Alon Bar-Lev has posted comments on this change. Change subject: aaa: Introduce auth_scheme context key ......................................................................
Patch Set 3: (5 comments) http://gerrit.ovirt.org/#/c/28011/3/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authn.java File backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authn.java: Line 23: public static final ExtKey CAPABILITIES = new ExtKey("AAA_AUTHN_CAPABILITIES", Long.class, "9d16bee3-10fd-46f2-83f9-3d3c54cf258d"); Line 24: Line 25: /** Line 26: * HTTP authentication scheme. A list of authentication scheme elements a client will receive with an HTTP 401 Line 27: * (unauthorized) response message as a value of the WWW-Authenticate header. shorter... please :) Line 28: */ Line 29: public static final ExtKey HTTP_AUTHENTICATION_SCHEME = new ExtKey("AAA_HTTP_AUTHENTICATION_SCHEME", List/*<String>*/.class, "c0a5c8b4-870b-436e-aeb9-1cd5307b2058"); Line 30: } Line 31: Line 96: * Negotiate authentication. Line 97: * Line 98: * Inspect HttpServletRequest and optionally interact with remote using HttpServletResponse. Line 99: * {@link InvokeKeys#RESULT} must be set with negotiation result. Line 100: * - Line 101: * <p> Line 102: * Input: Line 103: * <ul> Line 104: * <li>{@link InvokeKeys#HTTP_SERVLET_REQUEST}[M]</li> Line 104: * <li>{@link InvokeKeys#HTTP_SERVLET_REQUEST}[M]</li> Line 105: * <li>{@link InvokeKeys#HTTP_SERVLET_RESPONSE}[M]</li> Line 106: * </ul> Line 107: * </p> Line 108: * - Line 109: * <p> Line 110: * Output: Line 111: * <ul> Line 112: * <li>{@link InvokeKeys#AUTH_RECORD}[O] - must be set on success.</li> Line 114: * <li>{@link InvokeKeys#PRINCIPAL}[O] - should be set if available even if login failed if principal is known.</li> Line 115: * <li>{@link InvokeKeys#RESULT}[M]</li> Line 116: * <li>{@link InvokeKeys#USER_MESSAGE}[O]</li> Line 117: * </p> Line 118: * - Line 119: * @see AuthResult#NEGOTIATION_INCOMPLETE Line 120: * @see AuthResult#NEGOTIATION_UNAUTHORIZED Line 121: * @see ContextKeys#HTTP_AUTHENTICATION_SCHEME Line 122: */ Line 117: * </p> Line 118: * Line 119: * @see AuthResult#NEGOTIATION_INCOMPLETE Line 120: * @see AuthResult#NEGOTIATION_UNAUTHORIZED Line 121: * @see ContextKeys#HTTP_AUTHENTICATION_SCHEME :))) this is not enough... at the above description you should write something as: The {@link ContextKeys#HTTP_AUTHENTICATION_SCHEME} value is sent when HTTP 401 response is sent, to enable client negotiation. Line 122: */ Line 123: public static final ExtUUID AUTHENTICATE_NEGOTIATE = new ExtUUID("AAA_AUTHN_NEGOTIATE", "fbfee86d-afe7-4465-bfcf-30d91be9adc1"); Line 124: /** Line 125: * Credentials based authentication. -- To view, visit http://gerrit.ovirt.org/28011 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ib1141209b53de9f891e8051d9d18d74ed8b49614 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
