Alon Bar-Lev has posted comments on this change. Change subject: Introduction of filters to unify AAA flows for UI and REST-API ......................................................................
Patch Set 54: (3 comments) http://gerrit.ovirt.org/#/c/28022/54/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java: Line 56: SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY, Line 57: engineSessionId Line 58: ); Line 59: } else { Line 60: if (session.getAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY) != null) I think you must ask if session != null before ^, hence the above && session != null should be gotten to outer scope String engineSessionId = (String) req.getAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESS ION_ID_KEY); if (engineSessionId == null) { if (session != null) { engineSessionId = session.getAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY); if (engineSessionId != null) { req.setAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESS ION_ID_KEY, engineSessionId); } } } Line 61: request.setAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY, Line 62: session.getAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY)); Line 63: } Line 64: Line 82: session = req.getSession(false); Line 83: if (session != null && session.isNew() && req.getAttribute(FiltersHelper.Constants.REQUEST_ASYNC_KEY) == null Line 84: || !Boolean.valueOf((boolean) req.getAttribute(FiltersHelper.Constants.REQUEST_ASYNC_KEY))) { Line 85: ((HttpServletResponse) response).addHeader(FiltersHelper.Constants.HEADER_JSESSIONID_COOKIE, Line 86: session.getId()); I still do not understand why we cannot either always put the header or put the header only if async. Line 87: } Line 88: } Line 89: } Line 90: } catch (Exception ex) { http://gerrit.ovirt.org/#/c/28022/54/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java File backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java: Line 34: @Override Line 35: public void postProcess(ServerResponse response) { Line 36: if (current.get(MetaData.class).hasKey("async") && Line 37: Boolean.TRUE.equals((Boolean) current.get(MetaData.class).get("async"))) { Line 38: SessionUtils.getCurrentHttpServletRequest().setAttribute("ovirt_aaa_restapi_async", true); why don't you use the constant? Line 39: } Line 40: sessionHelper.clean(); Line 41: } Line 42: -- To view, visit http://gerrit.ovirt.org/28022 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073 Gerrit-PatchSet: 54 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Barak Azulay <bazu...@redhat.com> Gerrit-Reviewer: Einav Cohen <eco...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
