ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Schinzer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-5019) Multitenant delegator assignment not working correctly
Date Sat, 01 Sep 2012 18:09:07 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-5019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446770#comment-13446770
] 

Carsten Schinzer commented on OFBIZ-5019:
-----------------------------------------

I have tried the following in LoginWorker.login(HTTPServletRequest request, HttpServletResponse
response):

(...)

        String tenantId = request.getParameter("tenantId");
        if (UtilValidate.isNotEmpty(tenantId)) {
            // JIRA OFBIZ-5019 ... persist tenantId in the session
            session.setAttribute("tenantId", tenantId);

(...)

But when I print out the session parameters or HttpServletRequest parameters on ContextFilter,
I cannot see this attribute at all.
Anything I do wrong?
                
> Multitenant delegator assignment not working  correctly
> -------------------------------------------------------
>
>                 Key: OFBIZ-5019
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5019
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL APPLICATIONS, framework
>    Affects Versions: SVN trunk
>         Environment: multitenantuse = "Y"
> Tenant with no Domain setting or Tenant using different domain for backend applications
>            Reporter: Carsten Schinzer
>              Labels: authentication, context, multitenancy, security
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> This issue arises when Multitenancy is in use. It arises only on backend applications
(as typically the frontend store applications will use a context variable defined in web.xml
to determin the delegator to be used (ie. the database to use for data lookups etc).
> The issue manifests as follows:
> * the wrong data is read for standard backoffice displays (e.g. orders, accounts, etc.);
it is the dataa from the default datasource, not the tenant´s data source
> * in the backend apps certain functions require authentication (checked dynamically)
and this will fail when the default delegator is used since the tenant's user accounts will
differ (if not in name then in password hashes) from the default datasource -- this leads
to authentication warnings all over the place
> * one will not be able to mainpulate data of course, either

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message