Alon Bar-Lev has posted comments on this change. Change subject: aaa : Add engine sso ......................................................................
Patch Set 56: (7 comments) https://gerrit.ovirt.org/#/c/36119/56/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOServiceBatchServlet.java File backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOServiceBatchServlet.java: Line 180: } Line 181: } Line 182: Line 183: public static void getTokenPayload(HttpServletRequest request, HttpServletResponse response) throws IOException, GeneralSecurityException, SQLException { Line 184: String ssoToken = request.getParameter("sso_token"); > This is invoked for entity=token not a direct end point hmmm... so let's do this your way... have an enum of entities :))) Line 185: if (StringUtils.isEmpty(ssoToken) || Line 186: !((Map<String, Map>) request.getServletContext().getAttribute(SSOUtils.SSO_SESSION_DATA)).containsKey(ssoToken)) { Line 187: sendJsonDataWithMessage(response, STATUS_INVALID_TOKEN, Line 188: String.format("Payload not found for token %s", ssoToken)); https://gerrit.ovirt.org/#/c/36119/56/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOServiceInteractiveServlet.java File backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOServiceInteractiveServlet.java: > most comments from batch servlet apply ... Line 1: package org.ovirt.engine.core.sso.servlets; Line 2: Line 3: import org.apache.commons.lang.StringUtils; Line 4: import org.ovirt.engine.api.extensions.Base; Line 80: Line 81: @Override Line 82: public void init() throws ServletException { Line 83: commandsMap = new HashMap<>(); Line 84: commandsMap.put(LOGIN, Command.Login); please sync enum method with batch. Line 85: commandsMap.put(LOGOUT, Command.Logout); Line 86: commandsMap.put(TOKEN, Command.Token); Line 87: commandsMap.put(VERSION, Command.Version); Line 88: } Line 90: @Override Line 91: protected void service(HttpServletRequest request, HttpServletResponse response) Line 92: throws ServletException, IOException { Line 93: Line 94: String command = request.getParameter(COMMAND); sync Line 95: String version = request.getParameter(VERSION); Line 96: if (StringUtils.isEmpty(request.getParameter(SSOUtils.VERSION))) { Line 97: throw new RuntimeException("No version found in request."); Line 98: } Line 188: public static void getSsoVersion(HttpServletResponse response) throws IOException, ServletException { Line 189: response.getWriter().println(SSOUtils.SSO_VERSION); Line 190: } Line 191: Line 192: private static void getToken(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { > Added query entity for version and token. Currently did not change to retur not sure I understand... interactive should not return token at any time. Line 193: if (StringUtils.isEmpty(request.getParameter(SSOUtils.POST_COMMAND_URL))) { Line 194: throw new RuntimeException("No post action url found in request."); Line 195: } Line 196: https://gerrit.ovirt.org/#/c/36119/56/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOSessionListener.java File backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOSessionListener.java: Line 12: Line 13: @Override Line 14: public void sessionCreated(HttpSessionEvent se) { Line 15: String sso_token = SSOUtils.generateSsoToken(); Line 16: se.getSession().setAttribute(SSOUtils.SSO_TOKEN, sso_token); > What will be key for session data map if we don't generate sso_token here a it is ok to put sso token in session, but only for interactive protocol. the listener should only cleanup if exists, but the servlet should set it only if required. Line 17: ((Map<String, Map>) se.getSession().getServletContext().getAttribute(SSOUtils.SSO_SESSION_DATA)).put(sso_token, new HashMap<String, Object>()); Line 18: ((Map<String, HttpSession>) se.getSession().getServletContext().getAttribute(SSOUtils.SSO_SESSIONS)).put(sso_token, se.getSession()); Line 19: } Line 20: https://gerrit.ovirt.org/#/c/36119/56/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java File backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java: Line 61: return sessionData.get(SSO_PRINCIPAL_RECORD_ATTR_NAME) != null && Line 62: "true".equals(sessionData.get(SSO_IS_EXTERNAL_AUTHN)); Line 63: } Line 64: Line 65: public static void redirectToModule(HttpSession session, > This is used from Interactive servlet and LoginPhase4Servlet yes, I think that the phase4 can call the interactive interface. Line 66: HttpServletRequest request, Line 67: HttpServletResponse response) Line 68: throws IOException { Line 69: try { -- To view, visit https://gerrit.ovirt.org/36119 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I4894fc12653027271b6abd4dd5313b10593703fa Gerrit-PatchSet: 56 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
