[Engine-patches] Change in ovirt-engine[master]: restapi : don't set jsessionid cookie when authentication fa...

Mon, 08 Apr 2013 00:39:14 -0700 

Michael Pasternak has posted comments on this change.

Change subject: restapi : don't set jsessionid cookie when authentication 
fails(#927140)
......................................................................


Patch Set 2: I would prefer that you didn't submit this

(2 inline comments)

....................................................
File 
backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java
Line 168
Line 169
Line 170
Line 171
Line 172
why you had to take this code out from the executeBasicAuthentication() ? you 
could
generate new httpSession here if it's null instead and inject engineSessionId on
success in updateAuthenticationProperties().

actually i prefer the old way of "new session" generation for BasicAuth, this 
way  executeBasicAuthentication() encapsulates this logic and none else is
aware to it.


Line 169:     /*
Line 170:      * This method executes the basic authentication, and returns 
true whether it was successful and false otherwise.
Line 171:      * It also sets the logged-in principal and the challenger object 
in the Current object
Line 172:      */
Line 173:     private boolean executeBasicAuthentication(HttpHeaders headers, 
String engineSessionId, boolean preferPersistentAuth) {
i don't see you using "engineSessionId" in this method
Line 174:         boolean successful = false;
Line 175:         List<String> auth = 
headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
Line 176:         if (auth != null && auth.size() != 0) {
Line 177:             Principal principal = scheme.decode(headers);


--
To view, visit http://gerrit.ovirt.org/13371
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I84907ab56e99ebb875124f42345d691edad3cdbe
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Ravi Nori <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Ravi Nori <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to