[Engine-patches] Change in ovirt-engine[master]: webadmin: Small cleanup in RestApiSessionManager

Fri, 28 Nov 2014 12:11:44 -0800 

Vojtech Szocs has uploaded a new change for review.

Change subject: webadmin: Small cleanup in RestApiSessionManager
......................................................................

webadmin: Small cleanup in RestApiSessionManager

Acquiry of new session vs. keep-alive of existing session
logical scenarios represented by two separate methods.

REST CSRF token request header represented by a separate
String constant to avoid confusion with JSESSIONID header
containing actual REST session ID on HTTP response.

Change-Id: I98ad53785726c4ed1a8b1eaaf4fd473052496c3e
Signed-off-by: Vojtech Szocs <vsz...@redhat.com>
---
M 
frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
1 file changed, 25 insertions(+), 18 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/08/35708/1

diff --git 
a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
 
b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
index d6ead3f..b2fc7b2 100644
--- 
a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
+++ 
b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
@@ -67,10 +67,13 @@
 
     private static final Logger logger = 
Logger.getLogger(RestApiSessionManager.class.getName());
 
+    private static final String PREFER_HEADER = "Prefer"; //$NON-NLS-1$
     private static final String SESSION_ID_HEADER = "JSESSIONID"; //$NON-NLS-1$
+    private static final String CSRF_HEADER = SESSION_ID_HEADER;
+    private static final String ENGINE_AUTH_TOKEN_HEADER = 
"OVIRT-INTERNAL-ENGINE-AUTH-TOKEN"; //$NON-NLS-1$
+
     private static final String SESSION_ID_KEY = "RestApiSessionId"; 
//$NON-NLS-1$
     private static final String DEFAULT_SESSION_TIMEOUT = "30"; //$NON-NLS-1$
-    private static final String ENGINE_AUTH_TOKEN_HEADER = 
"OVIRT-INTERNAL-ENGINE-AUTH-TOKEN"; //$NON-NLS-1$
 
     // Heartbeat (delay) between REST API keep-alive requests
     private static final int SESSION_HEARTBEAT_MS = 1000 * 60; // 1 minute
@@ -96,34 +99,38 @@
     }
 
     /**
-     * Build HTTP request to acquire new or keep-alive existing REST API 
session.
-     * <p>
-     * The {@code engineAuthToken} is required only when creating new session. 
Once the session
-     * is created, {@code Prefer:persistent-auth} ensures that client receives 
the JSESSIONID
-     * cookie used to associate any subsequent requests with that session.
+     * Build HTTP request to keep-alive existing REST API session.
      */
-    RequestBuilder createRequest(String engineAuthToken) {
+    RequestBuilder createRequest() {
         RequestBuilder builder = new RequestBuilder(RequestBuilder.GET, 
restApiBaseUrl);
 
         // Control REST API session timeout
         builder.setHeader("Session-TTL", restApiSessionTimeout); //$NON-NLS-1$
 
         // Express additional preferences for serving this request
-        String preferValue = "persistent-auth, csrf-protection"; //$NON-NLS-1$
-        if (engineAuthToken != null) {
-            // Enforce expiry of existing session when acquiring new session
-            preferValue += ", new-auth"; //$NON-NLS-1$
-
-            // Map this (physical) REST API session to current user's 
(logical) Engine session
-            builder.setHeader(ENGINE_AUTH_TOKEN_HEADER, engineAuthToken);
-        }
-        builder.setHeader("Prefer", preferValue); //$NON-NLS-1$
+        builder.setHeader(PREFER_HEADER, "persistent-auth, csrf-protection"); 
//$NON-NLS-1$
 
         // Add CSRF token, this is needed due to Prefer:csrf-protection
         String sessionId = getSessionId();
         if (sessionId != null) {
-            builder.setHeader(SESSION_ID_HEADER, sessionId);
+            builder.setHeader(CSRF_HEADER, sessionId);
         }
+
+        return builder;
+    }
+
+    /**
+     * Build HTTP request to acquire new REST API session.
+     */
+    RequestBuilder createRequest(String engineAuthToken) {
+        RequestBuilder builder = createRequest();
+
+        // Enforce expiry of existing session when acquiring new session
+        String preferValue = builder.getHeader(PREFER_HEADER);
+        builder.setHeader(PREFER_HEADER, preferValue + ", new-auth"); 
//$NON-NLS-1$
+
+        // Map this (physical) REST API session to current user's (logical) 
Engine session
+        builder.setHeader(ENGINE_AUTH_TOKEN_HEADER, engineAuthToken);
 
         return builder;
     }
@@ -144,7 +151,7 @@
 
                 if (sessionId != null) {
                     // The browser takes care of sending JSESSIONID cookie for 
this request automatically
-                    sendRequest(createRequest(null), new 
RestApiRequestCallback());
+                    sendRequest(createRequest(), new RestApiRequestCallback());
 
                     // The session is still in use, proceed with the heartbeat
                     return true;


-- 
To view, visit http://gerrit.ovirt.org/35708
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I98ad53785726c4ed1a8b1eaaf4fd473052496c3e
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Vojtech Szocs <vsz...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to