Alon Bar-Lev has posted comments on this change.

Change subject: aaa: Intorduce filters
......................................................................


Patch Set 28:

(3 comments)

Looks good!

I did not find where you remove the httpsession stuff from the parameters 
classes... but maybe I missed it.

now the chain of filters and functionality are ok.

http://gerrit.ovirt.org/#/c/28022/28/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java
File 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java:

Line 38:         }
Line 39: 
Line 40:         public UserProfile() {
Line 41: 
Line 42:         }
again... I do not think we need default constructor.
Line 43: 
Line 44:     }
Line 45: 
Line 46:     private static Log log = 
LogFactory.getLog(BasicAuthenticationFilter.class);


http://gerrit.ovirt.org/#/c/28022/28/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/InvalidateSessionIfAuthorizationHeaderFilter.java
File 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/InvalidateSessionIfAuthorizationHeaderFilter.java:

Line 20:     @Override
Line 21:     public void doFilter(ServletRequest request, ServletResponse 
response, FilterChain chain) throws IOException,
Line 22:             ServletException {
Line 23:         HttpServletRequest req = (HttpServletRequest) request;
Line 24:         HttpSession session = req.getSession(false);
why do you get the session here? move into condition where you actually use 
them.
Line 25:         if ((req.getHeader("Authorization") != null)) {
Line 26:                 // No need to pass credentials again - if passed, 
login should be called
Line 27:             if (session != null) {
Line 28:                 session.invalidate();


http://gerrit.ovirt.org/#/c/28022/28/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java
File 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java:

this must mention RestAPI... or even belongs to the restapi module... but I am 
unsure we are linked against it.
Line 1: package org.ovirt.engine.core.aaa.filters;
Line 2: 
Line 3: import java.io.IOException;
Line 4: import java.util.Collections;


-- 
To view, visit http://gerrit.ovirt.org/28022
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073
Gerrit-PatchSet: 28
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Barak Azulay <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: [email protected]
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to