You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Rene Frauli <ma...@frauli.de> on 2012/11/12 22:01:32 UTC
Tenant authentication problem in 12.04
Hello,
In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
store the delegator, dispatcher, security and the authz in the session
only in the request.
The effect is that the session for the tenant is not correct and the
tenant cannot be used at all with strange effects. For e.g. data are
stored with the default delegator.
In comparison with the related method in 11.04 if have added the missing
lines see below and now the tenant is working correctly again.
private static void setWebContextObjects(HttpServletRequest request,
HttpServletResponse response, Delegator delegator, LocalDispatcher
dispatcher) {
HttpSession session = request.getSession();
// NOTE: we do NOT want to set this in the servletContext, only
in the request and session
// We also need to setup the security and authz objects since
they are dependent on the delegator
Security security = null;
try {
security = SecurityFactory.getInstance(delegator);
} catch (SecurityConfigurationException e) {
Debug.logError(e, module);
}
Authorization authz = null;
try {
authz = AuthorizationFactory.getInstance(delegator);
} catch (SecurityConfigurationException e) {
Debug.logError(e, module);
}
session.setAttribute("delegatorName",
delegator.getDelegatorName());
request.setAttribute("delegator", delegator);
//Missing in 12.04
session.setAttribute("delegator", delegator);
request.setAttribute("dispatcher", dispatcher);
/Missing 12.04
session.setAttribute("dispatcher", dispatcher);
request.setAttribute("security", security);
//Missing 12.04
session.setAttribute("security", security);
request.setAttribute("authz", authz);
//Missing 12.04
session.setAttribute("authz", authz);
// get rid of the visit info since it was pointing to the
previous database, and get a new one
session.removeAttribute("visitor");
session.removeAttribute("visit");
VisitHandler.getVisitor(request, response);
VisitHandler.getVisit(session);
}
Regards
Rene
Re: Tenant authentication problem in 12.04
Posted by Paul Foxworthy <pa...@cohsoft.com.au>.
Hi Rene,
See changeset 1353681
https://fisheye6.atlassian.com/changelog/ofbiz?cs=1353681
and the discussion on Jira issue OFBIZ-4289
https://issues.apache.org/jira/browse/OFBIZ-4289
I hope Jacopo or Jacques have a bit more to say on this.
Cheers
Paul Foxworthy
Rene Frauli wrote
> Hello,
>
> In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
> store the delegator, dispatcher, security and the authz in the session
> only in the request.
>
> The effect is that the session for the tenant is not correct and the
> tenant cannot be used at all with strange effects. For e.g. data are
> stored with the default delegator.
>
> In comparison with the related method in 11.04 if have added the missing
> lines see below and now the tenant is working correctly again.
>
>
> private static void setWebContextObjects(HttpServletRequest request,
> HttpServletResponse response, Delegator delegator, LocalDispatcher
> dispatcher) {
> HttpSession session = request.getSession();
> // NOTE: we do NOT want to set this in the servletContext, only
> in the request and session
> // We also need to setup the security and authz objects since
> they are dependent on the delegator
> Security security = null;
> try {
> security = SecurityFactory.getInstance(delegator);
> } catch (SecurityConfigurationException e) {
> Debug.logError(e, module);
> }
> Authorization authz = null;
> try {
> authz = AuthorizationFactory.getInstance(delegator);
> } catch (SecurityConfigurationException e) {
> Debug.logError(e, module);
> }
>
> session.setAttribute("delegatorName",
> delegator.getDelegatorName());
>
> request.setAttribute("delegator", delegator);
>
> //Missing in 12.04
> session.setAttribute("delegator", delegator);
>
> request.setAttribute("dispatcher", dispatcher);
>
> /Missing 12.04
> session.setAttribute("dispatcher", dispatcher);
>
> request.setAttribute("security", security);
>
> //Missing 12.04
> session.setAttribute("security", security);
>
> request.setAttribute("authz", authz);
>
> //Missing 12.04
> session.setAttribute("authz", authz);
>
> // get rid of the visit info since it was pointing to the
> previous database, and get a new one
> session.removeAttribute("visitor");
> session.removeAttribute("visit");
> VisitHandler.getVisitor(request, response);
> VisitHandler.getVisit(session);
> }
>
> Regards
> Rene
-----
--
Coherent Software Australia Pty Ltd
http://www.coherentsoftware.com.au/
Bonsai ERP, the all-inclusive ERP system
http://www.bonsaierp.com.au/
--
View this message in context: http://ofbiz.135035.n4.nabble.com/Tenant-authentication-problem-in-12-04-tp4637493p4637495.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Tenant authentication problem in 12.04
Posted by Rene Frauli <ma...@frauli.de>.
