[ https://issues.apache.org/jira/browse/OFBIZ-5019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13558277#comment-13558277 ]
Carsten Schinzer commented on OFBIZ-5019: ----------------------------------------- Meanwhile I did some research in the codebase regarding the question where the various code bits to lookup a delegator parameter. Search for '.getAttribute("delegator")" in any java file of hte code base results basically as follows: - ContextFilter and LoginWorker do lookup such attributes from Session, Visit and HttpRequest while - any other java class does this lookup from HttpRequest Yet, I do not find any hint how the basic delegator lookup for backoffice applications work except the following: - when excluding the rewrite of delegatorName in the ServletContext from ContextFilter, the backoffice apps do not show tenant data. - when explicitly rewriting the ServletContex's attribute called "delegator", then the backoffice applications do show tenant data I am looking for any hint that would show how (or where) the backoffice applications lookup the delegator to use. > Multitenant delegator assignment not working correctly > ------------------------------------------------------- > > Key: OFBIZ-5019 > URL: https://issues.apache.org/jira/browse/OFBIZ-5019 > Project: OFBiz > Issue Type: Bug > Components: ALL APPLICATIONS, framework > Affects Versions: SVN trunk > Environment: multitenantuse = "Y" > Tenant with no Domain setting or Tenant using different domain for backend > applications > Reporter: Carsten Schinzer > Labels: authentication, context, multitenancy, security > Attachments: > OFBIZ-5019_Multitenant_delegator_assignment_not_working_correctly.patch > > Original Estimate: 168h > Remaining Estimate: 168h > > This issue arises when Multitenancy is in use. It arises only on backend > applications (as typically the frontend store applications will use a context > variable defined in web.xml to determin the delegator to be used (ie. the > database to use for data lookups etc). > The issue manifests as follows: > * the wrong data is read for standard backoffice displays (e.g. orders, > accounts, etc.); it is the dataa from the default datasource, not the > tenant´s data source > * in the backend apps certain functions require authentication (checked > dynamically) and this will fail when the default delegator is used since the > tenant's user accounts will differ (if not in name then in password hashes) > from the default datasource -- this leads to authentication warnings all over > the place > * one will not be able to mainpulate data of course, either -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira