[Engine-patches] Change in ovirt-engine[master]: restapi: generate new JSESSIONID when Authorization header s...

Mon, 10 Dec 2012 04:41:08 -0800 

Michael Pasternak has uploaded a new change for review.

Change subject: restapi: generate new JSESSIONID when Authorization header 
specified
......................................................................

restapi: generate new JSESSIONID when Authorization header specified

Change-Id: Id586d3cb143e15a95720b2aeb8a9e4ae62f2b72c
Signed-off-by: Michael Pasternak <mpast...@redhat.com>
---
M 
backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java
1 file changed, 7 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/20/9820/1

diff --git 
a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java
 
b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java
index 1f9df3f..83958d6 100644
--- 
a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java
+++ 
b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java
@@ -81,14 +81,20 @@
         boolean successful = false;
         HttpHeaders headers = request.getHttpHeaders();
         boolean preferPersistentAuth = checkPersistentAuthentication(headers);
+        List<String> requestHeaders = 
headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
 
         // Will create a new one if it is the first session, and then the 
"isNew" test below will return true
         HttpSession httpSession = getCurrentSession(true);
 
         // If the session isn't a new session then we validate it, otherwise 
we authenticate
-        if (validator != null && httpSession != null && !httpSession.isNew()) {
+        if (validator != null && httpSession != null && !httpSession.isNew()
+                && !(requestHeaders != null && !requestHeaders.isEmpty())) {
             successful = executeSessionValidation(httpSession, 
preferPersistentAuth);
         } else {
+            if (validator != null && httpSession != null && 
!httpSession.isNew()) {
+                httpSession.invalidate();
+                httpSession = getCurrentSession(true);
+            }
             successful = executeBasicAuthentication(headers, httpSession, 
preferPersistentAuth);
         }
 


--
To view, visit http://gerrit.ovirt.org/9820
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id586d3cb143e15a95720b2aeb8a9e4ae62f2b72c
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Michael Pasternak <mpast...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to