Martin Peřina has posted comments on this change. Change subject: aaa: Fix Audit log and can do action msgs handling in ldap broker. ......................................................................
Patch Set 5: (6 comments) http://gerrit.ovirt.org/#/c/25529/5/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/internal/InternalAuthenticator.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/internal/InternalAuthenticator.java: Line 20: @Override Line 21: public void authenticate(String user, String password) { Line 22: String adminName = Config.<String> getValue(ConfigValues.AdminUser); Line 23: String adminPassword = Config.<String> getValue(ConfigValues.AdminPassword); Line 24: if (!ObjectUtils.equals(user, adminName) && ObjectUtils.equals(password, adminPassword)) { Shouldn't the condition be: !ObjectUtils.equals(user, adminName) || !ObjectUtils.equals(password, adminPassword) ? Line 25: throw new AAAExtensionException(AAAExtensionException.AAAExtensionError.INCORRET_CREDENTIALS, ""); Line 26: } Line 27: } Line 28: http://gerrit.ovirt.org/#/c/25529/5/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java: Line 34: public abstract class LoginBaseCommand<T extends LoginUserParameters> extends CommandBase<T> { Line 35: protected static final Log log = LogFactory.getLog(LoginBaseCommand.class); Line 36: Line 37: private static final EnumMap<AAAExtensionError, AuditLogType> auditLogMap = new EnumMap<>(AAAExtensionError.class); Line 38: private static final Map<AAAExtensionError, VdcBllMessages> vdcBllMessagesMap = new HashMap<>(); Why isn't EnumMap used also here? Line 39: Line 40: static { Line 41: auditLogMap.put(AAAExtensionError.CREDENTIALS_EXPIRED, AuditLogType.USER_ACCOUNT_PASSWORD_EXPIRED); Line 42: auditLogMap.put(AAAExtensionError.GENERAL_ERROR, AuditLogType.USER_VDC_LOGIN_FAILED); http://gerrit.ovirt.org/#/c/25529/5/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapBrokerCommandBase.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapBrokerCommandBase.java: Line 106: } Line 107: Line 108: @Override Line 109: public LdapReturnValueBase execute() { Line 110: boolean exceptionOccured = true; exceptionOccurred Line 111: try { Line 112: log.debugFormat("Running LDAP command: {0}", getClass().getName()); Line 113: String loginNameForKerberos = Line 114: LdapBrokerUtils.modifyLoginNameForKerberos(getLoginName(), getAuthenticationDomain()); http://gerrit.ovirt.org/#/c/25529/5/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java File frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java: Line 1056: Line 1057: @DefaultStringValue("Login failed. Please verify your login information or contact the system administrator.") Line 1058: String USER_FAILED_TO_AUTHENTICATE(); Line 1059: Line 1060: @DefaultStringValue("ogin failed. One or more servers that are needed for completion of the login process is not available.") Login Line 1061: String USER_FAILED_TO_AUTHENTICATE_SERVER_IS_NOT_AVAILABLE(); Line 1062: Line 1063: @DefaultStringValue("Login failed. A timeout has occurred to one or more of the servers that participate in the login process.") Line 1064: String USER_FAILED_TO_AUTHENTICATE_TIMED_OUT(); http://gerrit.ovirt.org/#/c/25529/5/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties File frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties: Line 351: USER_CANNOT_ATTACH_TO_VM_ALREADY_ATTACHED=User is already attached to VM Line 352: USER_CANNOT_ATTACH_TO_VM_NOT_ATTACHED=The user is not attached to this VM. Line 353: USER_FAILED_TO_AUTHENTICATE=Login failed. Please verify your login information or contact the system administrator. Line 354: USER_FAILED_TO_AUTHENTICATE_TIMED_OUT=Login failed. A timeout has occurred to one or more of the servers that participate in the login process. Line 355: USER_FAILED_TO_AUTHENTICATE_SERVER_IS_NOT_AVAILABLE =login failed. One or more servers that are needed for completion of the login process is not available. Login failed ... And also please remove space before '=' Line 356: USER_FAILED_TO_AUTHENTICATE_KERBEROS_ERROR=Login failed. Client not found in kerberos database. Please verify your login information or contact the system administrator. Line 357: USER_FAILED_TO_AUTHENTICATION_WRONG_AUTHENTICATION_METHOD=Login failed (Authentication Failed).\n\ Line 358: - Please verify that the correct authentication method is used in your system. Line 359: VMT_CLUSTER_IS_NOT_VALID=Cannot ${action} ${type}. Cluster ID is not valid. http://gerrit.ovirt.org/#/c/25529/5/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties File frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties: Line 375: USER_CANNOT_ATTACH_TO_VM_ALREADY_ATTACHED=User is already attached to VM Line 376: USER_CANNOT_ATTACH_TO_VM_NOT_ATTACHED=The user is not attached to this VM. Line 377: USER_FAILED_TO_AUTHENTICATE=Login failed. Please verify your login information or contact the system administrator. Line 378: USER_FAILED_TO_AUTHENTICATE_TIMED_OUT=Login failed. A timeout has occurred to one or more of the servers that participate in the login process. Line 379: USER_FAILED_TO_AUTHENTICATE_SERVER_IS_NOT_AVAILABLE =login failed. One or more servers that are needed for completion of the login process is not available. Login failed ... And also please remove space before '=' Line 380: USER_FAILED_TO_AUTHENTICATE_KERBEROS_ERROR=Login failed. Client not found in kerberos database. Please verify your login information or contact the system administrator. Line 381: USER_FAILED_TO_AUTHENTICATION_WRONG_AUTHENTICATION_METHOD=Login failed (Authentication Failed).\n\ Line 382: - Please verify that the correct authentication method is used in your system. Line 383: VMT_CLUSTER_IS_NOT_VALID=Cannot ${action} ${type}. Cluster ID is not valid. -- To view, visit http://gerrit.ovirt.org/25529 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I8b0b024d27a92f620bb60e4689264bc6b3c3eda1 Gerrit-PatchSet: 5 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Martin Peřina <mper...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
