[jira] [Commented] (OFBIZ-5019) Multitenant delegator assignment not working correctly

[Carsten Schinzer (JIRA)]

    [ 
https://issues.apache.org/jira/browse/OFBIZ-5019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446770#comment-13446770
 ] 

Carsten Schinzer commented on OFBIZ-5019:
-----------------------------------------

I have tried the following in LoginWorker.login(HTTPServletRequest request, 
HttpServletResponse response):

(...)

        String tenantId = request.getParameter("tenantId");
        if (UtilValidate.isNotEmpty(tenantId)) {
            // JIRA OFBIZ-5019 ... persist tenantId in the session
            session.setAttribute("tenantId", tenantId);

(...)

But when I print out the session parameters or HttpServletRequest parameters on 
ContextFilter, I cannot see this attribute at all.
Anything I do wrong?
                
> Multitenant delegator assignment not working  correctly
> -------------------------------------------------------
>
>                 Key: OFBIZ-5019
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5019
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL APPLICATIONS, framework
>    Affects Versions: SVN trunk
>         Environment: multitenantuse = "Y"
> Tenant with no Domain setting or Tenant using different domain for backend 
> applications
>            Reporter: Carsten Schinzer
>              Labels: authentication, context, multitenancy, security
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> This issue arises when Multitenancy is in use. It arises only on backend 
> applications (as typically the frontend store applications will use a context 
> variable defined in web.xml to determin the delegator to be used (ie. the 
> database to use for data lookups etc).
> The issue manifests as follows:
> * the wrong data is read for standard backoffice displays (e.g. orders, 
> accounts, etc.); it is the dataa from the default datasource, not the 
> tenant´s data source
> * in the backend apps certain functions require authentication (checked 
> dynamically) and this will fail when the default delegator is used since the 
> tenant's user accounts will differ (if not in name then in password hashes) 
> from the default datasource -- this leads to authentication warnings all over 
> the place
> * one will not be able to mainpulate data of course, either

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira