Alon Bar-Lev has uploaded a new change for review. Change subject: aaa: bll: generate engine session as plain random string ......................................................................
aaa: bll: generate engine session as plain random string Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1161734 Change-Id: I3f7e18e782c42990a19033c190b448f223b57634 Signed-off-by: Alon Bar-Lev <alo...@redhat.com> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java 1 file changed, 11 insertions(+), 3 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/45/35245/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java index eeef75e..86bef2b 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java @@ -1,5 +1,7 @@ package org.ovirt.engine.core.bll.aaa; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Collections; @@ -7,15 +9,15 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.UUID; +import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.time.DateUtils; import org.ovirt.engine.api.extensions.Base; import org.ovirt.engine.api.extensions.ExtMap; import org.ovirt.engine.api.extensions.aaa.Acct; -import org.ovirt.engine.api.extensions.aaa.Authn; import org.ovirt.engine.api.extensions.aaa.Authn.AuthRecord; +import org.ovirt.engine.api.extensions.aaa.Authn; import org.ovirt.engine.api.extensions.aaa.Authz; import org.ovirt.engine.api.extensions.aaa.Mapping; import org.ovirt.engine.core.aaa.AcctUtils; @@ -112,7 +114,13 @@ } private boolean attachUserToSession(AuthenticationProfile profile, ExtMap authRecord) { - engineSessionId = UUID.randomUUID().toString(); + try { + byte s[] = new byte[64]; + SecureRandom.getInstance("SHA1PRNG").nextBytes(s); + engineSessionId = new Base64(0).encodeToString(s); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } SessionDataContainer.getInstance().setUser(engineSessionId, getCurrentUser()); SessionDataContainer.getInstance().refresh(engineSessionId); SessionDataContainer.getInstance().setAuthn(engineSessionId, profile.getAuthn()); -- To view, visit http://gerrit.ovirt.org/35245 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3f7e18e782c42990a19033c190b448f223b57634 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
