Hello,
In 12.04 the LoginWorker method "setWebContextObjects" object doesn't store the delegator, dispatcher, security and the authz in the session only in the request. The effect is that the session for the tenant is not correct and the tenant cannot be used at all with strange effects. For e.g. data are stored with the default delegator. In comparison with the related method in 11.04 if have added the missing lines see below and now the tenant is working correctly again. private static void setWebContextObjects(HttpServletRequest request, HttpServletResponse response, Delegator delegator, LocalDispatcher dispatcher) { HttpSession session = request.getSession(); // NOTE: we do NOT want to set this in the servletContext, only in the request and session // We also need to setup the security and authz objects since they are dependent on the delegator Security security = null; try { security = SecurityFactory.getInstance(delegator); } catch (SecurityConfigurationException e) { Debug.logError(e, module); } Authorization authz = null; try { authz = AuthorizationFactory.getInstance(delegator); } catch (SecurityConfigurationException e) { Debug.logError(e, module); } session.setAttribute("delegatorName", delegator.getDelegatorName()); request.setAttribute("delegator", delegator); //Missing in 12.04 session.setAttribute("delegator", delegator); request.setAttribute("dispatcher", dispatcher); /Missing 12.04 session.setAttribute("dispatcher", dispatcher); request.setAttribute("security", security); //Missing 12.04 session.setAttribute("security", security); request.setAttribute("authz", authz); //Missing 12.04 session.setAttribute("authz", authz); // get rid of the visit info since it was pointing to the previous database, and get a new one session.removeAttribute("visitor"); session.removeAttribute("visit"); VisitHandler.getVisitor(request, response); VisitHandler.getVisit(session); } Regards Rene |
Hi Rene,
See changeset 1353681 https://fisheye6.atlassian.com/changelog/ofbiz?cs=1353681 and the discussion on Jira issue OFBIZ-4289 https://issues.apache.org/jira/browse/OFBIZ-4289 I hope Jacopo or Jacques have a bit more to say on this. Cheers Paul Foxworthy
--
Coherent Software Australia Pty Ltd http://www.coherentsoftware.com.au/ Bonsai ERP, the all-inclusive ERP system http://www.bonsaierp.com.au/ |
Administrator
|
In reply to this post by Rene Frauli
Hi,
Could you please provide a patch in a Jira? https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices Jacques From: "Rene Frauli" <[hidden email]> > Hello, > > In 12.04 the LoginWorker method "setWebContextObjects" object doesn't > store the delegator, dispatcher, security and the authz in the session > only in the request. > > The effect is that the session for the tenant is not correct and the > tenant cannot be used at all with strange effects. For e.g. data are > stored with the default delegator. > > In comparison with the related method in 11.04 if have added the missing > lines see below and now the tenant is working correctly again. > > > private static void setWebContextObjects(HttpServletRequest request, > HttpServletResponse response, Delegator delegator, LocalDispatcher > dispatcher) { > HttpSession session = request.getSession(); > // NOTE: we do NOT want to set this in the servletContext, only > in the request and session > // We also need to setup the security and authz objects since > they are dependent on the delegator > Security security = null; > try { > security = SecurityFactory.getInstance(delegator); > } catch (SecurityConfigurationException e) { > Debug.logError(e, module); > } > Authorization authz = null; > try { > authz = AuthorizationFactory.getInstance(delegator); > } catch (SecurityConfigurationException e) { > Debug.logError(e, module); > } > > session.setAttribute("delegatorName", > delegator.getDelegatorName()); > > request.setAttribute("delegator", delegator); > > //Missing in 12.04 > session.setAttribute("delegator", delegator); > > request.setAttribute("dispatcher", dispatcher); > > /Missing 12.04 > session.setAttribute("dispatcher", dispatcher); > > request.setAttribute("security", security); > > //Missing 12.04 > session.setAttribute("security", security); > > request.setAttribute("authz", authz); > > //Missing 12.04 > session.setAttribute("authz", authz); > > // get rid of the visit info since it was pointing to the > previous database, and get a new one > session.removeAttribute("visitor"); > session.removeAttribute("visit"); > VisitHandler.getVisitor(request, response); > VisitHandler.getVisit(session); > } > > Regards > Rene > > |
Hi,
I have created an Issue OFBIZ-5072 for 12.04 in Jira and attached a patch. Hope that everything is correct with the Issue, it's my first one for OFBiz. Rene Am 13.11.12 07:14, schrieb Jacques Le Roux: > Hi, > > Could you please provide a patch in a Jira? > https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices > > Jacques > > From: "Rene Frauli" <[hidden email]> >> Hello, >> >> In 12.04 the LoginWorker method "setWebContextObjects" object doesn't >> store the delegator, dispatcher, security and the authz in the session >> only in the request. >> >> The effect is that the session for the tenant is not correct and the >> tenant cannot be used at all with strange effects. For e.g. data are >> stored with the default delegator. >> >> In comparison with the related method in 11.04 if have added the missing >> lines see below and now the tenant is working correctly again. >> >> >> private static void setWebContextObjects(HttpServletRequest request, >> HttpServletResponse response, Delegator delegator, LocalDispatcher >> dispatcher) { >> HttpSession session = request.getSession(); >> // NOTE: we do NOT want to set this in the servletContext, only >> in the request and session >> // We also need to setup the security and authz objects since >> they are dependent on the delegator >> Security security = null; >> try { >> security = SecurityFactory.getInstance(delegator); >> } catch (SecurityConfigurationException e) { >> Debug.logError(e, module); >> } >> Authorization authz = null; >> try { >> authz = AuthorizationFactory.getInstance(delegator); >> } catch (SecurityConfigurationException e) { >> Debug.logError(e, module); >> } >> >> session.setAttribute("delegatorName", >> delegator.getDelegatorName()); >> >> request.setAttribute("delegator", delegator); >> >> //Missing in 12.04 >> session.setAttribute("delegator", delegator); >> >> request.setAttribute("dispatcher", dispatcher); >> >> /Missing 12.04 >> session.setAttribute("dispatcher", dispatcher); >> >> request.setAttribute("security", security); >> >> //Missing 12.04 >> session.setAttribute("security", security); >> >> request.setAttribute("authz", authz); >> >> //Missing 12.04 >> session.setAttribute("authz", authz); >> >> // get rid of the visit info since it was pointing to the >> previous database, and get a new one >> session.removeAttribute("visitor"); >> session.removeAttribute("visit"); >> VisitHandler.getVisitor(request, response); >> VisitHandler.getVisit(session); >> } >> >> Regards >> Rene >> >> > |
Free forum by Nabble | Edit this page |