details: https://code.openbravo.com/erp/devel/pi/rev/9d919bcdb4fe changeset: 33771:9d919bcdb4fe user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Tue Apr 03 12:06:50 2018 +0200 summary: fixed bug 38161: CUR System Admin restricted sessions are counted for CU limit
When number of CU is reachead and user has Sys Admin role, a CUR session is created limiting it to oly Sys Admin role. These type of sessions were counted for CU limit preventing new sessions to be created. Now these sessions are not taken into account anymore for CU limit nor removed if limit is reached. details: https://code.openbravo.com/erp/devel/pi/rev/c0b74e09ac0c changeset: 33772:c0b74e09ac0c user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Tue Apr 03 12:08:23 2018 +0200 summary: related to bug 38161: fixed typo diffstat: modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoComponent.java | 35 +------- src/index.jsp | 2 +- src/org/openbravo/base/secureApp/HttpSecureAppServlet.java | 27 +----- src/org/openbravo/erpCommon/obps/ActivationKey.java | 44 +++++++-- 4 files changed, 41 insertions(+), 67 deletions(-) diffs (221 lines): diff -r 2cc5da8d1129 -r c0b74e09ac0c modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoComponent.java --- a/modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoComponent.java Thu Mar 29 11:00:44 2018 +0000 +++ b/modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoComponent.java Tue Apr 03 12:08:23 2018 +0200 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2010-2017 Openbravo SLU + * All portions are Copyright (C) 2010-2018 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -21,20 +21,16 @@ import java.util.ArrayList; import java.util.List; -import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.hibernate.Query; -import org.openbravo.base.secureApp.VariablesSecureApp; import org.openbravo.client.kernel.KernelConstants; import org.openbravo.client.kernel.KernelServlet; -import org.openbravo.client.kernel.RequestContext; import org.openbravo.client.kernel.SessionDynamicTemplateComponent; import org.openbravo.dal.core.OBContext; import org.openbravo.dal.service.OBDal; import org.openbravo.dal.service.OBQuery; import org.openbravo.erpCommon.obps.ActivationKey; -import org.openbravo.erpCommon.obps.ActivationKey.LicenseRestriction; import org.openbravo.model.ad.access.Role; import org.openbravo.model.ad.system.Language; import org.openbravo.model.ad.system.SystemInformation; @@ -96,37 +92,14 @@ return userRoles; } userRoles = new ArrayList<>(); - ActivationKey ak = ActivationKey.getInstance(); SystemInformation sysInfo = OBDal.getInstance().get(SystemInformation.class, "0"); boolean correctSystemStatus = sysInfo.getSystemStatus() == null || KernelServlet.getGlobalParameters().getOBProperty("safe.mode", "false") .equalsIgnoreCase("false") || sysInfo.getSystemStatus().equals("RB70"); - if (!correctSystemStatus) { - userRoles.add(new RoleInfo(OBDal.getInstance().get(Role.class, "0"))); - return userRoles; - } - if (getParameters().get(KernelConstants.HTTP_SESSION) != null) { - final HttpSession session = (HttpSession) getParameters().get(KernelConstants.HTTP_SESSION); - final String dbSessionId = (String) session.getAttribute("#AD_Session_ID".toUpperCase()); - LicenseRestriction limitation = ak.checkOPSLimitations(dbSessionId); - if (limitation == LicenseRestriction.OPS_INSTANCE_NOT_ACTIVE - || limitation == LicenseRestriction.NUMBER_OF_CONCURRENT_USERS_REACHED - || limitation == LicenseRestriction.MODULE_EXPIRED - || limitation == LicenseRestriction.NOT_MATCHED_INSTANCE - || limitation == LicenseRestriction.HB_NOT_ACTIVE - || limitation == LicenseRestriction.ON_DEMAND_OFF_PLATFORM - || limitation == LicenseRestriction.POS_TERMINALS_EXCEEDED) { - userRoles.add(new