Oved Ourfali has uploaded a new change for review. Change subject: rest: after creating a REST session request without Prefer returns 401 ......................................................................
rest: after creating a REST session request without Prefer returns 401 This patch makes sure we take the http session in case it exists, even if the prefer auth header isn't set. That way, the last request without the prefer header will succeed, and then we would log out. Also, the first request with the prefer header will create a new session, as expected. Requests without the prefer header will not create a session, and no cookie will be returned. Change-Id: Ie61285212c4050bc6dc2c744b3d281648ea542ca Bug-Url: https://bugzilla.redhat.com/XXXXXX Signed-off-by: Oved Ourfali <oourf...@redhat.com> --- M backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java 1 file changed, 4 insertions(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/22/12522/1 diff --git a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java index bdfddef..8fc9fe1 100644 --- a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java +++ b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java @@ -84,10 +84,10 @@ boolean preferPersistentAuth = checkPersistentAuthentication(headers); boolean hasAuthorizationHeader = checkAuthorizationHeader(headers); - if (preferPersistentAuth) { - // Will create a new one if it is the first session, and then the "isNew" test below will return true - httpSession = getCurrentSession(true); - } + // Will create a new one if it is the first session, and we want to persist sessions + // (and then the "isNew" test below will return true) + // Otherwise, it will return null + httpSession = getCurrentSession(preferPersistentAuth); // If the session isn't new and doesn't carry authorization header, we validate it if (validator != null && httpSession != null && !httpSession.isNew() && !hasAuthorizationHeader) { -- To view, visit http://gerrit.ovirt.org/12522 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie61285212c4050bc6dc2c744b3d281648ea542ca Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Oved Ourfali <oourf...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
