Vojtech Szocs has posted comments on this change. Change subject: Introduction of filters to unify AAA flows for UI and REST-API ......................................................................
Patch Set 47: Code-Review+1 (5 comments) Some minor comments, looks good otherwise. I'll still need to test if UI plugin vs. REST API integration works as before. http://gerrit.ovirt.org/#/c/28022/47/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EnforceAuthFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EnforceAuthFilter.java: Line 17: import javax.servlet.http.HttpServletResponse; Line 18: Line 19: public class EnforceAuthFilter implements Filter { Line 20: Line 21: private List<String> additionalSchemes = new ArrayList<>(); Consider making this field final. Line 22: Line 23: @Override Line 24: public void init(FilterConfig filterConfig) throws ServletException { Line 25: for (String paramName : Collections.list(filterConfig.getInitParameterNames())) { http://gerrit.ovirt.org/#/c/28022/47/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/InvalidateSessionIfAuthorizationHeaderFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/InvalidateSessionIfAuthorizationHeaderFilter.java: Line 20: @Override Line 21: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, Line 22: ServletException { Line 23: HttpServletRequest req = (HttpServletRequest) request; Line 24: if ((req.getHeader("Authorization") != null)) { You can use FiltersHelper.Constants.HEADER_AUTHORIZATION here. Line 25: // No need to pass credentials again - if passed, login should be called Line 26: HttpSession session = req.getSession(false); Line 27: if (session != null) { Line 28: session.invalidate(); http://gerrit.ovirt.org/#/c/28022/47/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java: Line 38: Line 39: chain.doFilter(request, response); Line 40: HttpServletRequest req = (HttpServletRequest)request; Line 41: Line 42: if (Collections.list(req.getHeaders("Prefer")).contains("persistent-auth")) { You can use FiltersHelper.Constants.HEADER_PREFER here. Line 43: HttpSession session = req.getSession(); Line 44: try { Line 45: int ttlValue = Integer.parseInt(req.getHeader("Session-TTL")) * SECONDS_IN_MINUTE; Line 46: if (ttlValue >= MINIMAL_SESSION_TTL) { Line 41: Line 42: if (Collections.list(req.getHeaders("Prefer")).contains("persistent-auth")) { Line 43: HttpSession session = req.getSession(); Line 44: try { Line 45: int ttlValue = Integer.parseInt(req.getHeader("Session-TTL")) * SECONDS_IN_MINUTE; You can use FiltersHelper.Constants.SESSION_TTL here, but since this is REST API persistent session feature-specific header name, it can stay like this too, it's up to you. Line 46: if (ttlValue >= MINIMAL_SESSION_TTL) { Line 47: session = req.getSession(true); Line 48: session.setMaxInactiveInterval(ttlValue); Line 49: } http://gerrit.ovirt.org/#/c/28022/47/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/LoginUserParameters.java File backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/LoginUserParameters.java: Line 8: Line 9: private static class AuthenticationInformation { Line 10: private String loginName; Line 11: private String password; Line 12: private Object authRecord; >From GWT client perspective, you could put transient here to explicitly >indicate that this field won't be part of GWT RPC serialization policy, and >therefore won't be transferred between client and server. Not sure if above suggestion is acceptable from Java server perspective. Line 13: } Line 14: Line 15: private AuthenticationInformation authInfo; Line 16: -- To view, visit http://gerrit.ovirt.org/28022 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073 Gerrit-PatchSet: 47 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Barak Azulay <bazu...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
