[Engine-patches] Change in ovirt-engine[ovirt-engine-3.5]: webadmin: Adapt UI plugin infra REST session timeout

vszocs Fri, 09 Jan 2015 07:29:20 -0800

Vojtech Szocs has uploaded a new change for review.

Change subject: webadmin: Adapt UI plugin infra REST session timeout
......................................................................


webadmin: Adapt UI plugin infra REST session timeout

Engine session expiration happens through periodic job
(SessionDataContainer#cleanExpiredUsersSessions) whose
periodicity is the same as Engine session timeout value
(UserSessionTimeOutInterval).

Because of that, Engine sessions can stay active up to
2 * UserSessionTimeOutInterval. Refer to Einav's comment
at http://gerrit.ovirt.org/#/c/36622/ for details.

In this patch, we adapt REST session timeout to be
2 * UserSessionTimeOutInterval.

Change-Id: Ifa95dba9b1f9647369bd817995c1cbd86f1e528f
Bug-Url: https://bugzilla.redhat.com/1172726
Bug-Url: https://bugzilla.redhat.com/1168842
Signed-off-by: Vojtech Szocs <vsz...@redhat.com>
---
M 
frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
1 file changed, 19 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/38/36738/1

diff --git 
a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
 
b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
index d68fc0f..f019b83 100644
--- 
a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
+++ 
b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
@@ -71,8 +71,9 @@
 
     private static final String SESSION_ID_HEADER = "JSESSIONID"; //$NON-NLS-1$
     private static final String SESSION_ID_KEY = "RestApiSessionId"; 
//$NON-NLS-1$
-    private static final String DEFAULT_SESSION_TIMEOUT = "30"; //$NON-NLS-1$
     private static final String ENGINE_AUTH_TOKEN_HEADER = 
"OVIRT-INTERNAL-ENGINE-AUTH-TOKEN"; //$NON-NLS-1$
+
+    private static final int DEFAULT_ENGINE_SESSION_TIMEOUT = 30;
 
     // Heartbeat (delay) between REST API keep-alive requests
     private static final int SESSION_HEARTBEAT_MS = 1000 * 60; // 1 minute
@@ -80,7 +81,7 @@
     private final EventBus eventBus;
     private final String restApiBaseUrl;
 
-    private String restApiSessionTimeout = DEFAULT_SESSION_TIMEOUT;
+    private int restApiSessionTimeout;
     private String restApiSessionId;
 
     private boolean refreshRestApiSession = false;
@@ -94,6 +95,7 @@
         // this causes problems in other applications, for example in the 
reports application.
         this.restApiBaseUrl = BaseContextPathData.getInstance().getPath() + 
"api/"; //$NON-NLS-1$
 
+        setSessionTimeout(DEFAULT_ENGINE_SESSION_TIMEOUT);
         eventBus.addHandler(EngineSessionRefreshedEvent.getType(), this);
     }
 
@@ -104,8 +106,20 @@
         }
     }
 
-    public void setSessionTimeout(String sessionTimeout) {
-        this.restApiSessionTimeout = sessionTimeout;
+    public void setSessionTimeout(String engineSessionTimeout) {
+        try {
+            setSessionTimeout(Integer.valueOf(engineSessionTimeout));
+        } catch (NumberFormatException ex) {
+            setSessionTimeout(DEFAULT_ENGINE_SESSION_TIMEOUT);
+        }
+    }
+
+    public void setSessionTimeout(int engineSessionTimeout) {
+        // Engine session expiration happens through periodic 
"cleanExpiredUsersSessions" job
+        // whose periodicity is same as Engine session timeout 
(UserSessionTimeOutInterval).
+        // Because of that, Engine sessions can stay active up to 2 * 
UserSessionTimeOutInterval
+        // so we adapt REST API session timeout accordingly.
+        restApiSessionTimeout = 2 * engineSessionTimeout;
     }
 
     /**
@@ -119,7 +133,7 @@
         RequestBuilder builder = new RequestBuilder(RequestBuilder.GET, 
restApiBaseUrl);
 
         // Control REST API session timeout
-        builder.setHeader("Session-TTL", restApiSessionTimeout); //$NON-NLS-1$
+        builder.setHeader("Session-TTL", 
String.valueOf(restApiSessionTimeout)); //$NON-NLS-1$
 
         // Express additional preferences for serving this request
         String preferValue = "persistent-auth, csrf-protection"; //$NON-NLS-1$


-- 
To view, visit http://gerrit.ovirt.org/36738
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifa95dba9b1f9647369bd817995c1cbd86f1e528f
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Vojtech Szocs <vsz...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[ovirt-engine-3.5]: webadmin: Adapt UI plugin infra REST session timeout

Reply via email to