Alon Bar-Lev has posted comments on this change. Change subject: core, engine: servlet to support the console proxy ......................................................................
Patch Set 8: (2 comments) https://gerrit.ovirt.org/#/c/35887/8/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/VMConsoleProxyServlet.java File backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/VMConsoleProxyServlet.java: Line 134: return buffer.toString(); Line 135: } Line 136: Line 137: private String validateTicket(String ticket) throws GeneralSecurityException, IOException { Line 138: TicketDecoder ticketDecoder = new TicketDecoder(EngineEncryptionUtils.getTrustStore(), null, null, 10000); please do not hardcode timeout but get it from configuration. please initialize using EKU, so that based on EKU we can determine if remote is authorized to request that data. this eku should be added to README.oid engine.x509.eku.vmconsole-proxy = .1.2.1.1 the full oid will be 1.3.6.1.4.1.2312.13.1.2.1.1 Line 139: return ticketDecoder.decode(ticket); Line 140: } Line 141: Line 142: private Map<String, Object> buildResult(String content_type, String content_id, Object content) { https://gerrit.ovirt.org/#/c/35887/8/backend/manager/modules/services/src/main/webapp/WEB-INF/web.xml File backend/manager/modules/services/src/main/webapp/WEB-INF/web.xml: Line 136: <servlet-class>org.ovirt.engine.core.services.VMConsoleProxyServlet</servlet-class> Line 137: </servlet> Line 138: <servlet-mapping> Line 139: <servlet-name>vmconsole-proxy</servlet-name> Line 140: <url-pattern>/vmconsole-proxy/*</url-pattern> why /*? Line 141: </servlet-mapping> Line 142: Line 143: <!-- PageNotFoundForward Servlet --> Line 144: <servlet> -- To view, visit https://gerrit.ovirt.org/35887 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I53c721da21cefcf4069d14c7016b6f7d97f9eac9 Gerrit-PatchSet: 8 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Vitor de Lima <vdel...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Arik Hadas <aha...@redhat.com> Gerrit-Reviewer: Eli Mesika <emes...@redhat.com> Gerrit-Reviewer: Francesco Romani <from...@redhat.com> Gerrit-Reviewer: Omer Frenkel <ofren...@redhat.com> Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Shahar Havivi <shav...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <wallaroo1...@gmail.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
