Change in ovirt-engine[master]: webadmin, userportal: Adapt UI code to SSO changes

vszocs at redhat.com vszocs at redhat.com
Thu May 12 10:06:51 UTC 2016 

Vojtech Szocs has submitted this change and it was merged.

Change subject: webadmin,userportal: Adapt UI code to SSO changes
......................................................................


webadmin,userportal: Adapt UI code to SSO changes

This patch aligns UI code with recent SSO changes.

In a nutshell, it completely removes code that creates and maintains
REST webapp's HTTP session in favor of using SSO token. Dealing with
REST HTTP session led us to many problems in the past, typically
observed as "Auth Required" browser popups due to REST HTTP session
vs. Engine user session [1] inconsistencies.

[1] see CreateUserSessionCommand and SessionDataContainer classes

This patch potentially breaks existing UI plugins by removing the
"RestApiSessionAcquired" callback in favor of new API function that
returns the SSO token:

  var xhr = new XMLHttpRequest();
  xhr.open('GET', 'http://example.com/ovirt-engine/api');
  xhr.setRequestHeader('Authorization', 'Bearer ' + api.ssoToken());
  xhr.setRequestHeader('Accept', 'application/json');
  xhr.addEventListener('load', function () {
    // response loaded OK, parse JSON data
    var data = JSON.parse(this.responseText);
  });
  xhr.send();

In practice, UI plugins no longer need to rely on asynchronous API
callback ("RestApiSessionAcquired") to be able to talk with Engine.
UI plugins also no longer need to use session-specific request headers
like "Prefer:persistent-auth" and "JSESSIONID:xxx", which simplifies
their code.

Since REST HTTP session mechanism relies on cookie ("JSESSIONID"),
individual UI plugins should _not_ try to create a REST session
on their own to avoid any clashes. (This might change once REST
supports non-cookie session ID transport, e.g. use custom header).

>From virt-viewer (VM console) integration perspective, this patch
replaces "jsessionid" with "sso-token" within the vv file. Recent
build of virt-viewer _should_ support "sso-token" (in addition to
supporting "jsessionid" for backwards compatibility).

Integration with the Reports portal is not affected; we're still
using Engine user session ID for this purpose. In future, Reports
portal should be adapted to accept the SSO token.

As for backend changes:
* removed 'OVIRT-SSO-TOKEN' HTTP response header [SSOLoginFilter]
* removed 'JSESSIONID' HTTP response header [RestApiSessionMgmtFilter]

Above headers are not needed since both SSO token and Engine user
session ID are available the moment user requests GWT HTML page.

Change-Id: I62f943ae5798f0f148d84019f1ef6bec4d5ebf6a
Bug-Url: https://bugzilla.redhat.com/1236976
Signed-off-by: Vojtech Szocs <vszocs at redhat.com>
---
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/FiltersHelper.java
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/RestApiSessionMgmtFilter.java
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SsoLoginFilter.java
M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java
D frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/FrontendLoginHandler.java
D frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/SsoTokenChange.java
M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GwtDynamicHostPageServlet.java
M frontend/webadmin/modules/frontend/src/main/resources/META-INF/resources/GwtHostPage.jsp
M frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/FrontendActionTest.java
M frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/server/gwt/AbstractGwtDynamicHostPageServletTest.java
M frontend/webadmin/modules/frontend/src/test/java/org/ovirt/engine/ui/frontend/server/gwt/WebAdminHostPageServletTest.java
M frontend/webadmin/modules/gwt-common/exclude-filters.xml
M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/auth/AutoLoginData.java
M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/auth/CurrentUser.java
D frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/auth/SsoTokenData.java
M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/gin/BaseSystemModule.java
D frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/restapi/EngineSessionTimeoutData.java
D frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/restapi/RestApiSessionAcquired.java
D frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/restapi/RestApiSessionManager.java
M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/system/BaseApplicationInit.java
M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/uicommon/UiCommonDefaultTypeResolver.java
M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/uicommon/model/AbstractConsoleWithForeignMenu.java
M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/ReportInit.java
M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/restapi/HasForeignMenuData.java
M frontend/webadmin/modules/userportal-gwtp/pom.xml
M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/system/ApplicationInit.java
M frontend/webadmin/modules/webadmin/pom.xml
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/PluginEventHandler.java
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/PluginManager.java
M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java
30 files changed, 99 insertions(+), 704 deletions(-)

Approvals:
  Martin Peřina: Looks good to me, but someone else must approve
  Alexander Wels: Looks good to me, approved
  Jenkins CI: Passed CI tests
  Vojtech Szocs: Verified



-- 
To view, visit https://gerrit.ovirt.org/49278
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I62f943ae5798f0f148d84019f1ef6bec4d5ebf6a
Gerrit-PatchSet: 8
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Vojtech Szocs <vszocs at redhat.com>
Gerrit-Reviewer: Alexander Wels <awels at redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl at redhat.com>
Gerrit-Reviewer: Alona Kaplan <alkaplan at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Juan Hernandez <juan.hernandez at redhat.com>
Gerrit-Reviewer: Martin Betak <mbetak at redhat.com>
Gerrit-Reviewer: Martin Peřina <mperina at redhat.com>
Gerrit-Reviewer: Michal Skrivanek <mskrivan at redhat.com>
Gerrit-Reviewer: Ori Liel <oliel at redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali at redhat.com>
Gerrit-Reviewer: Ravi Nori <rnori at redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjelinek at redhat.com>
Gerrit-Reviewer: Vojtech Szocs <vszocs at redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation at ovirt.org>

More information about the Engine-commits mailing list