On Thu, Apr 4, 2013 at 7:59 PM, Donal Lafferty <donal.laffe...@citrix.com>wrote:
> > > > -----Original Message----- > > From: rohityada...@gmail.com [mailto:rohityada...@gmail.com] On Behalf > > Of Rohit Yadav > > Sent: 04 April 2013 2:52 PM > > To: dev@cloudstack.apache.org > > Cc: cloudstack-...@incubator.apache.org > > Subject: Re: CloudStack UI Authentication Mechanism > > > > On Thu, Apr 4, 2013 at 4:50 PM, Donal Lafferty > > <donal.laffe...@citrix.com>wrote: > > > > > I noticed that the CloudStack UI allows VM control to accounts that > > > don't have an API key set defined. > > > > > > How does its authentication mechanism work? E.g. > > > > > > > > > 1. How are API calls authenticated and authorized if > they > > > are not signed with API keys? > > > > > > > On integration port, defined in the global settings, 8096 generally > there is no > > authentication done, user is admin has max. power. > > > [Donal Lafferty] > Okay, but the UI doesn't usually go over 8096. How does it work when its > not bypassing authentication? > jquery UI experts will let you know the internals. When authentication in UI is done, the keys are obtained and subsequently used while querying. Just attach your debugger to ApiServlet's GET handlers and follow the sequence which will help you discover how it all works till it reaches ApiDispatcher (through ApiServer class) where the actual cmd class is found, filled and executed. Cheers. > > > > > > > > 2. Does this work equally well when LDAP is to > > > authenticate username / password? > > > > > > > Abhi can comment on this one. > > > > Cheers. > > > > > > > > > > > > > DL > > > > > > > > > >
