cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Min Chen <min.c...@citrix.com>
Subject Re: [SHOW] Authentication refactoring
Date Thu, 14 Aug 2014 16:54:34 GMT
Hi Rohit,

	Any reason why you didn't implement response class for login and logout
like any other API cmd? I think that will be useful as mentioned in your
FS.

	Thanks
	-min

On 8/12/14 2:10 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:

>This was done:
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refa
>ctoring
>
>This is the branch:
>https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs
>/heads/auth-refactor
>
>Updates:
>- Every auth mechanism now implements as a APICommand but these are
>special APIs are not allowed to execute, i.e. the execute() method
>returns with an error
>- Existing tests were fixed
>- We no longer need to hardcode login/logout for doc generation etc.
>- Api discovery now has login/logout docs etc as well
>- Since these APIs are tightly coupled with cloud-server artifact, except
>for responses all the interface definitions etc are within cloud-server
>- This allows for implementation of other login mechanisms such as saml,
>oauth, something-custom etc. though implementing it as a plugin is still
>tricky now
>
>I¹ve tested UI and cloudmonkey on port 8080 and 8096, with apikey/secret
>keys but would welcome help around this area from anyone. I¹ll merge the
>branch later this week if no one objects.
>
>Cheers.
>
>On 12-Aug-2014, at 5:50 am, Rohit Yadav <rohit.yadav@shapeblue.com> wrote:
>
>> Hi,
>>
>> The way we handle login and logout is hardcoded and since there is no
>>APICommand/BaseCmd implementation the apidoc, apidiscovery and other
>>don¹t discover these apis. For supporting SAML as an authentication
>>mechanism, I¹ve refactored the Auth mechanism as a pluggable service
>>that loads with api-server artifact and both login and logout are now
>>implemented as a pseduo BaseCmd classes.
>>
>> I call them pseudo because their execute() is never called, the
>>authentication guards in ApiServlet class make sure we call an
>>authenticate method of such classes. Since, they are tightly coupled
>>with cloud-server¹s ApiServlet it only made sense to have the interface
>>definition and implementation within the same package/artifact as well.
>>This also solves the apidoc issue for login/logout and saml related auth
>>apis.
>>
>> I¹ll merge them after sometime and continue working on saml stuff. Will
>>push the code in the branch ³auth-refactor² in an hour for
>>review/testing now. This does not break anything and should not cause
>>any auth related issues for all existing clients.
>>
>> Any suggestions, feedback welcome! Refactoring was pretty straight
>>forward but I¹ll make sure to write a wiki page on this before merging
>>to master.
>>
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +41 779015219 | rohit.yadav@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>
>>
>>
>> Find out more about ShapeBlue and our range of CloudStack related
>>services
>>
>> IaaS Cloud Design &
>>Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>> CSForge ­ rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>> CloudStack Infrastructure
>>Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training
>>Courses<http://shapeblue.com/cloudstack-training/>
>>
>> This email and any attachments to it may be confidential and are
>>intended solely for the use of the individual to whom it is addressed.
>>Any views or opinions expressed are solely those of the author and do
>>not necessarily represent those of Shape Blue Ltd or related companies.
>>If you are not the intended recipient of this email, you must neither
>>take any action based upon its contents, nor copy or show it to anyone.
>>Please contact the sender if you believe you have received this email in
>>error. Shape Blue Ltd is a company incorporated in England & Wales.
>>ShapeBlue Services India LLP is a company incorporated in India and is
>>operated under license from Shape Blue Ltd. Shape Blue Brasil
>>Consultoria Ltda is a company incorporated in Brasil and is operated
>>under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
>>registered by The Republic of South Africa and is traded under license
>>from Shape Blue Ltd. ShapeBlue is a registered trademark.
>
>Regards,
>Rohit Yadav
>Software Architect, ShapeBlue
>M. +41 779015219 | rohit.yadav@shapeblue.com
>Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
>Find out more about ShapeBlue and our range of CloudStack related services
>
>IaaS Cloud Design &
>Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>CSForge ­ rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>CloudStack Infrastructure
>Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>CloudStack Bootcamp Training
>Courses<http://shapeblue.com/cloudstack-training/>
>
>This email and any attachments to it may be confidential and are intended
>solely for the use of the individual to whom it is addressed. Any views
>or opinions expressed are solely those of the author and do not
>necessarily represent those of Shape Blue Ltd or related companies. If
>you are not the intended recipient of this email, you must neither take
>any action based upon its contents, nor copy or show it to anyone. Please
>contact the sender if you believe you have received this email in error.
>Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>Services India LLP is a company incorporated in India and is operated
>under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>a company incorporated in Brasil and is operated under license from Shape
>Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>is a registered trademark.


Mime
View raw message