Michael Pasternak has posted comments on this change.
Change subject: rest: after creating a REST session request without Prefer
returns 401
......................................................................
Patch Set 1: (1 inline comment)
....................................................
File
backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java
Line 86:
Line 87: // Will create a new one if it is the first session, and we
want to persist sessions
Line 88: // (and then the "isNew" test below will return true)
Line 89: // Otherwise, it will return null
Line 90: httpSession = getCurrentSession(preferPersistentAuth);
oved, you actually reverting #876641 [1] change suggested by you to fix this BZ?
[1] set jsessionid cookie only if user logs in using credentials AND "prefer:
persistent-auth" header is set
Line 91:
Line 92: // If the session isn't new and doesn't carry authorization
header, we validate it
Line 93: if (validator != null && httpSession != null &&
!httpSession.isNew() && !hasAuthorizationHeader) {
Line 94: successful = executeSessionValidation(httpSession,
preferPersistentAuth);
--
To view, visit http://gerrit.ovirt.org/12522
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ie61285212c4050bc6dc2c744b3d281648ea542ca
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
