Changed initialization of OBContext, removed OBContext initialization from LamAuthenticationManager
authorMartin Taal <martin.taal@openbravo.com>
Thu, 04 Jun 2009 23:32:33 +0200
changeset 3964 ffed97de08a4
parent 3963 9f3da007ec83
child 3965 e055d58802b7
Changed initialization of OBContext, removed OBContext initialization from LamAuthenticationManager
src/org/openbravo/authentication/lam/LamAuthenticationManager.java
src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
src/org/openbravo/base/secureApp/LoginHandler.java
src/org/openbravo/base/secureApp/LoginUtils.java
src/org/openbravo/dal/core/OBContext.java
--- a/src/org/openbravo/authentication/lam/LamAuthenticationManager.java	Thu Jun 04 15:18:28 2009 +0200
+++ b/src/org/openbravo/authentication/lam/LamAuthenticationManager.java	Thu Jun 04 23:32:33 2009 +0200
@@ -20,15 +20,12 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 
 import org.apache.xmlrpc.XmlRpcException;
 import org.openbravo.authentication.AuthenticationData;
 import org.openbravo.authentication.AuthenticationException;
 import org.openbravo.authentication.AuthenticationManager;
 import org.openbravo.base.HttpBaseUtils;
-import org.openbravo.base.exception.OBSecurityException;
-import org.openbravo.dal.core.OBContext;
 import org.openbravo.database.ConnectionProvider;
 
 import com.spikesource.lam.bindings.LamClient;
@@ -40,7 +37,6 @@
 public class LamAuthenticationManager implements AuthenticationManager {
 
   private ConnectionProvider conn = null;
-  private static final String AUTHENTICATED_USER_ATTRIBUTE = "#Authenticated_user";
 
   /** Creates a new instance of LamAuthenticationManager */
   public LamAuthenticationManager() {
@@ -71,15 +67,6 @@
           throw new AuthenticationException("Authenticated user is not an Openbravo ERP user: "
               + sUserName);
         }
-        request.getSession(true).setAttribute(AUTHENTICATED_USER_ATTRIBUTE, sUserId);
-        try {
-          OBContext.setOBContext(request);
-        } catch (final OBSecurityException e) {
-          // login failed, no roles specified
-          // remove authenticated user
-          request.getSession(true).removeAttribute(AUTHENTICATED_USER_ATTRIBUTE);
-          return null;
-        }
         return sUserId;
       }
     } catch (XmlRpcException e) {
@@ -97,11 +84,6 @@
     try {
       LamClient LC = new LamClient(); // TODO: configure LamClient
       LC.logout(request, response, HttpBaseUtils.getLocalAddress(request) + "/security/Menu.html");
-
-      HttpSession session = request.getSession(false);
-      if (session != null && session.getAttribute(AUTHENTICATED_USER_ATTRIBUTE) != null) {
-        request.getSession(true).removeAttribute(AUTHENTICATED_USER_ATTRIBUTE);
-      }
     } catch (XmlRpcException e) {
       throw new ServletException("Cannot close user session.", e);
     }
--- a/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java	Thu Jun 04 15:18:28 2009 +0200
+++ b/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java	Thu Jun 04 23:32:33 2009 +0200
@@ -207,16 +207,13 @@
           strWarehouse = DefaultOptionsData.defaultWarehouse(this, strUserAuth);
           if (strWarehouse == null) {
             if (!strRole.equals("0")) {
-              // enable admin mode, as normal non admin-role
-              // has no read-access to i.e. AD_OrgType
-              final boolean prevMode = OBContext.getOBContext().setInAdministratorMode(true);
+              OBContext.setAdminContext();
               try {
-
                 strWarehouse = DefaultOptionsData.getDefaultWarehouse(this, strClient, new OrgTree(
                     this, strClient).getAccessibleTree(this, strRole).toString());
 
               } finally {
-                OBContext.getOBContext().setInAdministratorMode(prevMode);
+                OBContext.setOBContext((OBContext) null);
               }
             } else
               strWarehouse = "";
--- a/src/org/openbravo/base/secureApp/LoginHandler.java	Thu Jun 04 15:18:28 2009 +0200
+++ b/src/org/openbravo/base/secureApp/LoginHandler.java	Thu Jun 04 23:32:33 2009 +0200
@@ -20,8 +20,6 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.openbravo.base.HttpBaseServlet;
-import org.openbravo.base.exception.OBSecurityException;
-import org.openbravo.dal.core.OBContext;
 import org.openbravo.utils.FormatUtilities;
 import org.openbravo.xmlEngine.XmlDocument;
 
