Vojtech Szocs has submitted this change and it was merged. Change subject: webadmin: Fix repeated logins due to UI plugin REST API heartbeat ...................................................................... webadmin: Fix repeated logins due to UI plugin REST API heartbeat This patch addresses a problem (behavior) of web browser sending HTTP 'Authorization' header unconditionally (always) for each request to given origin after the HTTP 'Authorization' header has been set for the first time (e.g. via XmlHttpRequest). This generally means the JavaScript application doesn't have full control over HTTP 'Authorization' header; once set for the initial request, web browser will always send this header until the browser window is closed by the user. To address this problem in UI plugin REST API integration: 1. all plugins will receive single session ID using GUI (WebAdmin) user credentials, session timeout is set to 6 hours 2. WebAdmin will not try to keep-alive the session via periodic heartbeat requests due to the problem with HTTP 'Authorization' header handling in web browser These changes have following implications: * REST API session will be acquired with reasonably long timeout * it's up to plugins (or other systems using the session) to keep the session alive as necessary In future, we should work around the HTTP 'Authorization' header problem and revisit the general contract of UI plugin REST API integration, i.e. whether to keep-alive the session by WebAdmin, or whether to push session acquiry responsibility to individual plugins. Change-Id: I72c2d4952daac4daa17554b7661ed775c72cb97a Bug-Url: https://bugzilla.redhat.com/894687 Bug-Url: https://bugzilla.redhat.com/906046 Signed-off-by: Vojtech Szocs <vszocs@redhat.com> --- M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java 2 files changed, 28 insertions(+), 59 deletions(-) Approvals: Vojtech Szocs: Verified; Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/14411 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I72c2d4952daac4daa17554b7661ed775c72cb97a Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Vojtech Szocs <vszocs@redhat.com> Gerrit-Reviewer: Daniel Erez <derez@redhat.com> Gerrit-Reviewer: Einav Cohen <ecohen@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourfali@redhat.com> Gerrit-Reviewer: Tomas Jelinek <tjelinek@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vszocs@redhat.com>