1:08 a.m.
Thanks Chris, this is very useful information!
I'm aware of the issue with heartbeat request performing re-login on server [1], the
issue you encountered confirms that the root cause is the way how heartbeat requests are
made from WebAdmin client (browser).
I suspect this has to do something with cookies, i.e. JSESSIONID cookie for /api path used
to transmit REST API session ID. I need to check that the browser eventually sends this
cookie alongside Prefer:persistent-auth header within the heartbeat request. Handling
cookies is always problematic in JavaScript, as WebAdmin code (i.e. /webadmin) cannot
get/set cookies for different paths (i.e. /api) and therefore must rely on
browser-specific cookie handling for all outgoing requests.
This is quite important issue, I'll look into this next week. Again, many thanks for
the feedback.
[1] https://bugzilla.redhat.com/906046
Thanks,
Vojtech
----- Original Message -----
From: "Christopher Morrissey" <Christopher.Morrissey(a)netapp.com>
To: "Vojtech Szocs" <vszocs(a)redhat.com>, "engine-devel"
<engine-devel(a)ovirt.org>
Cc: "Spenser Shumaker" <sshumake(a)redhat.com>, "René Koch"
<r.koch(a)ovido.at>
Sent: Friday, April 5, 2013 4:11:56 PM
Subject: RE: [Engine-devel] UI Plugin API improvements
Just to reply to my own question, I've done some further investigation and it appears
that the session wasn't timing out. It looks like the request from the heartbeat
itself was causing the session to be invalidated and a new session to be created. When I
modified the code to stop the heartbeat I was able to use the session without problem.
Looking at the requests from the browser, it appears that Jboss is creating a new session
with each request. I'm guessing this is a side effect of a combination of the basic
authentication information in the header and the server essentially re-authenticating on
each request and generating a new session ID to prevent session fixation security issues.
Has anyone else used the REST session ID that is provided through the plugin API? Have you
run into this issue? I think the overall issue is exacerbated by the fact that we are
making calls outside of the context of the client from our server and don't have the
basic authentication header information. Because the client has this, all requests are
re-athenticated whether the REST session ID is valid or not. My calls are getting
blocked.
Any ideas on how to fix this? A change in the Jboss settings maybe?
-Chris
-----Original Message-----
From: Morrissey, Christopher
Sent: Tuesday, April 02, 2013 7:18 PM
To: 'Vojtech Szocs'; engine-devel
Cc: Spenser Shumaker; René Koch
Subject: RE: [Engine-devel] UI Plugin API improvements
Great job on the dialog support, Vojtech! It's working very well for me.
I am having an issue with the REST session ID that I haven't been able to nail
down. It seems to be timing out rather quickly. Somewhere between 15 and
30 seconds if I don't use it explicitly. I've seen the code that is scheduled to
run every minute to keep it alive, but it looks like the timeout is happening so
quickly that the heartbeat can't keep it alive. Any idea on why this would be
happening?
-Chris
> -----Original Message-----
> From: engine-devel-bounces(a)ovirt.org [mailto:engine-devel-
> bounces(a)ovirt.org] On Behalf Of Vojtech Szocs
> Sent: Thursday, March 28, 2013 11:25 AM
> To: engine-devel
> Cc: Spenser Shumaker; René Koch; Morrissey, Christopher
> Subject: [Engine-devel] UI Plugin API improvements
>
> Hi guys,
>
> I've just merged some UI Plugin patches that improve existing API
> functions, as well as add some new API functions. Please read on to learn
what's new.
>
>
> Modal dialog API
> ================
>
> Function improved: showDialog
>
> New signature:
> showDialog(title, dialogToken, contentUrl, width, height [,
> options])
>
> Example usage:
> showDialog('My Dialog', 'my-dialog',
'http://www.foobar.com/',
> '800px', '600px', {
> // Default value = empty array (no buttons)
> buttons: [
> {
> label: 'Do stuff',
> onClick: function() {
> alert('Bump!');
> }
> }
> ],
>
> // Default value = false
> resizeEnabled: true,
>
> // Default value = true
> closeIconVisible: true,
>
> // Default value = true
> closeOnEscKey: true
> });
>
> Notable changes:
> * modal dialogs now look & feel the same as standard WebAdmin dialogs
> * width & height are strings containing CSS units
> * the reason why buttons default to empty array is to give plugin
> authors the choice to provide custom buttons (or similar input
> elements) via dialog content (iframe), and use HTML5
> window.postMessage to call the plugin (coming soon!)
>
> --
>
> New function: setDialogContentUrl
>
> New signature:
> setDialogContentUrl(dialogToken, contentUrl)
>
> Example usage:
> setDialogContentUrl('my-dialog', 'http://www.example.com/')
>
> --
>
> New function: closeDialog
>
> New signature:
> closeDialog(dialogToken)
>
> Example usage:
> closeDialog('my-dialog')
>
>
> Tab API
> =======
>
> Functions improved: addMainTab & addSubTab
>
> New signatures:
> addMainTab(label, historyToken, contentUrl [, options])
> addSubTab(entityTypeName, label, historyToken, contentUrl [,
> options])
>
> Example usage:
>
> // Tab is left-aligned by default
> addMainTab('Foo Tab', 'foo-tab',
'http://www.foo.com/');
>
> // Tab is right-aligned via options object
> addSubTab('VirtualMachine', 'Bar Tab', 'bar-tab',
'http://www.bar.com/',
{
> alignRight: true
> });
>
> --
>
> Regards,
> Vojtech
> _______________________________________________
> Engine-devel mailing list
> Engine-devel(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel