Alon Bar-Lev has posted comments on this change. Change subject: aaa : Add engine sso ......................................................................
Patch Set 59: (4 comments) https://gerrit.ovirt.org/#/c/36119/59/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOServiceInteractiveServlet.java File backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOServiceInteractiveServlet.java: Line 49: setRequestId(request, response); Line 50: } Line 51: public String getName() { Line 52: return "request-id"; Line 53: } > lets engine set request-id in session we do not need this, the login should accept requestId, see the doc. Line 54: }, Line 55: Switch() { Line 56: public void execute(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Line 57: switchUser(request, response); Line 116: } Line 117: Line 118: private static void login(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Line 119: log.debug("Entered login queryString: {}", request.getQueryString()); Line 120: if (StringUtils.isEmpty(request.getParameter(SSOUtils.POST_COMMAND_URL))) { > The exception thrown from the methods are captured by the service method an no... the error_url :) Line 121: throw new RuntimeException("No post command url found in request."); Line 122: } Line 123: Line 124: if (!request.getParameterMap().isEmpty()) { Line 171: } Line 172: SSOUtils.redirectToModule(request, response); Line 173: } Line 174: Line 175: private static void setRequestId(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { > From what I understand, engine generates a request id and sets it in sessio the request id should be parameter for the login, it is only used for the login, to be able to fetch the sso token at backend channel. Line 176: log.debug("Performing set request id queryString: {}", request.getQueryString()); Line 177: if (StringUtils.isEmpty(request.getParameter(SSOUtils.POST_COMMAND_URL))) { Line 178: throw new RuntimeException("No post command url found in request."); Line 179: } https://gerrit.ovirt.org/#/c/36119/59/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java File backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java: Line 279: put(requestId, (String) request.getSession(true).getAttribute(SSOUtils.SSO_TOKEN)); Line 280: } Line 281: } Line 282: Line 283: public static void removeRequestIdFromContext(ServletContext ctx, String requestId) { > The request id is valid only for 1 request so I remove it after the request it can be done in the getSsoTokenForRequestId as atomic, no? Line 284: if (StringUtils.isNotEmpty(requestId)) { Line 285: ((Map<String, String>) ctx.getAttribute(SSOUtils.REQUEST_ID_TO_TOKEN_MAP)).remove(requestId); Line 286: } Line 287: } -- To view, visit https://gerrit.ovirt.org/36119 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I4894fc12653027271b6abd4dd5313b10593703fa Gerrit-PatchSet: 59 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
