Yair Zaslavsky has posted comments on this change. Change subject: aaa: bll: generate engine session as plain random string ......................................................................
Patch Set 1: (1 comment) http://gerrit.ovirt.org/#/c/35213/1/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java: Line 117: try { Line 118: byte s[] = new byte[64]; Line 119: SecureRandom.getInstance("SHA1PRNG").nextBytes(s); Line 120: engineSessionId = new Base64(0).encodeToString(s); Line 121: } catch (NoSuchAlgorithmException e) { > RandomUtils is much more complex than it should... it will be good to drop Good, but as we may need to generate random strings in more than one place at the application, i would suggest to have a utility that does that, and use your code for that (the class already exists). I have crafted the following line using my novice linux skills and found "nextString" is used 96 !!! times in the code, that's 96 places we can have a more elegant code git grep nextString | wc -l Line 122: throw new RuntimeException(e); Line 123: } Line 124: SessionDataContainer.getInstance().setUser(engineSessionId, getCurrentUser()); Line 125: SessionDataContainer.getInstance().refresh(engineSessionId); -- To view, visit http://gerrit.ovirt.org/35213 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3f7e18e782c42990a19033c190b448f223b57634 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Alexander Wels <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Oved Ourfali <[email protected]> Gerrit-Reviewer: Vojtech Szocs <[email protected]> Gerrit-Reviewer: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
