Ravi Nori has uploaded a new change for review. Change subject: restapi: Support passing auth information without having to use HTTP Authorization header ......................................................................
restapi: Support passing auth information without having to use HTTP Authorization header Support passing JSESSIONID header to retrive and use an exisiting session insead of passing a cookie or auth information to the server. Change-Id: Ic71671177f9456b67d4aea143fc9eca73d5e21fb Bug-Url: https://bugzilla.redhat.com/958874 Signed-off-by: Ravi Nori <[email protected]> --- M backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java M backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/SessionUtils.java M backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/util/ReflectionHelper.java M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java 4 files changed, 14 insertions(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/19/17219/1 diff --git a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java index e00909b..afb2560 100644 --- a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java +++ b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java @@ -90,6 +90,7 @@ HttpHeaders headers = request.getHttpHeaders(); boolean preferPersistentAuth = checkPersistentAuthentication(headers); boolean hasAuthorizationHeader = checkAuthorizationHeader(headers); + boolean hasJSessionIdHeader = checkJSessionIdHeader(headers); Integer customHttpSessionTtl = getCustomHttpSessionTtl(headers); // Get the current session @@ -102,7 +103,7 @@ successful = executeSessionValidation(httpSession, preferPersistentAuth); } else { // If the session isn't new but carries authorization header, we invalidate it first - if (validator != null && httpSession != null) { + if (validator != null && httpSession != null && !hasJSessionIdHeader) { httpSession.invalidate(); httpSession = getCurrentSession(true); } @@ -226,6 +227,11 @@ return authorizationField != null && !authorizationField.isEmpty(); } + private boolean checkJSessionIdHeader(HttpHeaders headers) { + List<String> jsessionIdField = headers.getRequestHeader(SessionUtils.JSESSIONID_HEADER); + return jsessionIdField != null && !jsessionIdField.isEmpty(); + } + // Here to ease mocking it in the tester protected HttpSession getCurrentSession(boolean create) { return SessionUtils.getCurrentSession(create); diff --git a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/SessionUtils.java b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/SessionUtils.java index cdbafd0..2660df6 100644 --- a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/SessionUtils.java +++ b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/SessionUtils.java @@ -53,7 +53,7 @@ HttpSession retVal = null; if (request != null) { - retVal = request.getSession(create); + retVal = new DecoratedHttpServletRequest(request).getSession(create); } return retVal; } diff --git a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/util/ReflectionHelper.java b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/util/ReflectionHelper.java index 1b95961..ab9c4cc 100644 --- a/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/util/ReflectionHelper.java +++ b/backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/util/ReflectionHelper.java @@ -169,7 +169,7 @@ return Boolean.TYPE.equals(m.getParameterTypes()[0]); } - private static Method getMethod(Object o, String name) { + public static Method getMethod(Object o, String name) { Method ret = null; for (Method m : o.getClass().getMethods()) { if (m.getName().equals(name)) { diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java index 6a41f9d..f98cabc 100644 --- a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/auth/LoginValidator.java @@ -174,7 +174,7 @@ if (httpSession != null) { httpSession.invalidate(); } - } else if (httpSession != null && httpSession.isNew()) { + } else if (httpSession != null && !containsJSessionIdHeader(response)) { response.getMetadata().add(SessionUtils.JSESSIONID_HEADER, httpSession.getId()); } @@ -183,6 +183,10 @@ sessionHelper.clean(); } + private boolean containsJSessionIdHeader(ServerResponse response) { + return response.getMetadata().containsKey(SessionUtils.JSESSIONID_HEADER); + } + @Override public void usePersistentSession(boolean persistentSession) { this.persistentSession = persistentSession; -- To view, visit http://gerrit.ovirt.org/17219 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic71671177f9456b67d4aea143fc9eca73d5e21fb Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
