Ravi Nori has uploaded a new change for review. Change subject: aaa: Rework webadmin login sequence ......................................................................
aaa: Rework webadmin login sequence The webamin has no login screen and is protected by SSOLoginFilter. So the SSO token and JSESSION from rest api should be obtained using Engine Session Id and SSO Session Id. Change-Id: I76ecd389f4938e294d1b3d82f5e1a42eb60d9a20 Bug-Url: https://bugzilla.redhat.com/?????? Signed-off-by: Ravi Nori <[email protected]> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EngineSessionTokenAuthenticationFilter.java M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSOLoginFilter.java M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SSOPostLoginServlet.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/VdcOperationManager.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GenericApiGWTServiceImpl.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/system/BaseApplicationInit.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/ReportInit.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java M frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml 12 files changed, 61 insertions(+), 24 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/12/38212/1 diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EngineSessionTokenAuthenticationFilter.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EngineSessionTokenAuthenticationFilter.java index 5640776..0ddc9cd 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EngineSessionTokenAuthenticationFilter.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/EngineSessionTokenAuthenticationFilter.java @@ -27,6 +27,10 @@ if (token != null) { request.setAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY, FiltersHelper.getTokenContent(token)); } + token = req.getHeader(SessionConstants.SSO_SESSION_ID_KEY); + if (token != null) { + ((HttpServletRequest) request).getSession(true).setAttribute(SessionConstants.SSO_SESSION_ID_KEY, token); + } } chain.doFilter(request, response); } diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSOLoginFilter.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSOLoginFilter.java index 09a1909..1c4491e 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSOLoginFilter.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SSOLoginFilter.java @@ -36,7 +36,7 @@ String requestUri = req.getRequestURI() + (StringUtils.isEmpty(queryString) ? "" : "?" + queryString); try { - if (!FiltersHelper.isAuthenticated(req) || !FiltersHelper.isSessionValid((HttpServletRequest) request)) { + if ((!FiltersHelper.isAuthenticated(req) || !FiltersHelper.isSessionValid((HttpServletRequest) request))) { ((HttpServletResponse) response).sendRedirect(String.format("%s%s&app_url=%s", req.getServletContext().getContextPath(), loginUrl, ((HttpServletResponse) response).encodeURL(requestUri))); } else { chain.doFilter(request, response); diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java index cf45a45..1b9fdfb 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/SessionMgmtFilter.java @@ -9,7 +9,9 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringUtils; import org.ovirt.engine.core.common.constants.SessionConstants; public class SessionMgmtFilter implements Filter { @@ -22,11 +24,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String engineSessionId = (String) request.getAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY); + if (StringUtils.isEmpty(engineSessionId)) { + engineSessionId = (String) ((HttpServletRequest) request).getSession(true).getAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY); + } if (engineSessionId != null) { - ((HttpServletRequest) request).getSession(true).setAttribute( - SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY, - engineSessionId - ); + ((HttpServletResponse) response).addHeader("OVIRT-SSO-TOKEN", engineSessionId); } chain.doFilter(request, response); } diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SSOPostLoginServlet.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SSOPostLoginServlet.java index 3b15b48..f77b486 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SSOPostLoginServlet.