Alon Bar-Lev has posted comments on this change. Change subject: aaa: add support for basic athentication ......................................................................
Patch Set 10: (3 comments) http://gerrit.ovirt.org/#/c/37299/10/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/ExternalAuthServlet.java File backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/ExternalAuthServlet.java: Line 47: } catch (IllegalArgumentException | IllegalAccessException | NoSuchFieldException ex) { Line 48: log.error("Error calculating authn capabilities while accessing constant {}", nego); Line 49: } Line 50: } Line 51: } hmm... the capabilities of this external url will always be interactive, well, maybe the chain of interactive and non interactive should be set at caller. interactive - we have a user, we can redirect present forms and such. this is the mode we are working on right now. non interactive - we do not have user, this is a sequence we did not begin to work on, it will have a different entry point (phase0). so this should be set at session or request parameters of some sort when we redirect to this url. Line 52: Line 53: final AuthenticationProfileRepository repo = (AuthenticationProfileRepository) getServletContext().getAttribute(SSOUtils.AUTH_PROFILE_REPOSITORY); Line 54: repo.addObserver( Line 55: new Observer() { Line 95: } Line 96: if (credentials != null) { Line 97: request.getSession(true).setAttribute(SSOUtils.USER_CREDENTIALS, credentials); Line 98: response.sendRedirect(request.getContextPath() + SSOUtils.LOGIN_PHASE3_URI); Line 99: } if (doAuth(request, response)) { please prefer nego over basic. Line 100: response.sendRedirect(request.getContextPath() + SSOUtils.LOGIN_PHASE4_URI); Line 101: } else { Line 102: response.sendRedirect(request.getContextPath() + SSOUtils.LOGIN_PHASE2_URI); Line 103: } Line 105: Line 106: Line 107: private boolean doAuth(HttpServletRequest req, HttpServletResponse rsp) Line 108: throws IOException, ServletException { Line 109: Deque<AuthenticationProfile> stack = new ArrayDeque<>(profiles); shouldn't this be set on session? as every iteration we need to go back to client. Line 110: boolean stop = false; Line 111: boolean succeeded = false; Line 112: while (!stop && !stack.isEmpty()) { Line 113: AuthenticationProfile profile = stack.peek(); -- To view, visit http://gerrit.ovirt.org/37299 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: If09285f0e6cd8909f21aa7e88ae1a3c1a30763c2 Gerrit-PatchSet: 10 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Ravi Nori <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
