mooli tayer has posted comments on this change.
Change subject: core: Introduce new authentication interfaces
......................................................................
Patch Set 8:
(3 comments)
....................................................
File
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationFilter.java
Line 25: // We store a boolean flag in the HTTP session that indicates if
the user has been already authenticated, this is
Line 26: // the key for that flag:
Line 27: private static final String AUTHENTICATED_ATTR =
AuthenticationFilter.class.getName() + ".authenticated";
Line 28:
Line 29: // When an user has been authenticated we store its login name in
the HTTP session, this is the key for that name:
I have the same problem with spelling myself.
Line 30: private static final String NAME_ATTR =
AuthenticationFilter.class.getName() + ".name";
Line 31:
Line 32: // In order to support several alternative authenticators we store
their names in a stack inside the HTTP session,
Line 33: // this is the key for that stack:
Line 111:
Line 112: // If the negotiation isn't finished then we assume that
the response has been populated by the
Line 113: // authenticator and we just let the container sent it
back to the client:
Line 114: if (result == null) {
Line 115: return;
Now I understand.
Thanks.
What happens in the following case:
1. User X requests resource Y.
2. AuthenticationProfile Z returns null and continues handling the
request/response.
3. AuthenticationProfile Z decides that X should be authenticated.
Who is now responsible for serving the resource Y for User X?
Line 116: }
Line 117:
Line 118: // If the negotiation is finished and authentication
succeeded then we have to remember in the session that
Line 119: // the user has been authenticated and its login name,
also we need to clean the stack of authenticators and
Line 118: // If the negotiation is finished and authentication
succeeded then we have to remember in the session that
Line 119: // the user has been authenticated and its login name,
also we need to clean the stack of authenticators and
Line 120: // replace the request with a wrapper that contains the
user name returned by the authenticator:
Line 121: if (result.isAuthenticated()) {
Line 122: String name = result.getName() + "@" +
profile.getName();
+1
Line 123: session.setAttribute(AUTHENTICATED_ATTR, true);
Line 124: session.setAttribute(NAME_ATTR, name);
Line 125: session.removeAttribute(STACK_ATTR);
Line 126: req = new AuthenticatedRequestWrapper(req, name);
--
To view, visit http://gerrit.ovirt.org/15596
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If84a0c9d6553d81cdbbe224972696f169cca90d4
Gerrit-PatchSet: 8
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Alexander Wels <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Martin Peřina <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Ravi Nori <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: mooli tayer <[email protected]>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
