[Engine-patches] Change in ovirt-engine[master]: aaa: Add Bearer and Negotiate auth filters

Mon, 15 Jun 2015 10:58:42 -0700 

Alon Bar-Lev has posted comments on this change.

Change subject: aaa: Add Bearer and Negotiate auth filters
......................................................................


Patch Set 1:

(2 comments)

https://gerrit.ovirt.org/#/c/42292/1/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SSOOAuthServiceUtils.java
File 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SSOOAuthServiceUtils.java:

Line 66:                     resp.encodeURL("password"),
Line 67:                     resp.encodeURL((String) payload.get("username")),
Line 68:                     resp.encodeURL(""),
Line 69:                     resp.encodeURL(scope),
Line 70:                     resp.encodeURL(jsonPayload)));
> the user group ids, principal id etc so login on behalf works seamlessly wi
we do not need this as authz is done at sso side.

we can pass the auth_record as proprietary artifact, but nothing else is 
required.
Line 71:             return getData(connection);
Line 72:         } finally {
Line 73:             if (connection != null) {
Line 74:                 connection.disconnect();


https://gerrit.ovirt.org/#/c/42292/1/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSORestApiBearerAuthFilter.java
File 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSORestApiBearerAuthFilter.java:

Line 17:         String headerValue = 
req.getHeader(FiltersHelper.Constants.HEADER_AUTHORIZATION);
Line 18:         if (headerValue != null && headerValue.startsWith("Bearer ")) {
Line 19:             try {
Line 20:                 createUserSession(req, 
FiltersHelper.getPayloadForToken(req, res,
Line 21:                         new 
String(Base64.decodeBase64(headerValue.substring("Bearer".length())), 
Charset.forName("UTF-8"))
> We are passing the token to tokenInfo servlet on SSO. The token Info servle
I still do not understand... The Bearer token should be used as-is.
Line 22:                 ));
Line 23:             } catch (Exception e) {
Line 24:                 log.error(e.getMessage());
Line 25:                 log.debug("Bearer Authentication with SSO failed", e);


-- 
To view, visit https://gerrit.ovirt.org/42292
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Idee5137430cefa7ca99c047cfd2d550222e5809a
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Ravi Nori <rn...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ravi Nori <rn...@redhat.com>
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to