RoleInfo(OBDal.getInstance().get(Role.class, "0"))); - return userRoles; - } - } - - final HttpServletRequest request = RequestContext.get().getRequest(); - final VariablesSecureApp vars = new VariablesSecureApp(request); - boolean onlySystemAdminAccess = "Y".equals(vars - .getSessionValue("onlySystemAdminRoleShouldBeAvailableInErp")); - if (onlySystemAdminAccess) { + if (!correctSystemStatus + || ActivationKey.getInstance().forceSysAdminLogin( + (HttpSession) getParameters().get(KernelConstants.HTTP_SESSION))) { userRoles.add(new RoleInfo(OBDal.getInstance().get(Role.class, "0"))); return userRoles; } diff -r 2cc5da8d1129 -r c0b74e09ac0c src/index.jsp --- a/src/index.jsp Thu Mar 29 11:00:44 2018 +0000 +++ b/src/index.jsp Tue Apr 03 12:08:23 2018 +0200 @@ -70,7 +70,7 @@ org.openbravo.model.ad.access.Session dbSession = OBDal.getInstance().get(org.openbravo.model.ad.access.Session.class, sessionId); String currentSessionType = dbSession.getLoginStatus(); - if (!ActivationKey.consumesConcurrentUser(currentSessionType)) { + if (!ActivationKey.consumesConcurrentUser(currentSessionType) && !"CUR".equals(currentSessionType)) { // session was created not counting concurrent users, now switching to backend so they // should be counted dbSession.setLoginStatus(LoginHandler.SUCCESS_SESSION_STANDARD); diff -r 2cc5da8d1129 -r c0b74e09ac0c src/org/openbravo/base/secureApp/HttpSecureAppServlet.java --- a/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java Thu Mar 29 11:00:44 2018 +0000 +++ b/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java Tue Apr 03 12:08:23 2018 +0200 @@ -53,7 +53,6 @@ import org.openbravo.database.SessionInfo; import org.openbravo.erpCommon.obps.ActivationKey; import org.openbravo.erpCommon.obps.ActivationKey.FeatureRestriction; -import org.openbravo.erpCommon.obps.ActivationKey.LicenseRestriction; import org.openbravo.erpCommon.security.UsageAudit; import org.openbravo.erpCommon.utility.JRFieldProviderDataSource; import org.openbravo.erpCommon.utility.JRScrollableFieldProviderDataSource; @@ -224,7 +223,7 @@ // if stateless then stop here, the remaining logic uses the httpsession if (AuthenticationManager.isStatelessRequest(request)) { - if (areThereLicenseRestrictions(null)) { + if (ActivationKey.getInstance().forceSysAdminLogin(null)) { throw new AuthenticationException("No valid license"); } // make sure that there is an OBContext for the logged in user also in case of stateless @@ -273,13 +272,8 @@ .equalsIgnoreCase("false") || sysInfo.getSystemStatus().equals("RB70"); final VariablesSecureApp vars = new VariablesSecureApp(request, false); - boolean onlySystemAdminAvailable = "Y".equals(vars - .getSessionValue("onlySystemAdminRoleShouldBeAvailableInErp")); - // We check if there is a Openbravo Professional Subscription restriction in the license, - // or if the last rebuild didn't go well. If any of these are true, then the user is - // allowed to login only as system administrator - if (areThereLicenseRestrictions(variables.getDBSession()) || !correctSystemStatus - || onlySystemAdminAvailable) { + if (!correctSystemStatus + || ActivationKey.getInstance().forceSysAdminLogin(request.getSession(false))) { // it is only allowed to log as system administrator strRole = DefaultOptionsData.getDefaultSystemRole(cp, strUserAuth); if (strRole == null || strRole.equals("")) { @@ -294,6 +288,7 @@ strClient = "0"; strOrg = "0"; strWarehouse = ""; + vars.setSessionValue("onlySystemAdminRoleShouldBeAvailableInErp", "Y"); } else { RoleDefaults defaults = LoginUtils.getLoginDefaults(strUserAuth, variables.getRole(), cp); @@ -511,20 +506,6 @@ } } - // We check if there is a Openbravo Professional Subscription restriction in the license, - // or if the last rebuild