Tenant authentication problem in 12.04

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Tenant authentication problem in 12.04

Rene Frauli
Hello,

In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
store the delegator, dispatcher, security and the authz in the session
only in the request.

The effect is that the session for the tenant is not correct and the
tenant cannot be used at all with strange effects. For e.g. data are
stored with the default delegator.

In comparison with the related method in 11.04 if have added the missing
lines see below and now the tenant is working correctly again.


private static void setWebContextObjects(HttpServletRequest request,
HttpServletResponse response, Delegator delegator, LocalDispatcher
dispatcher) {
         HttpSession session = request.getSession();
         // NOTE: we do NOT want to set this in the servletContext, only
in the request and session
         // We also need to setup the security and authz objects since
they are dependent on the delegator
         Security security = null;
         try {
             security = SecurityFactory.getInstance(delegator);
         } catch (SecurityConfigurationException e) {
             Debug.logError(e, module);
         }
         Authorization authz = null;
         try {
             authz = AuthorizationFactory.getInstance(delegator);
         } catch (SecurityConfigurationException e) {
             Debug.logError(e, module);
         }

         session.setAttribute("delegatorName",
delegator.getDelegatorName());

         request.setAttribute("delegator", delegator);

        //Missing in 12.04
         session.setAttribute("delegator", delegator);

         request.setAttribute("dispatcher", dispatcher);

        /Missing 12.04
         session.setAttribute("dispatcher", dispatcher);

         request.setAttribute("security", security);

        //Missing 12.04
         session.setAttribute("security", security);

         request.setAttribute("authz", authz);

        //Missing 12.04
         session.setAttribute("authz", authz);

         // get rid of the visit info since it was pointing to the
previous database, and get a new one
         session.removeAttribute("visitor");
         session.removeAttribute("visit");
         VisitHandler.getVisitor(request, response);
         VisitHandler.getVisit(session);
     }

Regards
Rene


Reply | Threaded
Open this post in threaded view
|

Re: Tenant authentication problem in 12.04

Paul Foxworthy
Hi Rene,

See changeset 1353681

https://fisheye6.atlassian.com/changelog/ofbiz?cs=1353681

and the discussion on Jira issue OFBIZ-4289

https://issues.apache.org/jira/browse/OFBIZ-4289

I hope Jacopo or Jacques have a bit more to say on this.

Cheers

Paul Foxworthy

Rene Frauli wrote
Hello,

In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
store the delegator, dispatcher, security and the authz in the session
only in the request.

The effect is that the session for the tenant is not correct and the
tenant cannot be used at all with strange effects. For e.g. data are
stored with the default delegator.

In comparison with the related method in 11.04 if have added the missing
lines see below and now the tenant is working correctly again.


private static void setWebContextObjects(HttpServletRequest request,
HttpServletResponse response, Delegator delegator, LocalDispatcher
dispatcher) {
         HttpSession session = request.getSession();
         // NOTE: we do NOT want to set this in the servletContext, only
in the request and session
         // We also need to setup the security and authz objects since
they are dependent on the delegator
         Security security = null;
         try {
             security = SecurityFactory.getInstance(delegator);
         } catch (SecurityConfigurationException e) {
             Debug.logError(e, module);
         }
         Authorization authz = null;
         try {
             authz = AuthorizationFactory.getInstance(delegator);
         } catch (SecurityConfigurationException e) {
             Debug.logError(e, module);
         }

         session.setAttribute("delegatorName",
delegator.getDelegatorName());

         request.setAttribute("delegator", delegator);

        //Missing in 12.04
         session.setAttribute("delegator", delegator);

         request.setAttribute("dispatcher", dispatcher);

        /Missing 12.04
         session.setAttribute("dispatcher", dispatcher);

         request.setAttribute("security", security);

        //Missing 12.04
         session.setAttribute("security", security);

         request.setAttribute("authz", authz);

        //Missing 12.04
         session.setAttribute("authz", authz);

         // get rid of the visit info since it was pointing to the
previous database, and get a new one
         session.removeAttribute("visitor");
         session.removeAttribute("visit");
         VisitHandler.getVisitor(request, response);
         VisitHandler.getVisit(session);
     }

Regards
Rene
--
Coherent Software Australia Pty Ltd
http://www.coherentsoftware.com.au/

Bonsai ERP, the all-inclusive ERP system
http://www.bonsaierp.com.au/
Reply | Threaded
Open this post in threaded view
|

Re: Tenant authentication problem in 12.04

Jacques Le Roux
Administrator
In reply to this post by Rene Frauli
Hi,

Could you please provide a patch in a Jira?
https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices

Jacques

From: "Rene Frauli" <[hidden email]>

> Hello,
>
> In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
> store the delegator, dispatcher, security and the authz in the session
> only in the request.
>
> The effect is that the session for the tenant is not correct and the
> tenant cannot be used at all with strange effects. For e.g. data are
> stored with the default delegator.
>
> In comparison with the related method in 11.04 if have added the missing
> lines see below and now the tenant is working correctly again.
>
>
> private static void setWebContextObjects(HttpServletRequest request,
> HttpServletResponse response, Delegator delegator, LocalDispatcher
> dispatcher) {
>         HttpSession session = request.getSession();
>         // NOTE: we do NOT want to set this in the servletContext, only
> in the request and session
>         // We also need to setup the security and authz objects since
> they are dependent on the delegator
>         Security security = null;
>         try {
>             security = SecurityFactory.getInstance(delegator);
>         } catch (SecurityConfigurationException e) {
>             Debug.logError(e, module);
>         }
>         Authorization authz = null;
>         try {
>             authz = AuthorizationFactory.getInstance(delegator);
>         } catch (SecurityConfigurationException e) {
>             Debug.logError(e, module);
>         }
>
>         session.setAttribute("delegatorName",
> delegator.getDelegatorName());
>
>         request.setAttribute("delegator", delegator);
>
> //Missing in 12.04
>         session.setAttribute("delegator", delegator);
>
>         request.setAttribute("dispatcher", dispatcher);
>
> /Missing 12.04
>         session.setAttribute("dispatcher", dispatcher);
>
>         request.setAttribute("security", security);
>
> //Missing 12.04
>         session.setAttribute("security", security);
>
>         request.setAttribute("authz", authz);
>
> //Missing 12.04
>         session.setAttribute("authz", authz);
>
>         // get rid of the visit info since it was pointing to the
> previous database, and get a new one
>         session.removeAttribute("visitor");
>         session.removeAttribute("visit");
>         VisitHandler.getVisitor(request, response);
>         VisitHandler.getVisit(session);
>     }
>
> Regards
> Rene
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Tenant authentication problem in 12.04

Rene Frauli
Hi,

I have created an Issue OFBIZ-5072 for 12.04 in Jira and attached a patch.

Hope that everything is correct with the Issue, it's my first one for OFBiz.

Rene


Am 13.11.12 07:14, schrieb Jacques Le Roux:

> Hi,
>
> Could you please provide a patch in a Jira?
> https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices
>
> Jacques
>
> From: "Rene Frauli" <[hidden email]>
>> Hello,
>>
>> In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
>> store the delegator, dispatcher, security and the authz in the session
>> only in the request.
>>
>> The effect is that the session for the tenant is not correct and the
>> tenant cannot be used at all with strange effects. For e.g. data are
>> stored with the default delegator.
>>
>> In comparison with the related method in 11.04 if have added the missing
>> lines see below and now the tenant is working correctly again.
>>
>>
>> private static void setWebContextObjects(HttpServletRequest request,
>> HttpServletResponse response, Delegator delegator, LocalDispatcher
>> dispatcher) {
>>          HttpSession session = request.getSession();
>>          // NOTE: we do NOT want to set this in the servletContext, only
>> in the request and session
>>          // We also need to setup the security and authz objects since
>> they are dependent on the delegator
>>          Security security = null;
>>          try {
>>              security = SecurityFactory.getInstance(delegator);
>>          } catch (SecurityConfigurationException e) {
>>              Debug.logError(e, module);
>>          }
>>          Authorization authz = null;
>>          try {
>>              authz = AuthorizationFactory.getInstance(delegator);
>>          } catch (SecurityConfigurationException e) {
>>              Debug.logError(e, module);
>>          }
>>
>>          session.setAttribute("delegatorName",
>> delegator.getDelegatorName());
>>
>>          request.setAttribute("delegator", delegator);
>>
>> //Missing in 12.04
>>          session.setAttribute("delegator", delegator);
>>
>>          request.setAttribute("dispatcher", dispatcher);
>>
>> /Missing 12.04
>>          session.setAttribute("dispatcher", dispatcher);
>>
>>          request.setAttribute("security", security);
>>
>> //Missing 12.04
>>          session.setAttribute("security", security);
>>
>>          request.setAttribute("authz", authz);
>>
>> //Missing 12.04
>>          session.setAttribute("authz", authz);
>>
>>          // get rid of the visit info since it was pointing to the
>> previous database, and get a new one
>>          session.removeAttribute("visitor");
>>          session.removeAttribute("visit");
>>          VisitHandler.getVisitor(request, response);
>>          VisitHandler.getVisit(session);
>>      }
>>
>> Regards
>> Rene
>>
>>
>