> -----Original Message----- > From: rohityada...@gmail.com [mailto:rohityada...@gmail.com] On Behalf > Of Rohit Yadav > Sent: 04 April 2013 4:36 PM > To: dev@cloudstack.apache.org > Cc: cloudstack-...@incubator.apache.org > Subject: Re: CloudStack UI Authentication Mechanism > > On Thu, Apr 4, 2013 at 7:59 PM, Donal Lafferty > <donal.laffe...@citrix.com>wrote: > > > > > > > > -----Original Message----- > > > From: rohityada...@gmail.com [mailto:rohityada...@gmail.com] On > > > Behalf Of Rohit Yadav > > > Sent: 04 April 2013 2:52 PM > > > To: dev@cloudstack.apache.org > > > Cc: cloudstack-...@incubator.apache.org > > > Subject: Re: CloudStack UI Authentication Mechanism > > > > > > On Thu, Apr 4, 2013 at 4:50 PM, Donal Lafferty > > > <donal.laffe...@citrix.com>wrote: > > > > > > > I noticed that the CloudStack UI allows VM control to accounts > > > > that don't have an API key set defined. > > > > > > > > How does its authentication mechanism work? E.g. > > > > > > > > > > > > 1. How are API calls authenticated and authorized if > > they > > > > are not signed with API keys? > > > > > > > > > > On integration port, defined in the global settings, 8096 generally > > there is no > > > authentication done, user is admin has max. power. > > > > > [Donal Lafferty] > > Okay, but the UI doesn't usually go over 8096. How does it work when > > its not bypassing authentication? > > > > jquery UI experts will let you know the internals. When authentication in UI > is done, the keys are obtained and subsequently used while querying. > Just attach your debugger to ApiServlet's GET handlers and follow the > sequence which will help you discover how it all works till it reaches > ApiDispatcher (through ApiServer class) where the actual cmd class is found, > filled and executed. > [Donal Lafferty] Looks like it uses a JSESSIONID cookie rather than HTTP Query signing.
See http://cloudstack.apache.org/docs/api/apidocs-4.0.0/root_admin/login.html > Cheers. > > > > > > > > > > > > > 2. Does this work equally well when LDAP is to > > > > authenticate username / password? > > > > > > > > > > Abhi can comment on this one. > > > > > > Cheers. > > > > > > > > > > > > > > > > > > DL > > > > > > > > > > > > > >