Juan Hernandez has uploaded a new change for review. Change subject: restapi: Forget HTTP session after invalidate ......................................................................
restapi: Forget HTTP session after invalidate Currently when the RESTAPI receives a request that contains a valid session identifier, but that doesn't require persistent authentication we invalidate the session. This is correct, but we also try to use that invalidated session later, which generates exceptions. To avoid that this patch makes sure that when the session is invalidated the variable that references it is also set to null. Change-Id: I88dcd37f80eb1fa85aa0441c3cbdfed18e84d5f3 Bug-Url: https://bugzilla.redhat.com/1091371 Signed-off-by: Juan Hernandez <juan.hernan...@redhat.com> (cherry picked from commit 638ec287b306c04ffbac7ba6122364d5b015e4ae) --- M backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/65/27165/1 diff --git a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java index 119ef03..f656121 100644 --- a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java +++ b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java @@ -107,6 +107,7 @@ // If the session isn't new but carries authorization header, we invalidate it first if (validator != null && httpSession != null) { httpSession.invalidate(); + httpSession = null; if (preferPersistentAuth) { httpSession = getCurrentSession(true); } @@ -142,6 +143,7 @@ // In this case we invalidate the session, so that a new one will be created on the next attempt if (httpSession != null) { httpSession.invalidate(); + httpSession = null; } } return response; -- To view, visit http://gerrit.ovirt.org/27165 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I88dcd37f80eb1fa85aa0441c3cbdfed18e84d5f3 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.4 Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
