[ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258841#comment-13258841 ]
Pierre Smits commented on OFBIZ-4130: ------------------------------------- I believe that the following piece of code in framework/entity/src/org/ofbiz/entity/GenericDelegator.Java is the culprit: // to avoid infinite recursion, and to behave right for shared org.ofbiz.tenant entities, do nothing with the tenantId if the entityGroupName=org.ofbiz.tenant if (UtilValidate.isNotEmpty(this.delegatorTenantId) && !"org.ofbiz.tenant".equals(entityGroupName)) { helperInfo.setTenantId(this.delegatorTenantId); // get the JDBC parameters from the DB for the entityGroupName and tenantId try { // NOTE: instead of caching the GenericHelpInfo object do a cached query here and create a new object each time, will avoid issues when the database data changes during run time // NOTE: always use the base delegator for this to avoid problems when this is being initialized Delegator baseDelegator = DelegatorFactory.getDelegator(this.delegatorBaseName); GenericValue tenantDataSource = baseDelegator.findOne("TenantDataSource", true, "tenantId", this.delegatorTenantId, "entityGroupName", entityGroupName); if (tenantDataSource != null) { helperInfo.setOverrideJdbcUri(tenantDataSource.getString("jdbcUri")); helperInfo.setOverrideUsername(tenantDataSource.getString("jdbcUsername")); helperInfo.setOverridePassword(tenantDataSource.getString("jdbcPassword")); } else { /* don't log this, happens too many times: if (Debug.warningOn()) { Debug.logWarning("Could not find TenantDataSource information for tenantId=[" + this.delegatorTenantId + "] and entityGroupName=[" + entityGroupName + "] in delegator [" + this.delegatorFullName + "]; will be defaulting to settings for the base delegator name [" + this.delegatorBaseName + "]", module); } */ } } catch (GenericEntityException e) { // don't complain about this too much, just log the error if there is one Debug.logInfo(e, "Error getting TenantDataSource info for tenantId=" + this.delegatorTenantId + ", entityGroupName=" + entityGroupName, module); } } Especially the remark at the top lead to this construction. But it is a wrong assumption. When used with production databases, like MySQL and PostgreSQL, just adding data through manual processes in webtools or even using ant targets do not create the recursions talked about. Only the organization in control of the OFBiz instance and having access to the underlying systems can create new tenants. > Tenant super user (tenant admin) can view all database details of all tenants > ----------------------------------------------------------------------------- > > Key: OFBIZ-4130 > URL: https://issues.apache.org/jira/browse/OFBIZ-4130 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Release Branch 10.04, SVN trunk > Reporter: Pierre Smits > Priority: Critical > Fix For: Release Branch 10.04, SVN trunk > > > When a new tenant is created and the super user of the tenant (the > tenant-admin) logs in to WebTools and views the tables Tenant and > TenantDataSource he/she can see all details of the tenant databases, incl > TenantName, userID and password of the tenant databases. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira