Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||||||
| ID | ||||||||||||
| 0055823 | ||||||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
| defect | [Openbravo ERP] A. Platform | minor | have not tried | 2024-06-24 11:40 | 2024-06-24 12:47 | |||||||
| Reporter | caristu | View Status | public | |||||||||
| Assigned To | Triage Platform Base | |||||||||||
| Priority | high | Resolution | open | Fixed in Version | ||||||||
| Status | new | Fix in branch | Fixed in SCM revision | |||||||||
| Projection | none | ETA | none | Target Version | ||||||||
| OS | Any | Database | Any | Java version | ||||||||
| OS Version | Database version | Ant version | ||||||||||
| Product Version | SCM revision | |||||||||||
| Review Assigned To | ||||||||||||
| Web browser | ||||||||||||
| Modules | Core | |||||||||||
| Regression level | ||||||||||||
| Regression date | ||||||||||||
| Regression introduced in release | ||||||||||||
| Regression introduced by commit | ||||||||||||
| Triggers an Emergency Pack | No | |||||||||||
| Summary | 0055823: User locking check should not be done in WS requests for WS-only users | |||||||||||
| Description | The check for the user locking feature[1] should not be done when authenticating via WS. This check is based on the information stored in the AD_Session table. But when authenticating via WS no AD_Session register is created so this check does not make sense at all in this flow, specially when having users configured to only consume WS. This kind of users will never have an entry linked to them in the AD_Session table. Doing this check has some performance impact when there are a lot of records in the AD_Session which can be avoided in the case of the WS requests. [1] https://wiki.openbravo.com/wiki/Functional_Documentation/General_Setup#Locking_Users [^] | |||||||||||
| Steps To Reproduce | 1) Execute a WS request 2) Note that the UserLock check[1] is done in this flow [1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/src/org/openbravo/base/secureApp/UserLock.java#L92 [^] | |||||||||||
| Tags | No tags attached. | |||||||||||
| Attached Files | ||||||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0166254) hgbot (developer) 2024-06-24 12:47 |
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1284 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2024-06-24 11:40 | caristu | New Issue | |
| 2024-06-24 11:40 | caristu | Assigned To | => Triage Platform Base |
| 2024-06-24 11:40 | caristu | Modules | => Core |
| 2024-06-24 11:40 | caristu | Triggers an Emergency Pack | => No |
| 2024-06-24 11:42 | caristu | Relationship added | related to 0035435 |
| 2024-06-24 11:48 | caristu | Relationship added | related to 0044414 |
| 2024-06-24 11:49 | caristu | Relationship added | related to 0046189 |
| 2024-06-24 11:51 | caristu | Summary | User locking check should not be done in WS authentication => User locking check should not be done in WS requests for WS-only users |
| 2024-06-24 12:47 | hgbot | Note Added: 0166254 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |