Alon Bar-Lev has uploaded a new change for review. Change subject: aaa: add authn negotiation priority ......................................................................
aaa: add authn negotiation priority Topic: AAA Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1120720 Change-Id: I1bb8803e44fbc75ff91c0b6791491ced58eff6d5 Signed-off-by: Alon Bar-Lev <alo...@redhat.com> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java M backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authn.java 3 files changed, 27 insertions(+), 3 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/20/32920/1 diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java index 4ccc24d..6abac58 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java @@ -22,6 +22,8 @@ private ExtensionProxy mapper; + private int negotiationPriority; + /** * Create a new authentication profile with the given name, authenticator and directory. * @@ -31,11 +33,12 @@ * authenticated */ public AuthenticationProfile(ExtensionProxy authn, ExtensionProxy authz, ExtensionProxy mapper) { - this.name = authn.getContext().<Properties> get(Base.ContextKeys.CONFIGURATION) - .getProperty(Authn.ConfigKeys.PROFILE_NAME); + Properties config = authn.getContext().<Properties> get(Base.ContextKeys.CONFIGURATION); + this.name = config.getProperty(Authn.ConfigKeys.PROFILE_NAME); this.authn = authn; this.authz = authz; this.mapper = mapper; + this.negotiationPriority = Integer.valueOf(config.getProperty(Authn.ConfigKeys.NEGOTIATION_PRIORITY, "50")); } /** @@ -63,4 +66,8 @@ public ExtensionProxy getMapper() { return mapper; } + + public int getNegotiationPriority() { + return negotiationPriority; + } } diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java index a82c075..8e05e22 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java @@ -5,6 +5,7 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import java.util.Comparator; import java.util.Deque; import java.util.List; @@ -84,11 +85,21 @@ if (profile != null) { ExtMap authnContext = profile.getAuthn().getContext(); if ((authnContext.<Long> get(Authn.ContextKeys.CAPABILITIES).longValue() & caps) != 0) { - profiles.add(0, profile); + profiles.add(profile); schemes.addAll(authnContext.<Collection<String>>get(Authn.ContextKeys.HTTP_AUTHENTICATION_SCHEME, Collections.<String>emptyList())); } } } + + Collections.sort( + profiles, + new Comparator<AuthenticationProfile>() { + @Override + public int compare(AuthenticationProfile o1, AuthenticationProfile o2) { + return Integer.valueOf(o1.getNegotiationPriority()).compareTo(o2.getNegotiationPriority()); + } + } + ); } } } diff --git a/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authn.java b/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authn.java index ba07bfe..b50fd37 100644 --- a/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authn.java +++ b/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authn.java @@ -22,6 +22,12 @@ public static final String AUTHZ_PLUGIN = "ovirt.engine.aaa.authn.authz.plugin"; /** Optional mapping extension name. */ public static final String MAPPING_PLUGIN = "ovirt.engine.aaa.authn.mapping.plugin"; + /** + * Negotiation priority. + * Less is higher priority. + * Default: 50. + */ + public static final String NEGOTIATION_PRIORITY = "ovirt.engine.aaa.authn.negotiation.priority"; } /** -- To view, visit http://gerrit.ovirt.org/32920 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1bb8803e44fbc75ff91c0b6791491ced58eff6d5 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