Hi,
I have created an Issue OFBIZ-5072 for 12.04 in Jira and attached a patch.
Hope that everything is correct with the Issue, it's my first one for OFBiz.
Rene
Am 13.11.12 07:14, schrieb Jacques Le Roux:
> Hi,
>
> Could you please provide a patch in a Jira?
> https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices
>
> Jacques
>
> From: "Rene Frauli" <ma...@frauli.de>
>> Hello,
>>
>> In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
>> store the delegator, dispatcher, security and the authz in the session
>> only in the request.
>>
>> The effect is that the session for the tenant is not correct and the
>> tenant cannot be used at all with strange effects. For e.g. data are
>> stored with the default delegator.
>>
>> In comparison with the related method in 11.04 if have added the missing
>> lines see below and now the tenant is working correctly again.
>>
>>
>> private static void setWebContextObjects(HttpServletRequest request,
>> HttpServletResponse response, Delegator delegator, LocalDispatcher
>> dispatcher) {
>> HttpSession session = request.getSession();
>> // NOTE: we do NOT want to set this in the servletContext, only
>> in the request and session
>> // We also need to setup the security and authz objects since
>> they are dependent on the delegator
>> Security security = null;
>> try {
>> security = SecurityFactory.getInstance(delegator);
>> } catch (SecurityConfigurationException e) {
>> Debug.logError(e, module);
>> }
>> Authorization authz = null;
>> try {
>> authz = AuthorizationFactory.getInstance(delegator);
>> } catch (SecurityConfigurationException e) {
>> Debug.logError(e, module);
>> }
>>
>> session.setAttribute("delegatorName",
>> delegator.getDelegatorName());
>>
>> request.setAttribute("delegator", delegator);
>>
>> //Missing in 12.04
>> session.setAttribute("delegator", delegator);
>>
>> request.setAttribute("dispatcher", dispatcher);
>>
>> /Missing 12.04
>> session.setAttribute("dispatcher", dispatcher);
>>
>> request.setAttribute("security", security);
>>
>> //Missing 12.04
>> session.setAttribute("security", security);
>>
>> request.setAttribute("authz", authz);
>>
>> //Missing 12.04
>> session.setAttribute("authz", authz);
>>
>> // get rid of the visit info since it was pointing to the
>> previous database, and get a new one
>> session.removeAttribute("visitor");
>> session.removeAttribute("visit");
>> VisitHandler.getVisitor(request, response);
>> VisitHandler.getVisit(session);
>> }
>>
>> Regards
>> Rene
>>
>>
>
Re: Tenant authentication problem in 12.04
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi,
Could you please provide a patch in a Jira?
https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices
Jacques
From: "Rene Frauli" <ma...@frauli.de>
> Hello,
>
> In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
> store the delegator, dispatcher, security and the authz in the session
> only in the request.
>
> The effect is that the session for the tenant is not correct and the
> tenant cannot be used at all with strange effects. For e.g. data are
> stored with the default delegator.
>
> In comparison with the related method in 11.04 if have added the missing
> lines see below and now the tenant is working correctly again.
>
>
> private static void setWebContextObjects(HttpServletRequest request,
> HttpServletResponse response, Delegator delegator, LocalDispatcher
> dispatcher) {
> HttpSession session = request.getSession();
> // NOTE: we do NOT want to set this in the servletContext, only
> in the request and session
> // We also need to setup the security and authz objects since
> they are dependent on the delegator
> Security security = null;
> try {
> security = SecurityFactory.getInstance(delegator);
> } catch (SecurityConfigurationException e) {
> Debug.logError(e, module);
> }
> Authorization authz = null;
> try {
> authz = AuthorizationFactory.getInstance(delegator);
> } catch (SecurityConfigurationException e) {
> Debug.logError(e, module);
> }
>
> session.setAttribute("delegatorName",
> delegator.getDelegatorName());
>
> request.setAttribute("delegator", delegator);
>
> //Missing in 12.04
> session.setAttribute("delegator", delegator);
>
> request.setAttribute("dispatcher", dispatcher);
>
> /Missing 12.04
> session.setAttribute("dispatcher", dispatcher);
>
> request.setAttribute("security", security);
>
> //Missing 12.04
> session.setAttribute("security", security);
>
> request.setAttribute("authz", authz);
>
> //Missing 12.04
> session.setAttribute("authz", authz);
>
> // get rid of the visit info since it was pointing to the
> previous database, and get a new one
> session.removeAttribute("visitor");
> session.removeAttribute("visit");
> VisitHandler.getVisitor(request, response);
> VisitHandler.getVisit(session);
> }
>
> Regards
> Rene
>
>