Hi Rohit,
My understanding is that you will do this on your feature branch
"auth-refactor", then merge them after passing at least some CI automation
tests. Today, I saw all these commits already in master:
10 hours ago Rohit Yadav DefaultLoginAPIAuthenticatorCmd: return userId
as UUID commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav utils: fix pom.xml to have references for
javax.servlet... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiServer: take UTF_8 and other static vars from
HttpUtils commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiServlet: use HttpUtils instead of class
specific... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiResponseSerializer: Use HttpUtils instead of
BaseCmd commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav BaseCmd: Use HttpUtils to have single source of
static... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav utils: refactor HTTP transport stuff to
HttpUtils commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiServletTest: Fix test, now login/logout have
their... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav APIAuthenticator: refactor signature of
APIAuthenticato... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiServlet: move setting of response type up in
the... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiXmlDocWriter: get rid of hardcoded
login/logout... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiServlet: use the new and refactored
authentication... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiXmlDocWriter: remove hardcoded login and
logout... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiResponseSerializer: Skip extra boxing for
Auth responses commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav response: add command response for login and
logout... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav APIAuthenticationManagerImpl: add the auth
manager... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav DefaultLoginAPIAuthenticatorCmd: Refactor and
implement... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav DefaultLogoutAPIAuthenticatorCmd: Refactor and
implemen... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav APIAuthenticationManager: Add Auth manager
definition commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav APIAuthenticationType: Add auth enum type, login
or... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav APIAuthenticator: Add interface definition for
the... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav saml2: add opensaml as dependency commit |
commitdiff | tree | snapshot
10 hours ago Rohit Yadav commands.properties: add
login,logout,samlsso,samlslo... commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiErrorCode: Add API error code 401, 405
commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav ApiConstants: add Api constant registered
commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav saml2: add spring security saml2 extension
1.0.0.RELEASE commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav client: add saml2 plugin dependency on client
artifact commit | commitdiff | tree | snapshot
10 hours ago Rohit Yadav CLOUDSTACK-7083: Add SAML2 SSO plugin skeleton
and... commit | commitdiff | tree | snapshot
Are these commits related to the refactor you are talking about here?
Why
are they not going through some merge request?
Thanks
-min
On 8/12/14 2:10 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote:
>This was done:
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refa
>ctoring
>
>This is the branch:
>https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs
>/heads/auth-refactor
>
>Updates:
>- Every auth mechanism now implements as a APICommand but these are
>special APIs are not allowed to execute, i.e. the execute() method
>returns with an error
>- Existing tests were fixed
>- We no longer need to hardcode login/logout for doc generation etc.
>- Api discovery now has login/logout docs etc as well
>- Since these APIs are tightly coupled with cloud-server artifact, except
>for responses all the interface definitions etc are within cloud-server
>- This allows for implementation of other login mechanisms such as saml,
>oauth, something-custom etc. though implementing it as a plugin is still
>tricky now
>
>I¹ve tested UI and cloudmonkey on port 8080 and 8096, with apikey/secret
>keys but would welcome help around this area from anyone. I¹ll merge the
>branch later this week if no one objects.
>
>Cheers.
>
>On 12-Aug-2014, at 5:50 am, Rohit Yadav <rohit.ya...@shapeblue.com> wrote:
>
>> Hi,
>>
>> The way we handle login and logout is hardcoded and since there is no
>>APICommand/BaseCmd implementation the apidoc, apidiscovery and other
>>don¹t discover these apis. For supporting SAML as an authentication
>>mechanism, I¹ve refactored the Auth mechanism as a pluggable service
>>that loads with api-server artifact and both login and logout are now
>>implemented as a pseduo BaseCmd classes.
>>
>> I call them pseudo because their execute() is never called, the
>>authentication guards in ApiServlet class make sure we call an
>>authenticate method of such classes. Since, they are tightly coupled
>>with cloud-server¹s ApiServlet it only made sense to have the interface
>>definition and implementation within the same package/artifact as well.
>>This also solves the apidoc issue for login/logout and saml related auth
>>apis.
>>
>> I¹ll merge them after sometime and continue working on saml stuff. Will
>>push the code in the branch ³auth-refactor² in an hour for
>>review/testing now. This does not break anything and should not cause
>>any auth related issues for all existing clients.
>>
>> Any suggestions, feedback welcome! Refactoring was pretty straight
>>forward but I¹ll make sure to write a wiki page on this before merging
>>to master.
>>
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +41 779015219 | rohit.ya...@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>
>>
>>
>> Find out more about ShapeBlue and our range of CloudStack related
>>services
>>
>> IaaS Cloud Design &
>>Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>> CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>> CloudStack Infrastructure
>>Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training
>>Courses<http://shapeblue.com/cloudstack-training/>
>>
>> This email and any attachments to it may be confidential and are
>>intended solely for the use of the individual to whom it is addressed.
>>Any views or opinions expressed are solely those of the author and do
>>not necessarily represent those of Shape Blue Ltd or related companies.
>>If you are not the intended recipient of this email, you must neither
>>take any action based upon its contents, nor copy or show it to anyone.
>>Please contact the sender if you believe you have received this email in
>>error. Shape Blue Ltd is a company incorporated in England & Wales.
>>ShapeBlue Services India LLP is a company incorporated in India and is
>>operated under license from Shape Blue Ltd. Shape Blue Brasil
>>Consultoria Ltda is a company incorporated in Brasil and is operated
>>under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
>>registered by The Republic of South Africa and is traded under license
>>from Shape Blue Ltd. ShapeBlue is a registered trademark.
>
>Regards,
>Rohit Yadav
>Software Architect, ShapeBlue
>M. +41 779015219 | rohit.ya...@shapeblue.com
>Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
>Find out more about ShapeBlue and our range of CloudStack related services
>
>IaaS Cloud Design &
>Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>CloudStack Infrastructure
>Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>CloudStack Bootcamp Training
>Courses<http://shapeblue.com/cloudstack-training/>
>
>This email and any attachments to it may be confidential and are intended
>solely for the use of the individual to whom it is addressed. Any views
>or opinions expressed are solely those of the author and do not
>necessarily represent those of Shape Blue Ltd or related companies. If
>you are not the intended recipient of this email, you must neither take
>any action based upon its contents, nor copy or show it to anyone. Please
>contact the sender if you believe you have received this email in error.
>Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>Services India LLP is a company incorporated in India and is operated
>under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>a company incorporated in Brasil and is operated under license from Shape
>Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>is a registered trademark.
