Yair Zaslavsky has posted comments on this change. Change subject: Introduction of filters to unify AAA flows for UI and REST-API ......................................................................
Patch Set 52: (5 comments) http://gerrit.ovirt.org/#/c/28022/52/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java: Line 11: Line 12: public class FiltersHelper { Line 13: Line 14: public static class Constants { Line 15: public static final String REQUEST_AUTH_RECORD_KEY = "ovirt_aaa_auth_record"; > - Done Line 16: public static final String REQUEST_SCHEMES_KEY = "ovirt_aaa_schemes"; Line 17: public static final String REQUEST_PROFILE_KEY = "ovirt_aaa_profile"; Line 18: public static final String HEADER_AUTHORIZATION = "Authorization"; Line 19: public static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; Line 17: public static final String REQUEST_PROFILE_KEY = "ovirt_aaa_profile"; Line 18: public static final String HEADER_AUTHORIZATION = "Authorization"; Line 19: public static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; Line 20: public static final String HEADER_PREFER = "Prefer"; Line 21: public static final String JSESSIONID_COOKIE = "JSESSIONID"; > this ^ is header as well, no? can be both header, and the cookie name, what do u suggest? (i didnt put header intentionally). Line 22: } Line 23: Line 24: public static BackendLocal getBackend(Context context) { Line 25: http://gerrit.ovirt.org/#/c/28022/52/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java: Line 57: } Line 58: } Line 59: chain.doFilter(request, response); Line 60: try { Line 61: if (!persistentAuth && FiltersHelper.isAuthenticated(req)) { > I think I expect here: Done Line 62: InitialContext ctx = new InitialContext(); Line 63: try { Line 64: FiltersHelper.getBackend(ctx).runAction( Line 65: VdcActionType.LogoutBySession, Line 72: ctx.close(); Line 73: } Line 74: } else { Line 75: HttpSession session = req.getSession(false); Line 76: if (session != null && session.isNew() && session.getAttribute("async") != null && !Boolean.valueOf((boolean)session.getAttribute("async"))) { > please put "async" in constants, and prefix it with ovirt_aaa_ this has to do with rest-api behavior, i dont think we should prefix it with ovirt_aaa... i mean, this "constant" is used in other places in rest-api code. Line 77: ((HttpServletResponse)response).addHeader(FiltersHelper.Constants.JSESSIONID_COOKIE, session.getId()); Line 78: } Line 79: } Line 80: } catch (Exception ex) { http://gerrit.ovirt.org/#/c/28022/52/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java File backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java: Line 36: public void postProcess(ServerResponse response) { Line 37: HttpSession httpSession = getCurrentSession(false); Line 38: if (!current.get(MetaData.class).hasKey("async") || Line 39: (!(Boolean.TRUE.equals((Boolean) current.get(MetaData.class).get("async"))))) { Line 40: httpSession.setAttribute("async", false); > constant please, with ovirt_aaa_ prefix. see previous comment on constant value. HttpServletResponse is not accessible here, well, i can do the hack that provides the HttpServletRequest for response, but Juan has asked not to introduce any more of these hacks. Btw, HttpServletResponse has no "attribute" , and you don't want to use a header for that, right? Line 41: } Line 42: sessionHelper.clean(); Line 43: } Line 44: -- To view, visit http://gerrit.ovirt.org/28022 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073 Gerrit-PatchSet: 52 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Barak Azulay <bazu...@redhat.com> Gerrit-Reviewer: Einav Cohen <eco...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
