On 11/05/2010 05:26 PM, Endi Sukma Dewata wrote:
On 11/5/2010 4:03 PM, Adam Young wrote:
Ticket Expiration
This patch handles Kerberos ticket expiration in the UI.
Additionally it removes the mod_auth_kerb authorization for elements
in the static directory, cutting down on the number of round trips
Rebased
It still doesn't apply. Could you double-check? Maybe it's based on
some uncommitted patches. Thanks.
Here it is.
From fcbd8c2511363974d2bda64da91f6c594e01b0a8 Mon Sep 17 00:00:00 2001
From: Adam Young <ayo...@redhat.com>
Date: Fri, 5 Nov 2010 19:48:42 -0400
Subject: [PATCH] Ticket Expiration
THis patch handles Kerberos ticket expiration in the UI. Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app
Conflicts:
install/static/ipa.js
---
install/conf/ipa.conf | 11 +----------
install/static/ipa.js | 32 +++++++++++++++++++++++++++-----
ipalib/plugins/internal.py | 9 ++++++++-
3 files changed, 36 insertions(+), 16 deletions(-)
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 91e8373..bcf31ce 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -89,20 +89,11 @@ Alias /ipa/ui "/usr/share/ipa/static"
<Directory "/usr/share/ipa/static">
SetHandler None
AllowOverride None
+ Satisfy Any
Allow from all
</Directory>
-# WebUI assets
-Alias /ipa-assets/ "/var/cache/ipa/assets/"
-<Directory "/var/cache/ipa/assets">
- Allow from all
- AllowOverride None
- Options FollowSymLinks
- ExpiresActive On
- ExpiresDefault A31536000
-</Directory>
-
# Protect our CGIs
<Directory /var/www/cgi-bin>
diff --git a/install/static/ipa.js b/install/static/ipa.js
index be8e3b6..21368d6 100644
--- a/install/static/ipa.js
+++ b/install/static/ipa.js
@@ -22,6 +22,7 @@
/*global $:true, location:true */
/*Forward defined due to circular dependency with IPA.*/
+var IPA;
var ipa_cmd;
var IPA_DEFAULT_JSON_URL = '/ipa/json';
var IPA = ( function () {
@@ -119,6 +120,7 @@ var IPA = ( function () {
* objname - name of an IPA object (optional) */
function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
{
+ var default_json_url = '/ipa/json';
function dialog_open(xhr, text_status, error_thrown) {
var that = this;
@@ -150,6 +152,24 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
}
function error_handler(xhr, text_status, error_thrown) {
+ if (!error_thrown){
+ error_thrown = {name:'unknown'}
+ }
+
+ if (xhr.status === 401){
+ error_thrown.name = 'Kerberos ticket no longer valid.';
+ if (IPA.messages && IPA.messages.ajax){
+ error_thrown.message = IPA.messages.ajax["401"];
+ }else{
+ error_thrown.message =
+ "Your kerberos ticket no longer valid."+
+ "Please run KInit and then click 'retry'"+
+ "If this is your first time running the IPA Web UI"+
+ "<a href='/ipa/errors/ssbrowser.html'> "+
+ "Follow these directions</a> to configure your browser."
+ }
+ }
+
error_thrown.title = 'AJAX Error: '+error_thrown.name;
ajax_error_handler.call(this, xhr, text_status, error_thrown);
}
@@ -206,7 +226,7 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
var url = IPA.json_url;
if (!url){
- url = IPA_DEFAULT_JSON_URL;
+ url = default_json_url;
}
if (IPA.use_static_files){
@@ -262,10 +282,12 @@ function ipa_get_member_attribute(obj_name, member)
}
var attribute_members = ipa_obj.attribute_members;
for (var a in attribute_members) {
- var objs = attribute_members[a];
- for (var i = 0; i < objs.length; i += 1) {
- if (objs[i] === member){
- return a;
+ if (attribute_members.hasOwnProperty(a)){
+ var objs = attribute_members[a];
+ for (var i = 0; i < objs.length; i += 1) {
+ if (objs[i] === member){
+ return a;
+ }
}
}
}
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index e950796..bf477b7 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -58,7 +58,14 @@ class json_metadata(Command):
"mailing":_("Mailing Address"),
"employee":_(" Employee Information"),
"misc":_("Misc. Information"),
- "to_top":_("Back to Top")}
+ "to_top":_("Back to Top")},
+ "ajax":{
+ "401":_("Your kerberos ticket no longer valid."+
+ "Please run KInit and then click 'retry'"+
+ "If this is your first time running the IPA Web UI"+
+ "<a href='/ipa/errors/ssbrowser.html'> "+
+ "Follow these directions</a> to configure your browser.")
+ }
}
takes_args = (
--
1.7.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel