[
https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258841#comment-13258841
]
Pierre Smits commented on OFBIZ-4130:
-------------------------------------
I believe that the following piece of code in
framework/entity/src/org/ofbiz/entity/GenericDelegator.Java is the culprit:
// to avoid infinite recursion, and to behave right for shared org.ofbiz.tenant
entities, do nothing with the tenantId if the entityGroupName=org.ofbiz.tenant
if (UtilValidate.isNotEmpty(this.delegatorTenantId) &&
!"org.ofbiz.tenant".equals(entityGroupName)) {
helperInfo.setTenantId(this.delegatorTenantId);
// get the JDBC parameters from the DB for the entityGroupName and
tenantId
try {
// NOTE: instead of caching the GenericHelpInfo object do a
cached query here and create a new object each time, will avoid issues when the
database data changes during run time
// NOTE: always use the base delegator for this to avoid
problems when this is being initialized
Delegator baseDelegator =
DelegatorFactory.getDelegator(this.delegatorBaseName);
GenericValue tenantDataSource =
baseDelegator.findOne("TenantDataSource", true, "tenantId",
this.delegatorTenantId, "entityGroupName", entityGroupName);
if (tenantDataSource != null) {
helperInfo.setOverrideJdbcUri(tenantDataSource.getString("jdbcUri"));
helperInfo.setOverrideUsername(tenantDataSource.getString("jdbcUsername"));
helperInfo.setOverridePassword(tenantDataSource.getString("jdbcPassword"));
} else {
/* don't log this, happens too many times:
if (Debug.warningOn()) {
Debug.logWarning("Could not find TenantDataSource
information for tenantId=[" + this.delegatorTenantId + "] and
entityGroupName=[" + entityGroupName + "] in delegator [" +
this.delegatorFullName + "]; will be defaulting to settings for the base
delegator name [" + this.delegatorBaseName + "]", module);
}
*/
}
} catch (GenericEntityException e) {
// don't complain about this too much, just log the error if
there is one
Debug.logInfo(e, "Error getting TenantDataSource info for
tenantId=" + this.delegatorTenantId + ", entityGroupName=" + entityGroupName,
module);
}
}
Especially the remark at the top lead to this construction. But it is a wrong
assumption. When used with production databases, like MySQL and PostgreSQL,
just adding data through manual processes in webtools or even using ant targets
do not create the recursions talked about. Only the organization in control of
the OFBiz instance and having access to the underlying systems can create new
tenants.
> Tenant super user (tenant admin) can view all database details of all tenants
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-4130
> URL: https://issues.apache.org/jira/browse/OFBIZ-4130
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release Branch 10.04, SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
> Fix For: Release Branch 10.04, SVN trunk
>
>
> When a new tenant is created and the super user of the tenant (the
> tenant-admin) logs in to WebTools and views the tables Tenant and
> TenantDataSource he/she can see all details of the tenant databases, incl
> TenantName, userID and password of the tenant databases.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
