RE: CloudStack UI Authentication Mechanism

Thu, 04 Apr 2013 09:03:45 -0700 


> -----Original Message-----
> From: rohityada...@gmail.com [mailto:rohityada...@gmail.com] On Behalf
> Of Rohit Yadav
> Sent: 04 April 2013 4:36 PM
> To: dev@cloudstack.apache.org
> Cc: cloudstack-...@incubator.apache.org
> Subject: Re: CloudStack UI Authentication Mechanism
> 
> On Thu, Apr 4, 2013 at 7:59 PM, Donal Lafferty
> <donal.laffe...@citrix.com>wrote:
> 
> >
> >
> > > -----Original Message-----
> > > From: rohityada...@gmail.com [mailto:rohityada...@gmail.com] On
> > > Behalf Of Rohit Yadav
> > > Sent: 04 April 2013 2:52 PM
> > > To: dev@cloudstack.apache.org
> > > Cc: cloudstack-...@incubator.apache.org
> > > Subject: Re: CloudStack UI Authentication Mechanism
> > >
> > > On Thu, Apr 4, 2013 at 4:50 PM, Donal Lafferty
> > > <donal.laffe...@citrix.com>wrote:
> > >
> > > > I noticed that the CloudStack UI allows VM control to accounts
> > > > that don't have an API key set defined.
> > > >
> > > > How does its authentication mechanism work?  E.g.
> > > >
> > > >
> > > > 1.                  How are API calls authenticated and authorized if
> > they
> > > > are not signed with API keys?
> > > >
> > >
> > > On integration port, defined in the global settings, 8096 generally
> > there is no
> > > authentication done, user is admin has max. power.
> > >
> > [Donal Lafferty]
> > Okay, but the UI doesn't usually go over 8096.  How does it work when
> > its not bypassing authentication?
> >
> 
> jquery UI experts will let you know the internals. When authentication in UI
> is done, the keys are obtained and subsequently used while querying.
> Just attach your debugger to ApiServlet's GET handlers and follow the
> sequence which will help you discover how it all works till it reaches
> ApiDispatcher (through ApiServer class) where the actual cmd class is found,
> filled and executed.
> 
[Donal Lafferty] 
Looks like it uses a JSESSIONID cookie rather than HTTP Query signing.

See http://cloudstack.apache.org/docs/api/apidocs-4.0.0/root_admin/login.html

> Cheers.
> 
> 
> > >
> > > >
> > > > 2.                  Does this work equally well when LDAP is to
> > > > authenticate username / password?
> > > >
> > >
> > > Abhi can comment on this one.
> > >
> > > Cheers.
> > >
> > >
> > > >
> > > >
> > > > DL
> > > >
> > > >
> > > >
> >

Reply via email to