You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Carsten Schinzer (JIRA)" <ji...@apache.org> on 2012/09/01 20:09:07 UTC

[jira] [Commented] (OFBIZ-5019) Multitenant delegator assignment not working correctly

    [ https://issues.apache.org/jira/browse/OFBIZ-5019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446770#comment-13446770 ] 

Carsten Schinzer commented on OFBIZ-5019:
-----------------------------------------

I have tried the following in LoginWorker.login(HTTPServletRequest request, HttpServletResponse response):

(...)

        String tenantId = request.getParameter("tenantId");
        if (UtilValidate.isNotEmpty(tenantId)) {
            // JIRA OFBIZ-5019 ... persist tenantId in the session
            session.setAttribute("tenantId", tenantId);

(...)

But when I print out the session parameters or HttpServletRequest parameters on ContextFilter, I cannot see this attribute at all.
Anything I do wrong?
                
> Multitenant delegator assignment not working  correctly
> -------------------------------------------------------
>
>                 Key: OFBIZ-5019
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5019
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL APPLICATIONS, framework
>    Affects Versions: SVN trunk
>         Environment: multitenantuse = "Y"
> Tenant with no Domain setting or Tenant using different domain for backend applications
>            Reporter: Carsten Schinzer
>              Labels: authentication, context, multitenancy, security
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> This issue arises when Multitenancy is in use. It arises only on backend applications (as typically the frontend store applications will use a context variable defined in web.xml to determin the delegator to be used (ie. the database to use for data lookups etc).
> The issue manifests as follows:
> * the wrong data is read for standard backoffice displays (e.g. orders, accounts, etc.); it is the dataa from the default datasource, not the tenant´s data source
> * in the backend apps certain functions require authentication (checked dynamically) and this will fail when the default delegator is used since the tenant's user accounts will differ (if not in name then in password hashes) from the default datasource -- this leads to authentication warnings all over the place
> * one will not be able to mainpulate data of course, either

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira