Yair Zaslavsky has posted comments on this change. Change subject: aaa: Intorduce filters ......................................................................
Patch Set 21: (10 comments) http://gerrit.ovirt.org/#/c/28022/21/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java: Line 58: creds = new String( Line 59: Base64.decodeBase64(headerValue.substring("Basic".length())), Line 60: Charset.forName("UTF-8") Line 61: ).split(":", 2); Line 62: } catch (Throwable th) { > juan always suggest to catch Exception for all and not Throwable to not cat i agree. Line 63: log.error("Error in decoding ", th); Line 64: } Line 65: if (creds != null && creds.length == 2) { Line 66: handleCredentials(req, creds[0], creds[1]); http://gerrit.ovirt.org/#/c/28022/21/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java: Line 38: } Line 39: Line 40: public static boolean isAuthenticated(HttpServletRequest request) { Line 41: HttpSession session = request.getSession(false); Line 42: return session != null && session.getAttribute(Constants.SESSION_ENGINE_SESSION_ID_KEY) != null; > no... always check for value as well for security variables. it is right th I assume you mean by calling the session validation query , right? Line 43: } Line 44: http://gerrit.ovirt.org/#/c/28022/21/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/ForceLoginFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/ForceLoginFilter.java: Line 21: private String additionalSchemes; Line 22: Line 23: @Override Line 24: public void init(FilterConfig filterConfig) throws ServletException { Line 25: additionalSchemes = filterConfig.getInitParameter("schemes"); // Additional schemes, not reported by extensions > perform the split here if needed, set to empty to avoid null conditionals i Done Line 26: } Line 27: Line 28: @Override Line 29: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, Line 40: if (additionalSchemes != null) { Line 41: allSchemes.addAll(Arrays.asList(additionalSchemes.split(","))); Line 42: } Line 43: for (String scheme: allSchemes) { Line 44: if (scheme.equals("Basic")) { > get the entire string as init parameter and just append. Done Line 45: scheme = "Basic realm=\"ENGINE\""; Line 46: } Line 47: res.setHeader("WWW-Authenticate", scheme); Line 48: } http://gerrit.ovirt.org/#/c/28022/21/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/LoginFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/LoginFilter.java: Line 53: params.setSessionId(engineSessionId); Line 54: params.setActionType(loginAsAdmin ? VdcActionType.LoginAdminUser : VdcActionType.LoginUser); Line 55: InitialContext context = new InitialContext(); Line 56: try { Line 57: HttpSession session = req.getSession(true); > no need. Done Line 58: if (FiltersHelper.getBackend(context).login(params).getSucceeded()) { Line 59: session.setAttribute( Line 60: FiltersHelper.Constants.SESSION_AUTHENTICATED_KEY, Line 61: engineSessionId Line 60: FiltersHelper.Constants.SESSION_AUTHENTICATED_KEY, Line 61: engineSessionId Line 62: ); Line 63: } Line 64: VdcQueryReturnValue result = FiltersHelper.getBackend(context).runPublicQuery(VdcQueryType.GetConfigurationValue, > how come you continue at negative path of login? Done Line 65: new GetConfigurationValueParameters(ConfigurationValues.ApplicationMode, ConfigCommon.defaultConfigurationVersion)); Line 66: ApplicationMode appMode = null; Line 67: if (result.getSucceeded()) { Line 68: appMode = ApplicationMode.from((Integer) result.getReturnValue()); Line 68: appMode = ApplicationMode.from((Integer) result.getReturnValue()); Line 69: } Line 70: else { Line 71: appMode = ApplicationMode.AllModes; Line 72: } > why do you do anything if failed? Done Line 73: session.setAttribute(FiltersHelper.Constants.SESSION_APPLICATION_MODE_KEY, appMode); Line 74: } finally { Line 75: context.close(); Line 76: } Line 75: context.close(); Line 76: } Line 77: } Line 78: } Line 79: chain.doFilter(request, response); > remove this from try/catch scope Done Line 80: } catch (Exception ex) { Line 81: log.error(String.format("Error in login to engine. Message is: %1$s", ex.getMessage())); Line 82: ((HttpServletResponse) response).sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); Line 83: } http://gerrit.ovirt.org/#/c/28022/21/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionValidationFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionValidationFilter.java: Line 62: log.error(msg); Line 63: if (log.isDebugEnabled()) { Line 64: log.debug("", ex); Line 65: } Line 66: ((HttpServletResponse) response).sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); > I see now... in order to remove the doFilter outside of try/catch scope we ok, this is a good point. i agree, and i'll change in relevant filters. Line 67: } Line 68: } Line 69: Line 70: @Override http://gerrit.ovirt.org/#/c/28022/21/backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml File backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml: Line 13 Line 14 Line 15 Line 16 Line 17 > if you add commons logging, please remove the slf4j usage from this module. right, i should also add commons.codec for the sake of base64 decoding. -- To view, visit http://gerrit.ovirt.org/28022 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073 Gerrit-PatchSet: 21 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Barak Azulay <bazu...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
