Piotr Kliczewski has submitted this change and it was merged.
Change subject: webadmin: Use existing Engine session for REST API integration
......................................................................
webadmin: Use existing Engine session for REST API integration
Before this patch
=================
* WebAdmin login triggers creation of separate (logical) Engine session
through creation of new (physical) REST session using HTTP basic auth
-> REST session is acquired using current WebAdmin user credentials
-> REST session ID is provided to all UI plugins
* above causes two separate user login operations with same credentials
and therefore two "user has logged in" events in Engine server log
* acquired (physical) REST session, as well as corresponding (logical)
Engine session, are _NOT_ closed upon WebAdmin logout, even though
these sessions were created with WebAdmin user credentials
After this patch
================
* WebAdmin login _DOES NOT_ trigger creation of separate (logical)
Engine session; instead, it reuses existing Engine user session
-> REST session is still acquired, but instead of HTTP basic auth
credentials, we're passing existing Engine session auth token
to associate REST session with current user's Engine session
-> REST session ID is provided to all UI plugins
* above ensures single user login operation upon WebAdmin login
* since acquired REST session maps to existing Engine session,
WebAdmin user logout makes that REST session unusable, even if
the REST session itself is still alive
We use Prefer:new-auth to ensure that new REST session is created
on each WebAdmin login.
Important note for UI plugin developers
=======================================
REST session ID passed to UI plugins via "RestApiSessionAcquired"
hook, also represented by JSESSIONID cookie for /api, will become
unusable after WebAdmin logout.
Since UI plugins are active (invoked by the infra) only while the
user is authenticated, this shouldn't impact UI plugins that use
provided REST session (cookie) to talk directly with Engine.
Change-Id: Ic3905b3b5834a0f7327321e93064274df0d1db65
Bug-Url:
https://bugzilla.redhat.com/1161734
Bug-Url:
https://bugzilla.redhat.com/1161730
Signed-off-by: Vojtech Szocs <vszocs(a)redhat.com>
---
M
frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java
M
frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/FrontendLoginHandler.java
M
frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/FrontendActionTest.java
M
frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
M
frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java
5 files changed, 93 insertions(+), 69 deletions(-)
Approvals:
Alon Bar-Lev: Verified
Alexander Wels: Looks good to me, approved
--
To view, visit
http://gerrit.ovirt.org/35248
To unsubscribe, visit
http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic3905b3b5834a0f7327321e93064274df0d1db65
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Alexander Wels <awels(a)redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Tal Nisan <tnisan(a)redhat.com>
Gerrit-Reviewer: Vojtech Szocs <vszocs(a)redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server