Juan Hernandez has posted comments on this change. Change subject: Introduction of filters to unify AAA flows for UI and REST-API ......................................................................
Patch Set 47: (3 comments) http://gerrit.ovirt.org/#/c/28022/47/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/LoginFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/LoginFilter.java: Line 51: authRecord, Line 52: loginAsAdmin ? VdcActionType.LoginAdminUser : VdcActionType.LoginUser) Line 53: ); Line 54: if (returnValue.getSucceeded()) { Line 55: HttpSession session = req.getSession(true); > the session is created and destroyed later when logout is executed for rest No session should be created if the user didn't request persistent authentication. Otherwise the corresponding cookie will be sent as part of the headers, before the application generates the body and before the logout is performed. Line 56: session.setAttribute( Line 57: SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY, Line 58: returnValue.getSessionId() Line 59: ); http://gerrit.ovirt.org/#/c/28022/47/backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml File backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml: Line 13 Line 14 Line 15 Line 16 Line 17 > the engine is a mess, sometimes the slf4j is used and sometimes the commons There is no excuse to use commons-logging in new code. http://gerrit.ovirt.org/#/c/28022/47/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendResource.java File backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendResource.java: Line 282: backend.logoff(sh.sessionize(new LogoutUserParameters(user.getId()))); Line 283: HttpSession session = SessionUtils.getCurrentSession(false); Line 284: if (session != null) { Line 285: session.invalidate(); Line 286: } > please explain, what makes more difficult to migrate? what to avoid? Avoid using the session in the RESTAPI code. REST applications aren't supposed to use a session (as they should be stateless) thus the JAX-RS specification doesn't provide any standard way to access the session. Currently we are using a mechanism that works in JBoss AS 7 but not in Wildfly. Assuming that you can use it makes the migration harder. Line 287: } Line 288: sh.clean(); Line 289: } Line 290: } -- To view, visit http://gerrit.ovirt.org/28022 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073 Gerrit-PatchSet: 47 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Barak Azulay <bazu...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
