Moti Asayag has submitted this change and it was merged. Change subject: aaa: Modify webadmin and userportal to use enginesso for authentication ...................................................................... aaa: Modify webadmin and userportal to use enginesso for authentication Add webadmin side code to support authentication using engine sso. Modify webadmin and user portal to use the new SSO filters for authorization. Session validation on engine side is done using sso Modify the welcome page to show the current user logged in and provide a link to switch user by invalidating the current session and turning off external auth Basic auth and negotiate filters on engine side are not required SSO token and JSESSION from rest api should be obtained using Engine Session Id and SSO Session Id. The setup is sso aware and registers the engine with the sso as a client. Remove code that performs login in UI. Login user and admin commands and the parameter can be deleted from the backend as the login sequence is handled by SSO Change-Id: Iff0aee9d0f5ee606ff7f397cab69017ca7d9df08 Bug-Url: https://bugzilla.redhat.com/1092744 Signed-off-by: Ravi Nori <rnori@redhat.com> --- M backend/manager/modules/aaa/exclude-filters.xml M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AcctUtils.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SSOOAuthServiceUtils.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SSOUtils.java D backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java D backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EngineSessionTokenAuthenticationFilter.java M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java D backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/LoginFilter.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSOLoginFilter.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSORestApiAuthFilter.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSORestApiNegotiationFilter.java D backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionValidationFilter.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SSOLoginServlet.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SSOLogoutServlet.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SSOPostLoginServlet.java M backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml M backend/manager/modules/auth-plugin/pom.xml M backend/manager/modules/auth-plugin/src/main/java/org/ovirt/engine/core/jboss_auth_plugin/OvirtAuthPlugIn.java M backend/manager/modules/auth-plugin/src/main/modules/org/ovirt/engine/core/auth-plugin/main/module.xml M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetEngineSessionIdForSSOTokenQuery.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/CreateUserSessionCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/GetEngineSessionIdTokenQuery.java D backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginAdminUserCommand.java D backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginOnBehalfCommand.java D backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginUserCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutSessionCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SessionDataContainer.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/TerminateSessionsForTokenCommand.java M backend/manager/modules/bll/src/test/java/org/ovirt/engine/core/bll/aaa/SessionDataContainerTest.java A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/CreateUserSessionParameters.java D backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/LoginUserParameters.java A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/TerminateSessionsForTokenParameters.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/constants/SessionConstants.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/interfaces/BackendLocal.java A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetEngineSessionIdForSSOTokenQueryParameters.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java M backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml M backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/GetSessionUser.java A backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/SSOCallbackServlet.java M backend/manager/modules/services/src/main/webapp/WEB-INF/web.xml M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java A backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/serialization/json/JsonExtDeserializer.java A backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/serialization/json/JsonExtMapMixIn.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/serialization/json/JsonObjectDeserializer.java M backend/manager/modules/welcome/src/main/resources/messages.properties A backend/manager/modules/welcome/src/main/webapp/WEB-INF/error.jsp M backend/manager/modules/welcome/src/main/webapp/WEB-INF/ovirt-engine.jsp M backend/manager/modules/welcome/src/main/webapp/WEB-INF/web.xml M backend/manager/modules/welcome/src/test/java/org/ovirt/engine/core/WelcomeServletTest.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/CommunicationProvider.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/GWTRPCCommunicationProvider.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/OperationProcessor.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/VdcOperationManager.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/gwtservices/GenericApiGWTService.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GenericApiGWTServiceImpl.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/utils/FrontendUrlUtils.java M frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/FrontendActionTest.java M frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/FrontendTest.java M frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/communication/VdcOperationManagerTest.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/auth/CurrentUser.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/place/ApplicationPlaceManager.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/presenter/AbstractHeaderPresenterWidget.java D frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/presenter/AbstractLoginPresenterWidget.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/restapi/RestApiSessionManager.java D frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/section/DefaultLoginSectionPlace.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/system/BaseApplicationInit.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/uicommon/FrontendEventsHandlerImpl.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/view/AbstractHeaderView.java D frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/view/AbstractLoginFormView.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/LoginModel.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalLoginModel.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/place/UserPortalApplicationPlaces.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/place/WebAdminApplicationPlaces.java M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/gin/PresenterModule.java M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/gin/SystemModule.java M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/place/UserPortalPlaceManager.java D frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/presenter/LoginFormPresenterWidget.java D frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/presenter/LoginSectionPresenter.java D frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginFormView.java D frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginFormView.ui.xml D frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginSectionView.java D frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginSectionView.ui.xml M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/main/view/HeaderView.java M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/main/view/HeaderView.ui.xml M frontend/webadmin/modules/userportal-gwtp/src/main/webapp/WEB-INF/web.xml M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/gin/PresenterModule.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/gin/SystemModule.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/place/WebAdminPlaceManager.java D frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/presenter/LoginFormPresenterWidget.java D frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/presenter/LoginSectionPresenter.java D frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginFormView.java D frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginFormView.ui.xml D frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginSectionView.java D frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginSectionView.ui.xml M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/HeaderView.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/HeaderView.ui.xml M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java M frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml M packaging/services/ovirt-engine/ovirt-engine.conf.in M packaging/setup/ovirt_engine_setup/engine/constants.py M packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/__init__.py A packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/sso.py 107 files changed, 2,247 insertions(+), 3,067 deletions(-) Approvals: Ravi Nori: Verified Alexander Wels: Looks good to me, approved Vojtech Szocs: Looks good to me, but someone else must approve Moti Asayag: Passed CI tests -- To view, visit https://gerrit.ovirt.org/36619 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iff0aee9d0f5ee606ff7f397cab69017ca7d9df08 Gerrit-PatchSet: 173 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rnori@redhat.com> Gerrit-Reviewer: Alexander Wels <awels@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Eli Mesika <emesika@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Martin Peřina <mperina@redhat.com> Gerrit-Reviewer: Michal Skrivanek <michal.skrivanek@redhat.com> Gerrit-Reviewer: Moti Asayag <masayag@redhat.com> Gerrit-Reviewer: Ravi Nori <rnori@redhat.com> Gerrit-Reviewer: Tomas Jelinek <tjelinek@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vszocs@redhat.com> Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>