[Engine-patches] Change in ovirt-engine[master]: aaa: Add support for rest api Basic auth

Mon, 04 May 2015 13:56:33 -0700 

Alon Bar-Lev has posted comments on this change.

Change subject: aaa: Add support for rest api Basic auth
......................................................................


Patch Set 10:

(2 comments)

https://gerrit.ovirt.org/#/c/37786/10/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSORestApiLoginFilter.java
File 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSORestApiLoginFilter.java:

Line 51:         try {
Line 52:             if (!FiltersHelper.isAuthenticated(req) || 
!FiltersHelper.isSessionValid(getSessionId((HttpServletRequest) request))) {
Line 53:                 authenticateWithSSO(req);
Line 54:             }
Line 55:             chain.doFilter(request, response);
don't you need to logout if not persistent?
Line 56:         } catch (NamingException ex) {
Line 57:             log.error("Unable to get reference to backend bean.", ex);
Line 58:             throw new RuntimeException(ex);
Line 59:         }


Line 85:     private void authenticateWithSSO(HttpServletRequest req) throws 
ServletException {
Line 86:         String headerAuthorization = 
req.getHeader(FiltersHelper.Constants.HEADER_AUTHORIZATION);
Line 87:         HttpURLConnection connection = null;
Line 88:         try {
Line 89:             connection = create(new 
URL("http://localhost/ovirt-engine/sso/login-credentials";));
same comment as the other place, should be https (maybe can be http when 
localhost) and the url should be configurable, and the port should be set as 
per if we use proxy or not. this is not working in devenv, I wounder how it 
worked for me.
Line 90:             connection.setDoInput(true);
Line 91:             connection.setDoOutput(true);
Line 92:             connection.setRequestMethod("POST");
Line 93:             
connection.setRequestProperty(FiltersHelper.Constants.HEADER_AUTHORIZATION, 
headerAuthorization);


-- 
To view, visit https://gerrit.ovirt.org/37786
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ib5f6975f2d306a4dc2d81b795ab4905e5d3281a1
Gerrit-PatchSet: 10
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Ravi Nori <rn...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ravi Nori <rn...@redhat.com>
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to