Alon Bar-Lev has posted comments on this change. Change subject: aaa: Intorduce filters ......................................................................
Patch Set 28: (3 comments) Looks good! I did not find where you remove the httpsession stuff from the parameters classes... but maybe I missed it. now the chain of filters and functionality are ok. http://gerrit.ovirt.org/#/c/28022/28/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java: Line 38: } Line 39: Line 40: public UserProfile() { Line 41: Line 42: } again... I do not think we need default constructor. Line 43: Line 44: } Line 45: Line 46: private static Log log = LogFactory.getLog(BasicAuthenticationFilter.class); http://gerrit.ovirt.org/#/c/28022/28/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/InvalidateSessionIfAuthorizationHeaderFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/InvalidateSessionIfAuthorizationHeaderFilter.java: Line 20: @Override Line 21: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, Line 22: ServletException { Line 23: HttpServletRequest req = (HttpServletRequest) request; Line 24: HttpSession session = req.getSession(false); why do you get the session here? move into condition where you actually use them. Line 25: if ((req.getHeader("Authorization") != null)) { Line 26: // No need to pass credentials again - if passed, login should be called Line 27: if (session != null) { Line 28: session.invalidate(); http://gerrit.ovirt.org/#/c/28022/28/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java: this must mention RestAPI... or even belongs to the restapi module... but I am unsure we are linked against it. Line 1: package org.ovirt.engine.core.aaa.filters; Line 2: Line 3: import java.io.IOException; Line 4: import java.util.Collections; -- To view, visit http://gerrit.ovirt.org/28022 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia5536d123b6407acf41b6946dde796bd67d1e073 Gerrit-PatchSet: 28 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Barak Azulay <[email protected]> Gerrit-Reviewer: Juan Hernandez <[email protected]> Gerrit-Reviewer: Oved Ourfali <[email protected]> Gerrit-Reviewer: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
