Alexander Wels has submitted this change and it was merged.
Change subject: webadmin: Use existing Engine session for REST API integration
......................................................................
webadmin: Use existing Engine session for REST API integration
Before this patch
=================
* WebAdmin login triggers creation of separate (logical) Engine session
through creation of new (physical) REST session using HTTP basic auth
-> REST session is acquired using current WebAdmin user credentials
-> REST session ID is provided to all UI plugins
* above causes two separate user login operations with same credentials
and therefore two "user has logged in" events in Engine server log
* acquired (physical) REST session, as well as corresponding (logical)
Engine session, are _NOT_ closed upon WebAdmin logout, even though
these sessions were created with WebAdmin user credentials
After this patch
================
* WebAdmin login _DOES NOT_ trigger creation of separate (logical)
Engine session; instead, it reuses existing Engine user session
-> REST session is still acquired, but instead of HTTP basic auth
credentials, we're passing existing Engine session auth token
to associate REST session with current user's Engine session
-> REST session ID is provided to all UI plugins
* above ensures single user login operation upon WebAdmin login
* since acquired REST session maps to existing Engine session,
WebAdmin user logout makes that REST session unusable, even if
the REST session itself is still alive
We use Prefer:new-auth to ensure that new REST session is created
on each WebAdmin login.
Important note for UI plugin developers
=======================================
REST session ID passed to UI plugins via "RestApiSessionAcquired"
hook, also represented by JSESSIONID cookie for /api, will become
unusable after WebAdmin logout.
Since UI plugins are active (invoked by the infra) only while the
user is authenticated, this shouldn't impact UI plugins that use
provided REST session (cookie) to talk directly with Engine.
Change-Id: Ic3905b3b5834a0f7327321e93064274df0d1db65
Bug-Url: https://bugzilla.redhat.com/1161734
Bug-Url: https://bugzilla.redhat.com/1161730
Signed-off-by: Vojtech Szocs <[email protected]>
---
M
frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java
M
frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/FrontendLoginHandler.java
M
frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/FrontendActionTest.java
M
frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
M
frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java
5 files changed, 91 insertions(+), 67 deletions(-)
Approvals:
Alexander Wels: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/35185
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic3905b3b5834a0f7327321e93064274df0d1db65
Gerrit-PatchSet: 4
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Vojtech Szocs <[email protected]>
Gerrit-Reviewer: Alexander Wels <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Daniel Erez <[email protected]>
Gerrit-Reviewer: Einav Cohen <[email protected]>
Gerrit-Reviewer: Kanagaraj M <[email protected]>
Gerrit-Reviewer: Martin Betak <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Tomas Jelinek <[email protected]>
Gerrit-Reviewer: Vojtech Szocs <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: [email protected]
Gerrit-Reviewer: oVirt Jenkins CI Server
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