didn't go well. If any of these are true, then the user is - // allowed to login only as system administrator - private boolean areThereLicenseRestrictions(String sessionId) { - LicenseRestriction limitation = ActivationKey.getInstance().checkOPSLimitations(sessionId); - return limitation == LicenseRestriction.OPS_INSTANCE_NOT_ACTIVE - || limitation == LicenseRestriction.NUMBER_OF_CONCURRENT_USERS_REACHED - || limitation == LicenseRestriction.MODULE_EXPIRED - || limitation == LicenseRestriction.NOT_MATCHED_INSTANCE - || limitation == LicenseRestriction.HB_NOT_ACTIVE - || limitation == LicenseRestriction.ON_DEMAND_OFF_PLATFORM - || limitation == LicenseRestriction.POS_TERMINALS_EXCEEDED; - } - /** * Cheks access passing all the parameters * diff -r 2cc5da8d1129 -r c0b74e09ac0c src/org/openbravo/erpCommon/obps/ActivationKey.java --- a/src/org/openbravo/erpCommon/obps/ActivationKey.java Thu Mar 29 11:00:44 2018 +0000 +++ b/src/org/openbravo/erpCommon/obps/ActivationKey.java Tue Apr 03 12:08:23 2018 +0200 @@ -245,19 +245,16 @@ /** * Session types that are not taken into account for counting concurrent users */ - @SuppressWarnings("serial") - private static final List<String> NO_CU_SESSION_TYPES = new ArrayList<String>() { - { - add("WS"); // Web service - add("WSC"); // Connector - add("OBPOS_POS"); // WebPOS - } - }; + private static final List<String> NO_CU_SESSION_TYPES = Arrays.asList(// + "WS", // Web service + "WSC", // Connector + "OBPOS_POS", // WebPOS + "CUR" // Concurrent users hard limit reached + ); - private static final List<String> BACKOFFICE_SUCESS_SESSION_TYPES = Arrays.asList(// + private static final List<String> BACKOFFICE_SUCCESS_SESSION_TYPES = Arrays.asList(// "S", // Standard success session - "SUR", // Concurrent users soft limit reached - "CUR" // Concurrent users hard limit reached + "SUR" // Concurrent users soft limit reached ); public static final Long NO_LIMIT = -1L; @@ -1116,7 +1113,7 @@ * mobile apps) if activity from them has been recently detected. */ private boolean shouldDeactivateSession(Session expiredSession, Date lastValidPingTime) { - if (BACKOFFICE_SUCESS_SESSION_TYPES.contains(expiredSession.getLoginStatus())) { + if (BACKOFFICE_SUCCESS_SESSION_TYPES.contains(expiredSession.getLoginStatus())) { // backoffice sessions use ping, they can be deactivated even if created in a different node return true; } @@ -2030,6 +2027,29 @@ return posTerminalsWarn; } + /** + * Returns whether only System Admin should be allowed, because it is already set in session or + * there are license restrictions. + */ + public boolean forceSysAdminLogin(HttpSession session) { + String dbSessionId = null; + if (session != null) { + if ("Y".equals(session.getAttribute("ONLYSYSTEMADMINROLESHOULDBEAVAILABLEINERP"))) { + return true; + } + dbSessionId = (String) session.getAttribute("#AD_SESSION_ID"); + } + + LicenseRestriction limitation = checkOPSLimitations(dbSessionId); + return limitation == LicenseRestriction.OPS_INSTANCE_NOT_ACTIVE + || limitation == LicenseRestriction.NUMBER_OF_CONCURRENT_USERS_REACHED + || limitation == LicenseRestriction.MODULE_EXPIRED + || limitation == LicenseRestriction.NOT_MATCHED_INSTANCE + || limitation == LicenseRestriction.HB_NOT_ACTIVE + || limitation == LicenseRestriction.ON_DEMAND_OFF_PLATFORM + || limitation == LicenseRestriction.POS_TERMINALS_EXCEEDED; + } + private List<ModuleLicenseRestrictions> getModuleLicenseRestrictions() { List<ModuleLicenseRestrictions> result = new ArrayList<ModuleLicenseRestrictions>(); BeanManager bm = WeldUtils.getStaticInstanceBeanManager(); ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openbravo-commits mailing list Openbravo-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openbravo-commits
