Cross tenant PO reading request detected from session for table AD_User Record_ID

Description

google forum thread
https://groups.google.com/g/idempiere/c/JGu16iMm5OU

Issue: user was not able to log into our internal iDempiere.

Popup appear : Cross tenant PO reading request detected from session for table AD_User Record_ID=1001793

2 tenants (1000001 and 1000002), and each people has a user in the two tenants (with same LDAPUser).
Password are stored in LDAPUser

Her AD_User_ID are 1001793 and 1001794.
ClientID UserID
1000001 1001794
1000002 1001793

Here's the log:

From what I understand, the program sets ClientID 1000001 in the Context, but PO object loaded was from clientID 1000002.

Environment

8.2

Activity

Show:
Heng Sin Low
February 1, 2021, 12:07 PM

Hi ,

  1. No, I means either to set #AD_Client_ID to 0 or reset the thread local context at around line 150 of LoginWindow. #AD_Client_ID should not have been set at that point.

  2. Even if you raise an exception or logout zk, we still have to clean up the environment context at that point since the thread will goes back to jetty’s thread pool after completion of the request/event.

  3. I think the most likely source of issue is report/process, scheduler or background job (run as job). A thread is leave will thread local environment context before goes back to the jetty thread pool.

Regards,

Low

Carlos Ruiz
February 1, 2021, 9:36 AM

Hi - do you mean adding

as line 1313?

 

I did lots of tests and was never able to reproduce the issue, so I’m just fixing it based on the stacktrace.

 

Or maybe a better patch would be to do a complete zk logout when this situation is found? It sounds like something that must not happen.

Heng Sin Low
February 1, 2021, 8:17 AM

Hi ,

I think we should make sure #AD_Client_ID is 0 at the point as well:

at org.adempiere.webui.panel.LoginPanel.validateLogin(LoginPanel.java:580) at org.adempiere.webui.window.LoginWindow.onEvent(LoginWindow.java:166)

Regards,

Low

Assignee

Carlos Ruiz

Reporter

Norbert Bede

Labels

None

Tested By

None

Fix versions

Priority

Major