Alon Bar-Lev has posted comments on this change. Change subject: aaa: Engine session validation should be done against sso ......................................................................
Patch Set 7: (1 comment) https://gerrit.ovirt.org/#/c/38015/7/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java: Line 81: HttpURLConnection connection = null; Line 82: boolean isValid = false; Line 83: if (StringUtils.isNotEmpty(sessionId)) { Line 84: try { Line 85: connection = create(new URL("http://localhost/ovirt-engine/sso/validate-session?sso_session_id="; + sessionId)); this should be done over ssl if available, it also mean that the certificate trust store of sso should be separate from the store of the public. we can use http if host is 'localhost, 127.0.0.1 or ::1. in any case, this url should be in configuration and not hard coded, at least the prefix (up to sso). the http port should also be gotten out of configuration, and it depend if we use proxy or not. currently, this does not work in devenv. Line 86: connection.setDoInput(true); Line 87: connection.setDoOutput(false); Line 88: if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) { Line 89: isValid = true; -- To view, visit https://gerrit.ovirt.org/38015 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I72b0ed9802804e173d99f7d7f173e3e1d354a57f Gerrit-PatchSet: 7 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
