cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <bhais...@apache.org>
Subject Re: CloudStack UI Authentication Mechanism
Date Thu, 04 Apr 2013 15:35:41 GMT
On Thu, Apr 4, 2013 at 7:59 PM, Donal Lafferty <donal.lafferty@citrix.com>wrote:

>
>
> > -----Original Message-----
> > From: rohityadav89@gmail.com [mailto:rohityadav89@gmail.com] On Behalf
> > Of Rohit Yadav
> > Sent: 04 April 2013 2:52 PM
> > To: dev@cloudstack.apache.org
> > Cc: cloudstack-dev@incubator.apache.org
> > Subject: Re: CloudStack UI Authentication Mechanism
> >
> > On Thu, Apr 4, 2013 at 4:50 PM, Donal Lafferty
> > <donal.lafferty@citrix.com>wrote:
> >
> > > I noticed that the CloudStack UI allows VM control to accounts that
> > > don't have an API key set defined.
> > >
> > > How does its authentication mechanism work?  E.g.
> > >
> > >
> > > 1.                  How are API calls authenticated and authorized if
> they
> > > are not signed with API keys?
> > >
> >
> > On integration port, defined in the global settings, 8096 generally
> there is no
> > authentication done, user is admin has max. power.
> >
> [Donal Lafferty]
> Okay, but the UI doesn't usually go over 8096.  How does it work when its
> not bypassing authentication?
>

jquery UI experts will let you know the internals. When authentication in
UI is done, the keys are obtained and subsequently used while querying.
Just attach your debugger to ApiServlet's GET handlers and follow the
sequence which will help you discover how it all works till it reaches
ApiDispatcher (through ApiServer class) where the actual cmd class is
found, filled and executed.

Cheers.


> >
> > >
> > > 2.                  Does this work equally well when LDAP is to
> > > authenticate username / password?
> > >
> >
> > Abhi can comment on this one.
> >
> > Cheers.
> >
> >
> > >
> > >
> > > DL
> > >
> > >
> > >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message