Yair Zaslavsky has posted comments on this change. Change subject: AAA: Introduce usage of Acct ......................................................................
Patch Set 3: (4 comments) http://gerrit.ovirt.org/#/c/27070/3/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationFilter.java: Line 153: session.setAttribute(AUTHENTICATED_ATTR, true); Line 154: session.setAttribute(NAME_ATTR, name); Line 155: session.removeAttribute(STACK_ATTR); Line 156: req = new AuthenticatedRequestWrapper(req, name); Line 157: AcctUtils.reportAuthRecord(Acct.ReportReason.PRINCIPAL_LOGIN_NEGOTIATE, authRecord); > indent? Done Line 158: chain.doFilter(req, rsp); Line 159: return; Line 160: Line 161: case Authn.AuthResult.NEGOTIATION_UNAUTHORIZED: Line 160: Line 161: case Authn.AuthResult.NEGOTIATION_UNAUTHORIZED: Line 162: moveToNextProfile(session, stack); Line 163: AcctUtils.reportAuthRecord(Acct.ReportReason.PRINCIPAL_LOGIN_FAILED, authRecord); Line 164: > you should not report in this case as it is normal that extension returns u why not here after the for loop? don't i know in this case that i used all the extensions and could not login? Line 165: break; Line 166: Line 167: default: Line 168: moveToNextProfile(session, stack); Line 165: break; Line 166: Line 167: default: Line 168: moveToNextProfile(session, stack); Line 169: AcctUtils.reportAuthRecord(Acct.ReportReason.PRINCIPAL_LOGIN_FAILED, authRecord); > this is not login failure... it should not go into accounting, it is applic why? if this is one of the Auth.Result errors, isn't it considered to be a login failure? Line 170: log.error(String.format("An error has occurred during negotiation. Error code is %1$s", Line 171: output.<Integer> get(Authn.InvokeKeys.RESULT))); Line 172: Line 173: Line 169: AcctUtils.reportAuthRecord(Acct.ReportReason.PRINCIPAL_LOGIN_FAILED, authRecord); Line 170: log.error(String.format("An error has occurred during negotiation. Error code is %1$s", Line 171: output.<Integer> get(Authn.InvokeKeys.RESULT))); Line 172: Line 173: > remove? Done Line 174: } Line 175: } Line 176: Line 177: // If we are here then there are no more authenticators to try so we need to invalidate the session and reject -- To view, visit http://gerrit.ovirt.org/27070 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ief13d233d11b7ab32b328735b4f58ec7cffff567 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