@@ -54,18 +52,7 @@
 
       if (!strUserAuth.equals("-1")) {
         req.getSession(true).setAttribute("#Authenticated_user", strUserAuth);
-        try {
-          OBContext.setOBContext(req);
-        } catch (final OBSecurityException e) {
-          // login failed, no roles specified
-          // remove authenticated user
-          req.getSession(true).setAttribute("#Authenticated_user", null);
-          goToRetry(res, vars, e.getMessage());
-          return;
-        }
-
         goToTarget(res, vars);
-
       } else {
         goToRetry(res, vars, null);
       }
--- a/src/org/openbravo/base/secureApp/LoginUtils.java	Thu Jun 04 15:18:28 2009 +0200
+++ b/src/org/openbravo/base/secureApp/LoginUtils.java	Thu Jun 04 23:32:33 2009 +0200
@@ -14,6 +14,7 @@
 import javax.servlet.ServletException;
 
 import org.apache.log4j.Logger;
+import org.openbravo.base.exception.OBSecurityException;
 import org.openbravo.dal.core.OBContext;
 import org.openbravo.database.ConnectionProvider;
 import org.openbravo.erpCommon.utility.Utility;
@@ -60,7 +61,7 @@
     // Organizations tree
     // enable admin mode, as normal non admin-role
     // has no read-access to i.e. AD_OrgType
-    final boolean prevMode = OBContext.getOBContext().setInAdministratorMode(true);
+    OBContext.setAdminContext();
     try {
 
       OrgTree tree = new OrgTree(conn, strCliente);
@@ -71,7 +72,7 @@
       log4j.warn("Error while setting Organzation tree to session " + e);
       return false;
     } finally {
-      OBContext.getOBContext().setInAdministratorMode(prevMode);
+      OBContext.setOBContext((OBContext) null);
     }
 
     try {
@@ -161,6 +162,14 @@
       log4j.warn("Error while loading session arguments: " + e);
       return false;
     }
+
+    // set the obcontext
+    try {
+      OBContext.setOBContext(strUserAuth, strRol, strCliente, strOrg);
+    } catch (final OBSecurityException e) {
+      return false;
+    }
+
     return true;
   }
 }
--- a/src/org/openbravo/dal/core/OBContext.java	Thu Jun 04 15:18:28 2009 +0200
+++ b/src/org/openbravo/dal/core/OBContext.java	Thu Jun 04 23:32:33 2009 +0200
@@ -71,7 +71,7 @@
 
   // private static final String AD_USERID = "#AD_USER_ID";
   // TODO: maybe use authenticated user
-  private static final String AUTHENTICATED_USER = "#AUTHENTICATED_USER";
+  private static final String AUTHENTICATED_USER = "#AD_User_ID";
   private static final String ROLE = "#AD_Role_ID";
   private static final String CLIENT = "#AD_Client_ID";
   private static final String ORG = "#AD_Org_ID";
@@ -82,6 +82,22 @@
 
   private static String CONTEXT_PARAM = "#OBContext";
 
+  private static OBContext adminContext = null;
+
+  /**
+   * Sets the context to the 0 (SystemAdmin) user. Note overrides the current OBContext. This method
+   * should be used in case there is no real user context yet because the user still has to login
+   * (for example).
+   */
+  public static void setAdminContext() {
+    if (adminContext == null) {
+      setOBContext("0");
+      adminContext = getOBContext();
+    } else {
+      setOBContext(adminContext);
+    }
+  }
+
   /**
    * Sets the OBContext through the information stored in the http session of the request (mainly
    * the authenticated user).
@@ -347,6 +363,13 @@
     writableOrganizations = null;
   }
 
+  /**
+   * Sets the OBContext using the information stored in the HttpSession
+   * 
+   * @param request
+   *          the http request used to set the OBContext
+   * @return false if no user was specified in the session, true otherwise
+   */
   public boolean setFromRequest(HttpServletRequest request) {
     String userId = null;
     for (final Enumeration<?> e = request.getSession().getAttributeNames(); e.hasMoreElements();) {