Yair Zaslavsky has posted comments on this change. Change subject: aaa: Intorduce filters ......................................................................
Patch Set 13: (1 comment) I went over again, what comments in #7 were not addressed? >From what I see I addressed most of them. I looked at the wiki of http://www.ovirt.org/Features/RESTSessionManagement again, and I still have doubts that maybe this should be the first filter for rest-api. As you can see in the first flow (which was eventually accepted) - the session validation is only the 2nd step and later when JSESSIONID is sent. What do you think? http://gerrit.ovirt.org/#/c/28022/13/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java: Line 34: HttpServletResponse resp = (HttpServletResponse) response; Line 35: boolean persistentAuth = "persistent-auth".equals(req.getHeader("Prefer")); Line 36: if (persistentAuth && req.getHeader("Authorization") != null) { //No need to pass credentials again - if passed, login should be called Line 37: if (req.getSession(false) != null) { Line 38: req.getSession().setAttribute(FiltersHelper.Constants.AUTHENTICATED_KEY, "false"); > can you please explain why to put false? the absent of property is a good m I will fix that. I can use removeAttribute, but anyway I looked here again and I should take into account the Cookie as well. Line 39: } Line 40: } Line 41: chain.doFilter(request, response); Line 42: HttpSession session = req.getSession(false); -- To view, visit http://gerrit.ovirt.org/28022 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073 Gerrit-PatchSet: 13 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Barak Azulay <bazu...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
