Re: Tenant authentication problem in 12.04

Wed, 14 Nov 2012 00:36:59 -0800 

Hi,

I have created an Issue OFBIZ-5072 for 12.04 in Jira and attached a patch.

Hope that everything is correct with the Issue, it's my first one for OFBiz.

Rene


Am 13.11.12 07:14, schrieb Jacques Le Roux:

Hi,

Could you please provide a patch in a Jira?
https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices

Jacques

From: "Rene Frauli" <[email protected]>

Hello,

In 12.04 the LoginWorker method "setWebContextObjects" object doesn't
store the delegator, dispatcher, security and the authz in the session
only in the request.

The effect is that the session for the tenant is not correct and the
tenant cannot be used at all with strange effects. For e.g. data are
stored with the default delegator.

In comparison with the related method in 11.04 if have added the missing
lines see below and now the tenant is working correctly again.


private static void setWebContextObjects(HttpServletRequest request,
HttpServletResponse response, Delegator delegator, LocalDispatcher
dispatcher) {
         HttpSession session = request.getSession();
         // NOTE: we do NOT want to set this in the servletContext, only
in the request and session
         // We also need to setup the security and authz objects since
they are dependent on the delegator
         Security security = null;
         try {
             security = SecurityFactory.getInstance(delegator);
         } catch (SecurityConfigurationException e) {
             Debug.logError(e, module);
         }
         Authorization authz = null;
         try {
             authz = AuthorizationFactory.getInstance(delegator);
         } catch (SecurityConfigurationException e) {
             Debug.logError(e, module);
         }

         session.setAttribute("delegatorName",
delegator.getDelegatorName());

         request.setAttribute("delegator", delegator);

//Missing in 12.04
         session.setAttribute("delegator", delegator);

         request.setAttribute("dispatcher", dispatcher);

/Missing 12.04
         session.setAttribute("dispatcher", dispatcher);

         request.setAttribute("security", security);

//Missing 12.04
         session.setAttribute("security", security);

         request.setAttribute("authz", authz);

//Missing 12.04
         session.setAttribute("authz", authz);

         // get rid of the visit info since it was pointing to the
previous database, and get a new one
         session.removeAttribute("visitor");
         session.removeAttribute("visit");
         VisitHandler.getVisitor(request, response);
         VisitHandler.getVisit(session);
     }

Regards
Rene

Reply via email to