Michael Pasternak has posted comments on this change. Change subject: restapi: Implement public queries in API(#1009843) ......................................................................
Patch Set 1: (2 comments) i'd add standalone api application for that, cause making api public-query aware is not enough, - latest authentication mechanism introduced by Juan requires wide adaptations to make it work since auth. starts way before api code, also i'd not make secure code partially secure as there always will be a bug aiming to create security breach. another reason to have it outside is a context isolation, public-api may end-up sharing cache with the engine only and having no access to the engine bean, what is means that future restriction policies (on proxy level) may not be applied on this app. only drawback is that we will have to ask users using dedicated client for that as teaching our clients working with two api at at the same time, is not that common. http://gerrit.ovirt.org/#/c/20197/1/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/interfaces/BackendLocal.java File backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/interfaces/BackendLocal.java: Line 15: VDSBrokerFrontend getResourceManager(); Line 16: Line 17: VdcQueryReturnValue RunQuery(VdcQueryType actionType, VdcQueryParametersBase parameters); Line 18: Line 19: VdcQueryReturnValue RunQuery(VdcQueryType actionType, VdcQueryParametersBase parameters, boolean isPerformUserCheck); you have RunPublicQuery for that Line 20: Line 21: public VdcReturnValueBase EndAction(VdcActionType actionType, VdcActionParametersBase parameters); Line 22: Line 23: ErrorTranslator getErrorsTranslator(); http://gerrit.ovirt.org/#/c/20197/1/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java File backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java: Line 196: * This method executes the basic authentication, and returns true whether it was successful and false otherwise. Line 197: * It also sets the logged-in principal and the challenger object in the Current object Line 198: */ Line 199: private boolean executeBasicAuthentication(HttpHeaders headers, HttpSession httpSession, boolean preferPersistentAuth, String path) { Line 200: System.out.println("executeBasicAuthentication"); ?? Line 201: boolean successful = false; Line 202: List<String> auth = headers.getRequestHeader(HttpHeaders.AUTHORIZATION); Line 203: if (auth != null && auth.size() != 0) { Line 204: Principal principal = scheme.decode(headers); -- To view, visit http://gerrit.ovirt.org/20197 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3994fce9e6e80de2d0ec9b253ad4ba47bb875f29 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Itamar Heim <ih...@redhat.com> Gerrit-Reviewer: Michael Pasternak <mishka8...@yahoo.com> Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