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SSOPostLoginServlet.java @@ -69,7 +69,8 @@ response.sendRedirect(request.getParameter("opaque")); } catch (Exception ex) { log.error("Exception creating user session", ex.getMessage()); - throw new RuntimeException("Exception creating user session", ex); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); +// throw new RuntimeException("Exception creating user session", ex); } finally { try { if (ctx != null) { diff --git a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java index fbaba27..8b9738b 100644 --- a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java +++ b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/Frontend.java @@ -792,7 +792,7 @@ final String profileName, final boolean isAdmin, final AsyncQuery callback) { - logger.finer("Frontend: Invoking async Login."); //$NON-NLS-1$ + logger.severe("Frontend: Invoking async Login."); //$NON-NLS-1$ LoginUserParameters params = new LoginUserParameters(profileName, userName, password); VdcActionType action = isAdmin ? VdcActionType.LoginAdminUser : VdcActionType.LoginUser; @@ -803,7 +803,7 @@ @Override public void onSuccess(final VdcOperation<VdcActionType, LoginUserParameters> operation, final VdcReturnValueBase result) { - logger.finer("Succesful returned result from Login."); //$NON-NLS-1$ + logger.severe("Succesful returned result from Login."); //$NON-NLS-1$ setLoggedInUser((DbUser) result.getActionReturnValue()); result.setCanDoActionMessages((ArrayList<String>) translateError(result)); callback.getDel().onSuccess(callback.getModel(), result); diff --git a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/VdcOperationManager.java b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/VdcOperationManager.java index 58b9e61..44ab3ede 100644 --- a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/VdcOperationManager.java +++ b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/communication/VdcOperationManager.java @@ -34,7 +34,7 @@ /** * Flag that tells us if we are logged in or not. */ - private boolean loggedIn = false; + private boolean loggedIn = true; /** * Constructor. diff --git a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GenericApiGWTServiceImpl.java b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GenericApiGWTServiceImpl.java index f43b5c0..c2ca20e 100644 --- a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GenericApiGWTServiceImpl.java +++ b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GenericApiGWTServiceImpl.java @@ -210,6 +210,9 @@ HttpServletRequest request = this.getThreadLocalRequest(); HttpSession session = request.getSession(); Object value = session.getAttribute(UI_PREFIX + key); + if (value == null) { + value = session.getAttribute(key); + } String result = null; if (value instanceof String) { result = (String)value; diff --git a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/system/BaseApplicationInit.java b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/system/BaseApplicationInit.java index b4dd68a..0a88246 100644 --- a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/system/BaseApplicationInit.java +++ b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/system/BaseApplicationInit.java @@ -28,6 +28,8 @@ import com.google.inject.Provider; import com.gwtplatform.mvp.client.Bootstrapper; +import java.util.logging.Logger; + /** * Contains initialization logic that gets executed at application startup. * @@ -198,6 +200,7 @@ * When a user is already logged in on the server, the server provides user data within the host page. */ protected void handleAutoLogin(AutoLoginData autoLoginData) { + final DbUser loggedUser = autoLoginData.getDbUser(); // Use deferred command because CommonModel change needs to happen diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/ReportInit.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/ReportInit.java index a5371b0..2032df2 100644 --- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/ReportInit.java +++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/ReportInit.java @@ -242,6 +242,7 @@ } public void initHandlers(EventBus eventBus) { + if (ssoTokenHandlerRegistration != null) { ssoTokenHandlerRegistration.removeHandler(); } diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java index 5a5dc83..1c1b663 100644 --- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java +++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/plugin/restapi/RestApiSessionManager.java @@ -75,6 +75,7 @@ private static final String ENGINE_AUTH_TOKEN_HEADER = "OVIRT-INTERNAL-ENGINE-AUTH-TOKEN"; //$NON-NLS-1$ private static final String SESSION_ID_KEY = "RestApiSessionId"; //$NON-NLS-1$ + public static final String SSO_SESSION_ID_KEY = "sso_session_id"; //$NON-NLS-1$ private static final int DEFAULT_ENGINE_SESSION_TIMEOUT = 30; // Heartbeat (delay) between REST API keep-alive requests @@ -147,7 +148,7 @@ /** * Build HTTP request to acquire