Change in ovirt-engine[master]: webadmin: Fix repeated logins due to UI plugin REST API hear...

vszocs at redhat.com vszocs at redhat.com
Mon May 6 14:03:55 UTC 2013 

Vojtech Szocs has submitted this change and it was merged.

Change subject: webadmin: Fix repeated logins due to UI plugin REST API heartbeat
......................................................................


webadmin: Fix repeated logins due to UI plugin REST API heartbeat

This patch addresses a problem (behavior) of web browser sending
HTTP 'Authorization' header unconditionally (always) for each
request to given origin after the HTTP 'Authorization' header has
been set for the first time (e.g. via XmlHttpRequest).

This generally means the JavaScript application doesn't have full
control over HTTP 'Authorization' header; once set for the initial
request, web browser will always send this header until the browser
window is closed by the user.

To address this problem in UI plugin REST API integration:

1. all plugins will receive single session ID using GUI (WebAdmin)
   user credentials, session timeout is set to 6 hours

2. WebAdmin will not try to keep-alive the session via periodic
   heartbeat requests due to the problem with HTTP 'Authorization'
   header handling in web browser

These changes have following implications:
* REST API session will be acquired with reasonably long timeout
* it's up to plugins (or other systems using the session) to keep
  the session alive as necessary

In future, we should work around the HTTP 'Authorization' header
problem and revisit the general contract of UI plugin REST API
integration, i.e. whether to keep-alive the session by WebAdmin,
or whether to push session acquiry responsibility to individual
plugins.

Change-Id: I72c2d4952daac4daa17554b7661ed775c72cb97a
Bug-Url: https://bugzilla.redhat.com/894687
Bug-Url: https://bugzilla.redhat.com/906046
Signed-off-by: Vojtech Szocs <vszocs at redhat.com>
---
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java
2 files changed, 28 insertions(+), 59 deletions(-)

Approvals:
  Vojtech Szocs: Verified; Looks good to me, approved


--
To view, visit http://gerrit.ovirt.org/14411
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I72c2d4952daac4daa17554b7661ed775c72cb97a
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Vojtech Szocs <vszocs at redhat.com>
Gerrit-Reviewer: Daniel Erez <derez at redhat.com>
Gerrit-Reviewer: Einav Cohen <ecohen at redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali at redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjelinek at redhat.com>
Gerrit-Reviewer: Vojtech Szocs <vszocs at redhat.com>

More information about the Engine-commits mailing list