20 13:37 [Show Content]
| |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0113205) hgbot (developer) 2019-07-05 17:46 |
Repository: erp/devel/pi Changeset: 17f2fcf4f7ea4bbc1915efd7e07ce882678503b7 Author: Carlos Aristu <carlos.aristu <at> openbravo.com> Date: Fri Jul 05 17:46:35 2019 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/17f2fcf4f7ea4bbc1915efd7e07ce882678503b7 [^] related to issue 41134: apply correct formatting --- M src/org/openbravo/erpCommon/obps/ActivationKey.java --- |
|
(0113206) hgbot (developer) 2019-07-05 18:11 |
Repository: erp/devel/pi Changeset: aac71461cf2f41f3a421ea1bb1d100d3b1ef962c Author: Carlos Aristu <carlos.aristu <at> openbravo.com> Date: Fri Jul 05 18:10:55 2019 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/aac71461cf2f41f3a421ea1bb1d100d3b1ef962c [^] fixes issue 41134: Stateless Requests should not check concurrent user limit In case of stateless requests check OBPS limitations but do not check if the concurrent user limit is reached --- M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java M src/org/openbravo/erpCommon/obps/ActivationKey.java --- |
|
(0113324) alostale (viewer) 2019-07-12 11:41 |
reviewed + tested |
|
(0114138) hudsonbot (viewer) 2019-08-22 14:44 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/ad3efd3bd07c [^] Maturity status: Test |
|
(0114139) hudsonbot (viewer) 2019-08-22 14:44 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/ad3efd3bd07c [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2019-06-20 13:36 | gorkaion | New Issue | |
| 2019-06-20 13:36 | gorkaion | Assigned To | => platform |
| 2019-06-20 13:36 | gorkaion | OBNetwork customer | => Gold |
| 2019-06-20 13:36 | gorkaion | Modules | => Core |
| 2019-06-20 13:36 | gorkaion | Support ticket | => 10489 |
| 2019-06-20 13:36 | gorkaion | Resolution time | => 1562796000 |
| 2019-06-20 13:36 | gorkaion | Triggers an Emergency Pack | => No |
| 2019-06-20 13:37 | gorkaion | File Added: issue41134.diff | |
| 2019-06-28 14:24 | caristu | Assigned To | platform => caristu |
| 2019-06-28 14:24 | caristu | Status | new => acknowledged |
| 2019-07-05 17:46 | hgbot | Checkin | |
| 2019-07-05 17:46 | hgbot | Note Added: 0113205 | |
| 2019-07-05 18:11 | hgbot | Checkin | |
| 2019-07-05 18:11 | hgbot | Note Added: 0113206 | |
| 2019-07-05 18:11 | hgbot | Status | acknowledged => resolved |
| 2019-07-05 18:11 | hgbot | Resolution | open => fixed |
| 2019-07-05 18:11 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/aac71461cf2f41f3a421ea1bb1d100d3b1ef962c [^] |
| 2019-07-05 18:11 | caristu | Review Assigned To | => alostale |
| 2019-07-05 18:11 | caristu | Proposed Solution updated | |
| 2019-07-12 11:41 | alostale | Note Added: 0113324 | |
| 2019-07-12 11:41 | alostale | Status | resolved => closed |
| 2019-07-12 11:41 | alostale | Fixed in Version | => 3.0PR19Q4 |
| 2019-08-22 14:44 | hudsonbot | Checkin | |
| 2019-08-22 14:44 | hudsonbot | Note Added: 0114138 | |
| 2019-08-22 14:44 | hudsonbot | Checkin | |
| 2019-08-22 14:44 | hudsonbot | Note Added: 0114139 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |