Change in ovirt-engine[master]: webadmin: Improve UI Plugin vs. REST API integration

vszocs at redhat.com vszocs at redhat.com
Wed Jan 15 16:56:25 UTC 2014 

Vojtech Szocs has submitted this change and it was merged.

Change subject: webadmin: Improve UI Plugin vs. REST API integration
......................................................................


webadmin: Improve UI Plugin vs. REST API integration

This patch provides client-side fix for following use case:

a. assume restapi-session-timeout > engine-session-timeout
   - UI Plugin infra uses restapi-session-timeout=360min
   - by default, engine-session-timeout=30min

b. user logs into WebAdmin, WebAdmin's UI Plugin infra acquires
   REST API session (using GUI login credentials)

c. user is inactive for engine-session-timeout [min]
   - Engine session will be invalidated
   - however, REST API session is still active

d. WebAdmin detects that Engine session is invalid and takes
   the user back to login screen

e. user logs into WebAdmin again, WebAdmin's UI Plugin infra
   tries to acquire REST API session again
   - REST API session (JSESSIONID cookie) is still active
     so backend will reuse it
   - REST API backend attempts to validate the Engine session,
     the Engine session is invalid so backend sends HTTP 401
     "Auth Required" response to client

f. as a result:
   - user sees "Auth Required" browser-specific popup in browser
   - UI Plugin vs. REST API integration is broken for current
     user login session, i.e. WebAdmin didn't receive JSESSIONID
     response header from REST API backend

This patch makes following changes:

- detect current Engine session timeout, embed it into WebAdmin
  host page and read it during WebAdmin startup

- tell RestApiSessionManager to acquire REST API session using
  timeout = current-engine-session-timeout

- while the user stays authenticated in WebAdmin GUI, keep
  REST API *and* Engine session alive via heartbeat requests [1]

This has following implications on existing UI plugins:

- REST API session timeout is no longer 360min (it's now equal
  to current-engine-session-timeout) so plugins and/or other
  systems utilizing REST API session should be prepared to deal
  with shorter timeout periods [2]

- plugins and/or other systems utilizing REST API session can
  now rely on session keep-alive behavior implemented in GUI [3]

[1] keep-alive behavior re-introduced after changes in patch
    http://gerrit.ovirt.org/#/c/14411/
[2] in practice, REST API session is usable only as long as
    the associated Engine session is active
[3] keep-alive active as long as the user stays authenticated
    while having WebAdmin GUI open in the browser

Change-Id: I0b913e78c0ddb54011670c421d6ff5d12c965d6b
Bug-Url: https://bugzilla.redhat.com/1011058
Signed-off-by: Vojtech Szocs <vszocs at redhat.com>
---
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/ConfigurationValues.java
M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/WebAdminHostPageServlet.java
M frontend/webadmin/modules/frontend/src/main/resources/META-INF/resources/GwtHostPage.jsp
M frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/server/gwt/WebAdminHostPageServletTest.java
A frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/EngineSessionTimeoutData.java
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java
8 files changed, 121 insertions(+), 9 deletions(-)

Approvals:
  Vojtech Szocs: Verified; Looks good to me, approved



-- 
To view, visit http://gerrit.ovirt.org/20404
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0b913e78c0ddb54011670c421d6ff5d12c965d6b
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Vojtech Szocs <vszocs at redhat.com>
Gerrit-Reviewer: Alexander Wels <awels at redhat.com>
Gerrit-Reviewer: Daniel Erez <derez at redhat.com>
Gerrit-Reviewer: Einav Cohen <ecohen at redhat.com>
Gerrit-Reviewer: Greg Sheremeta <gshereme at redhat.com>
Gerrit-Reviewer: Juan Hernandez <juan.hernandez at redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjelinek at redhat.com>
Gerrit-Reviewer: Vojtech Szocs <vszocs at redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs at redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server

More information about the Engine-commits mailing list