Hi Rohit, My understanding is that you will do this on your feature branch "auth-refactor", then merge them after passing at least some CI automation tests. Today, I saw all these commits already in master:
10 hours ago Rohit Yadav DefaultLoginAPIAuthenticatorCmd: return userId as UUID commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav utils: fix pom.xml to have references for javax.servlet... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiServer: take UTF_8 and other static vars from HttpUtils commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiServlet: use HttpUtils instead of class specific... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiResponseSerializer: Use HttpUtils instead of BaseCmd commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav BaseCmd: Use HttpUtils to have single source of static... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav utils: refactor HTTP transport stuff to HttpUtils commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiServletTest: Fix test, now login/logout have their... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav APIAuthenticator: refactor signature of APIAuthenticato... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiServlet: move setting of response type up in the... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiXmlDocWriter: get rid of hardcoded login/logout... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiServlet: use the new and refactored authentication... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiXmlDocWriter: remove hardcoded login and logout... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiResponseSerializer: Skip extra boxing for Auth responses commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav response: add command response for login and logout... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav APIAuthenticationManagerImpl: add the auth manager... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav DefaultLoginAPIAuthenticatorCmd: Refactor and implement... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav DefaultLogoutAPIAuthenticatorCmd: Refactor and implemen... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav APIAuthenticationManager: Add Auth manager definition commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav APIAuthenticationType: Add auth enum type, login or... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav APIAuthenticator: Add interface definition for the... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav saml2: add opensaml as dependency commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav commands.properties: add login,logout,samlsso,samlslo... commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiErrorCode: Add API error code 401, 405 commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav ApiConstants: add Api constant registered commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav saml2: add spring security saml2 extension 1.0.0.RELEASE commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav client: add saml2 plugin dependency on client artifact commit | commitdiff | tree | snapshot 10 hours ago Rohit Yadav CLOUDSTACK-7083: Add SAML2 SSO plugin skeleton and... commit | commitdiff | tree | snapshot Are these commits related to the refactor you are talking about here? Why are they not going through some merge request? Thanks -min On 8/12/14 2:10 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote: >This was done: >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refa >ctoring > >This is the branch: >https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs >/heads/auth-refactor > >Updates: >- Every auth mechanism now implements as a APICommand but these are >special APIs are not allowed to execute, i.e. the execute() method >returns with an error >- Existing tests were fixed >- We no longer need to hardcode login/logout for doc generation etc. >- Api discovery now has login/logout docs etc as well >- Since these APIs are tightly coupled with cloud-server artifact, except >for responses all the interface definitions etc are within cloud-server >- This allows for implementation of other login mechanisms such as saml, >oauth, something-custom etc. though implementing it as a plugin is still >tricky now > >I¹ve tested UI and cloudmonkey on port 8080 and 8096, with apikey/secret >keys but would welcome help around this area from anyone. I¹ll merge the >branch later this week if no one objects. > >Cheers. > >On 12-Aug-2014, at 5:50 am, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > >> Hi, >> >> The way we handle login and logout is hardcoded and since there is no >>APICommand/BaseCmd implementation the apidoc, apidiscovery and other >>don¹t discover these apis. For supporting SAML as an authentication >>mechanism, I¹ve refactored the Auth mechanism as a pluggable service >>that loads with api-server artifact and both login and logout are now >>implemented as a pseduo BaseCmd classes. >> >> I call them pseudo because their execute() is never called, the >>authentication guards in ApiServlet class make sure we call an >>authenticate method of such classes. Since, they are tightly coupled >>with cloud-server¹s ApiServlet it only made sense to have the interface >>definition and implementation within the same package/artifact as well. >>This also solves the apidoc issue for login/logout and saml related auth >>apis. >> >> I¹ll merge them after sometime and continue working on saml stuff. Will >>push the code in the branch ³auth-refactor² in an hour for >>review/testing now. This does not break anything and should not cause >>any auth related issues for all existing clients. >> >> Any suggestions, feedback welcome! Refactoring was pretty straight >>forward but I¹ll make sure to write a wiki page on this before merging >>to master. >> >> Regards, >> Rohit Yadav >> Software Architect, ShapeBlue >> M. +41 779015219 | rohit.ya...@shapeblue.com >> Blog: bhaisaab.org | Twitter: @_bhaisaab >> >> >> >> Find out more about ShapeBlue and our range of CloudStack related >>services >> >> IaaS Cloud Design & >>Build<http://shapeblue.com/iaas-cloud-design-and-build//> >> CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >> CloudStack Infrastructure >>Support<http://shapeblue.com/cloudstack-infrastructure-support/> >> CloudStack Bootcamp Training >>Courses<http://shapeblue.com/cloudstack-training/> >> >> This email and any attachments to it may be confidential and are >>intended solely for the use of the individual to whom it is addressed. >>Any views or opinions expressed are solely those of the author and do >>not necessarily represent those of Shape Blue Ltd or related companies. >>If you are not the intended recipient of this email, you must neither >>take any action based upon its contents, nor copy or show it to anyone. >>Please contact the sender if you believe you have received this email in >>error. Shape Blue Ltd is a company incorporated in England & Wales. >>ShapeBlue Services India LLP is a company incorporated in India and is >>operated under license from Shape Blue Ltd. Shape Blue Brasil >>Consultoria Ltda is a company incorporated in Brasil and is operated >>under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company >>registered by The Republic of South Africa and is traded under license >>from Shape Blue Ltd. ShapeBlue is a registered trademark. > >Regards, >Rohit Yadav >Software Architect, ShapeBlue >M. +41 779015219 | rohit.ya...@shapeblue.com >Blog: bhaisaab.org | Twitter: @_bhaisaab > > > >Find out more about ShapeBlue and our range of CloudStack related services > >IaaS Cloud Design & >Build<http://shapeblue.com/iaas-cloud-design-and-build//> >CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/> >CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >CloudStack Infrastructure >Support<http://shapeblue.com/cloudstack-infrastructure-support/> >CloudStack Bootcamp Training >Courses<http://shapeblue.com/cloudstack-training/> > >This email and any attachments to it may be confidential and are intended >solely for the use of the individual to whom it is addressed. Any views >or opinions expressed are solely those of the author and do not >necessarily represent those of Shape Blue Ltd or related companies. If >you are not the intended recipient of this email, you must neither take >any action based upon its contents, nor copy or show it to anyone. Please >contact the sender if you believe you have received this email in error. >Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue >Services India LLP is a company incorporated in India and is operated >under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is >a company incorporated in Brasil and is operated under license from Shape >Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of >South Africa and is traded under license from Shape Blue Ltd. ShapeBlue >is a registered trademark.