new REST API session. */ - RequestBuilder createRequest(String engineAuthToken) { + RequestBuilder createRequest(String engineAuthToken, String sso_session_id) { RequestBuilder builder = createRequest(); // Enforce expiry of existing session when acquiring new session @@ -156,6 +157,7 @@ // Map this (physical) REST API session to current user's (logical) Engine session builder.setHeader(ENGINE_AUTH_TOKEN_HEADER, engineAuthToken); + builder.setHeader(SSO_SESSION_ID_KEY, sso_session_id); return builder; } @@ -191,19 +193,30 @@ /** * Acquires new REST API session that maps to current user's Engine session. */ - public void acquireSession(String engineAuthToken) { - sendRequest(createRequest(engineAuthToken), new RestApiRequestCallback() { + public void acquireSession(final String engineAuthToken) { + retrieveFromHttpSession(SSO_SESSION_ID_KEY, new StorageCallback() { @Override - protected void processResponse(Response response) { - // Obtain session ID from response header, as we're unable to access the - // JSESSIONID cookie directly (cookie is set for REST API specific path) - String sessionIdFromHeader = HttpUtils.getHeader(response, SESSION_ID_HEADER); + public void onSuccess(String sso_session_id) { + if (sso_session_id != null) { + sendRequest(createRequest(engineAuthToken, sso_session_id), new RestApiRequestCallback() { + @Override + protected void processResponse(Response response) { + // Obtain session ID from response header, as we're unable to access the + // JSESSIONID cookie directly (cookie is set for REST API specific path) + String sessionIdFromHeader = HttpUtils.getHeader(response, SESSION_ID_HEADER); + if (sessionIdFromHeader != null) { + setSessionId(sessionIdFromHeader, true); + } - if (sessionIdFromHeader != null) { - setSessionId(sessionIdFromHeader, true); + reuseSession(); + } + }); } + } - reuseSession(); + @Override + public void onFailure(Throwable caught) { + processSessionIdException(); } }); } @@ -259,7 +272,11 @@ } void getSessionIdFromHttpSession(StorageCallback callback) { - Frontend.getInstance().retrieveFromHttpSession(SESSION_ID_KEY, callback); + retrieveFromHttpSession(SESSION_ID_KEY, callback); + } + + public void retrieveFromHttpSession(String key, StorageCallback callback) { + Frontend.getInstance().retrieveFromHttpSession(key, callback); } void setSessionId(String sessionId, boolean storeInHttpSession) { diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java index 0a94fdc..d97c47a 100644 --- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java +++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/system/ApplicationInit.java @@ -36,6 +36,8 @@ import com.google.inject.Provider; import com.gwtplatform.mvp.client.proxy.PlaceManager; +import java.util.logging.Logger; + public class ApplicationInit extends BaseApplicationInit<LoginModel> { private final PlaceManager placeManager; @@ -67,6 +69,7 @@ @Override public void onBootstrap() { super.onBootstrap(); + Window.setTitle(dynamicMessages.applicationTitle()); // Check for ApplicationMode configuration @@ -112,6 +115,7 @@ @Override protected void initFrontend() { + super.initFrontend(); ReportInit.getInstance().initHandlers(eventBus); @@ -142,6 +146,8 @@ restApiSessionManager.releaseSession(); } }); + + frontend.getLoginHandler().onLoginSuccess(); } @Override diff --git a/frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml b/frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml index da84b73..41f2dc7 100644 --- a/frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml +++ b/frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml @@ -42,7 +42,7 @@ </filter> <filter-mapping> <filter-name>SessionValidationFilter</filter-name> - <url-pattern>/</url-pattern> + <url-pattern>/*</url-pattern> </filter-mapping> <filter> @@ -55,7 +55,7 @@ </filter> <filter-mapping> <filter-name>BasicAuthenticationFilter</filter-name> - <url-pattern>/</url-pattern> + <url-pattern>/*</url-pattern> </filter-mapping> <filter> @@ -81,7 +81,7 @@ </filter> <filter-mapping> <filter-name>LoginFilter</filter-name> - <url-pattern>/</url-pattern> + <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>SessionMgmtFilter</filter-name> @@ -89,7 +89,7 @@ </filter> <filter-mapping> <filter-name>SessionMgmtFilter</filter-name> - <url-pattern>/</url-pattern> + <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>LocaleFilter</filter-name> -- To view, visit https://gerrit.ovirt.org/38212 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I76ecd389f4938e294d1b3d82f5e1a42eb60d9a20 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
