[Engine-patches] Change in ovirt-engine[master]: aaa: Intorduce filters

Wed, 28 May 2014 02:33:29 -0700 

Alon Bar-Lev has posted comments on this change.

Change subject: aaa: Intorduce filters
......................................................................


Patch Set 24:

(2 comments)

http://gerrit.ovirt.org/#/c/28022/24/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java
File 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java:

Line 47:                     } catch (NumberFormatException ex) {
Line 48:                         log.error("Session-TTL header was not passed. 
Not setting TTL value");
Line 49:                     }
Line 50:                 }
Line 51:                 if ((req.getHeader("Authorization") != null)) {
> as far as I saw in the wiki, if u pass authorization header again, you need
so move this filter after the nego filter and remove this check as you will be 
already authenticated.
Line 52:                     // No need to pass credentials again - if passed, 
login should be called
Line 53:                     if (session != null) {
Line 54:                         
session.removeAttribute(FiltersHelper.Constants.HTTP_SESSION_ENGINE_SESSION_ID_KEY);
Line 55:                     }


Line 52:                     // No need to pass credentials again - if passed, 
login should be called
Line 53:                     if (session != null) {
Line 54:                         
session.removeAttribute(FiltersHelper.Constants.HTTP_SESSION_ENGINE_SESSION_ID_KEY);
Line 55:                     }
Line 56:                 }
> from what i saw, the HTTP session is kept, if i send back the JSESSIONID co
no... it is not kept.... this is the entire idea of using the prefer header, to 
be able to set previous session on this new request.
Line 57:             }
Line 58:             chain.doFilter(request, response);
Line 59:             if (FiltersHelper.isAuthenticated(req)) {
Line 60:                 session = req.getSession();


-- 
To view, visit http://gerrit.ovirt.org/28022
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073
Gerrit-PatchSet: 24
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Barak Azulay <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: [email protected]
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to