[Engine-devel] UI Plugins: issue with REST API keep-alive heartbeat fixed
Hi guys, just a quick update, recently we fixed an issue [1] with UI Plugin REST API integration trying to keep-alive the current REST API session, which was causing repeated "User logged in" events in GUI, along with new REST API session created each time the heartbeat request was fired. Please refer to commit message for more details on this issue. There are some things to be aware of with regard to UI Plugin REST API integration: - all plugins still receive a single session ID based on WebAdmin user credentials, i.e. keep the current "single-admin-session-for-all-plugins" behavior - session timeout is set to 6 hours --> 2x more than default REST API session timeout - WebAdmin will *not* try to keep-alive the session via periodic heartbeat requests, i.e. break the current "keep-session-alive-while-user-stays-authenticated" behavior In practice, this means that after a user logs into WebAdmin, if no plugin interacts with the REST API session via provided ID for more than 6 hours, the session will time-out eventually. Unfortunately, for now, we can't support the session keep-alive mechanism due to issues with HTTP 'Authorization' header handling in web browsers, but with RFE [2] it would be possible to re-implement the session keep-alive mechanism. On the other hand, we'll most likely revisit the current "single-admin-session-for-all-plugins" behavior in future, i.e. have special Engine users created for use with UI Plugin REST API integration, with permissions of such users under control by the admin. This would change the current behavior to something like "separate-user-session-for-each-plugin", with individual plugins able to create their own REST API session on demand. Regards, Vojtech [1] http://gerrit.ovirt.org/#/c/14411/
----- Original Message ----- From: "Vojtech Szocs" <vszocs@redhat.com> Sent: Monday, May 13, 2013 10:23:30 AM
Hi guys,
just a quick update, recently we fixed an issue [1] with UI Plugin REST API integration trying to keep-alive the current REST API session, which was causing repeated "User logged in" events in GUI, along with new REST API session created each time the heartbeat request was fired. Please refer to commit message for more details on this issue.
There are some things to be aware of with regard to UI Plugin REST API integration: - all plugins still receive a single session ID based on WebAdmin user credentials, i.e. keep the current "single-admin-session-for-all-plugins" behavior - session timeout is set to 6 hours --> 2x more than default REST API session timeout - WebAdmin will *not* try to keep-alive the session via periodic heartbeat requests, i.e. break the current "keep-session-alive-while-user-stays-authenticated" behavior
In practice, this means that after a user logs into WebAdmin, if no plugin interacts with the REST API session via provided ID for more than 6 hours, the session will time-out eventually. Unfortunately, for now, we can't support the session keep-alive mechanism due to issues with HTTP 'Authorization' header handling in web browsers, but with RFE [2] it would be possible to re-implement the session keep-alive mechanism.
On the other hand, we'll most likely revisit the current "single-admin-session-for-all-plugins" behavior in future, i.e. have special Engine users created for use with UI Plugin REST API integration, with permissions of such users under control by the admin. This would change the current behavior to something like "separate-user-session-for-each-plugin", with individual plugins able to create their own REST API session on demand.
Regards, Vojtech
Thanks, Vojtech - just adding the missing RFE reference ([2]): [2] Bug 958861 - Support passing auth information without having to use HTTP Authorization header [https://bugzilla.redhat.com/show_bug.cgi?id=958861]
Thanks Einav, just realized I forgot to add [2] link to my email :) Vojtech ----- Original Message ----- From: "Einav Cohen" <ecohen@redhat.com> To: "Vojtech Szocs" <vszocs@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org>, "Christopher Morrissey" <christopher.morrissey@netapp.com> Sent: Monday, May 13, 2013 10:10:59 PM Subject: Re: [Engine-devel] UI Plugins: issue with REST API keep-alive heartbeat fixed
----- Original Message ----- From: "Vojtech Szocs" <vszocs@redhat.com> Sent: Monday, May 13, 2013 10:23:30 AM
Hi guys,
just a quick update, recently we fixed an issue [1] with UI Plugin REST API integration trying to keep-alive the current REST API session, which was causing repeated "User logged in" events in GUI, along with new REST API session created each time the heartbeat request was fired. Please refer to commit message for more details on this issue.
There are some things to be aware of with regard to UI Plugin REST API integration: - all plugins still receive a single session ID based on WebAdmin user credentials, i.e. keep the current "single-admin-session-for-all-plugins" behavior - session timeout is set to 6 hours --> 2x more than default REST API session timeout - WebAdmin will *not* try to keep-alive the session via periodic heartbeat requests, i.e. break the current "keep-session-alive-while-user-stays-authenticated" behavior
In practice, this means that after a user logs into WebAdmin, if no plugin interacts with the REST API session via provided ID for more than 6 hours, the session will time-out eventually. Unfortunately, for now, we can't support the session keep-alive mechanism due to issues with HTTP 'Authorization' header handling in web browsers, but with RFE [2] it would be possible to re-implement the session keep-alive mechanism.
On the other hand, we'll most likely revisit the current "single-admin-session-for-all-plugins" behavior in future, i.e. have special Engine users created for use with UI Plugin REST API integration, with permissions of such users under control by the admin. This would change the current behavior to something like "separate-user-session-for-each-plugin", with individual plugins able to create their own REST API session on demand.
Regards, Vojtech
Thanks, Vojtech - just adding the missing RFE reference ([2]): [2] Bug 958861 - Support passing auth information without having to use HTTP Authorization header [https://bugzilla.redhat.com/show_bug.cgi?id=958861]
participants (2)
-
Einav Cohen -
Vojtech Szocs