Re: Tenant authentication problem in 12.04

Mon, 12 Nov 2012 22:15:37 -0800 

Hi,

Could you please provide a patch in a Jira?
https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices

Jacques

From: "Rene Frauli" <[email protected]>
> Hello,
> 
> In 12.04 the LoginWorker method "setWebContextObjects" object doesn't 
> store the delegator, dispatcher, security and the authz in the session 
> only in the request.
> 
> The effect is that the session for the tenant is not correct and the 
> tenant cannot be used at all with strange effects. For e.g. data are 
> stored with the default delegator.
> 
> In comparison with the related method in 11.04 if have added the missing 
> lines see below and now the tenant is working correctly again.
> 
> 
> private static void setWebContextObjects(HttpServletRequest request, 
> HttpServletResponse response, Delegator delegator, LocalDispatcher 
> dispatcher) {
>         HttpSession session = request.getSession();
>         // NOTE: we do NOT want to set this in the servletContext, only 
> in the request and session
>         // We also need to setup the security and authz objects since 
> they are dependent on the delegator
>         Security security = null;
>         try {
>             security = SecurityFactory.getInstance(delegator);
>         } catch (SecurityConfigurationException e) {
>             Debug.logError(e, module);
>         }
>         Authorization authz = null;
>         try {
>             authz = AuthorizationFactory.getInstance(delegator);
>         } catch (SecurityConfigurationException e) {
>             Debug.logError(e, module);
>         }
> 
>         session.setAttribute("delegatorName", 
> delegator.getDelegatorName());
> 
>         request.setAttribute("delegator", delegator);
> 
> //Missing in 12.04
>         session.setAttribute("delegator", delegator);
> 
>         request.setAttribute("dispatcher", dispatcher);
> 
> /Missing 12.04
>         session.setAttribute("dispatcher", dispatcher);
> 
>         request.setAttribute("security", security);
> 
> //Missing 12.04
>         session.setAttribute("security", security);
> 
>         request.setAttribute("authz", authz);
> 
> //Missing 12.04
>         session.setAttribute("authz", authz);
> 
>         // get rid of the visit info since it was pointing to the 
> previous database, and get a new one
>         session.removeAttribute("visitor");
>         session.removeAttribute("visit");
>         VisitHandler.getVisitor(request, response);
>         VisitHandler.getVisit(session);
>     }
> 
> Regards
> Rene
> 
>

Reply via email to