cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Min Chen <min.c...@citrix.com>
Subject Re: [SHOW] Authentication refactoring
Date Thu, 14 Aug 2014 17:18:46 GMT
Sorry, I might just get part of your commit yesterday when I looked. Now I
saw them.  Thanks for your clarification.

-min

On 8/14/14 10:01 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:

>
>On 14-Aug-2014, at 6:54 pm, Min Chen <min.chen@citrix.com> wrote:
>
>> Hi Rohit,
>>
>> Any reason why you didn't implement response class for login and logout
>> like any other API cmd? I think that will be useful as mentioned in your
>> FS.
>
>In cloud-api, checkout
>org.apache.cloudstack.api.response.{LoginCmdResponse, LogoutCmdResponse}.
>These are special response classes used by only authentication apis and
>they extend org.apache.cloudstack.api.response.AuthenticationCmdResponse.
>
>The serialized output of all the
>org.apache.cloudstack.api.response.AuthenticationCmdResponse classes (and
>children) are not boxed to have object name, it follows: {
>“classresponse”: {response object json here} }.
>
>Cheers.
>
>>
>> Thanks
>> -min
>>
>> On 8/12/14 2:10 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:
>>
>>> This was done:
>>> 
>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Re
>>>fa
>>> ctoring
>>>
>>> This is the branch:
>>> 
>>>https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=re
>>>fs
>>> /heads/auth-refactor
>>>
>>> Updates:
>>> - Every auth mechanism now implements as a APICommand but these are
>>> special APIs are not allowed to execute, i.e. the execute() method
>>> returns with an error
>>> - Existing tests were fixed
>>> - We no longer need to hardcode login/logout for doc generation etc.
>>> - Api discovery now has login/logout docs etc as well
>>> - Since these APIs are tightly coupled with cloud-server artifact,
>>>except
>>> for responses all the interface definitions etc are within cloud-server
>>> - This allows for implementation of other login mechanisms such as
>>>saml,
>>> oauth, something-custom etc. though implementing it as a plugin is
>>>still
>>> tricky now
>>>
>>> I¹ve tested UI and cloudmonkey on port 8080 and 8096, with
>>>apikey/secret
>>> keys but would welcome help around this area from anyone. I¹ll merge
>>>the
>>> branch later this week if no one objects.
>>>
>>> Cheers.
>>>
>>> On 12-Aug-2014, at 5:50 am, Rohit Yadav <rohit.yadav@shapeblue.com>
>>>wrote:
>>>
>>>> Hi,
>>>>
>>>> The way we handle login and logout is hardcoded and since there is no
>>>> APICommand/BaseCmd implementation the apidoc, apidiscovery and other
>>>> don¹t discover these apis. For supporting SAML as an authentication
>>>> mechanism, I¹ve refactored the Auth mechanism as a pluggable service
>>>> that loads with api-server artifact and both login and logout are now
>>>> implemented as a pseduo BaseCmd classes.
>>>>
>>>> I call them pseudo because their execute() is never called, the
>>>> authentication guards in ApiServlet class make sure we call an
>>>> authenticate method of such classes. Since, they are tightly coupled
>>>> with cloud-server¹s ApiServlet it only made sense to have the
>>>>interface
>>>> definition and implementation within the same package/artifact as
>>>>well.
>>>> This also solves the apidoc issue for login/logout and saml related
>>>>auth
>>>> apis.
>>>>
>>>> I¹ll merge them after sometime and continue working on saml stuff.
>>>>Will
>>>> push the code in the branch ³auth-refactor² in an hour for
>>>> review/testing now. This does not break anything and should not cause
>>>> any auth related issues for all existing clients.
>>>>
>>>> Any suggestions, feedback welcome! Refactoring was pretty straight
>>>> forward but I¹ll make sure to write a wiki page on this before merging
>>>> to master.
>>>>
>>>> Regards,
>>>> Rohit Yadav
>>>> Software Architect, ShapeBlue
>>>> M. +41 779015219 | rohit.yadav@shapeblue.com
>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>>
>>>>
>>>>
>>>> Find out more about ShapeBlue and our range of CloudStack related
>>>> services
>>>>
>>>> IaaS Cloud Design &
>>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>>> CSForge ­ rapid IaaS deployment
>>>>framework<http://shapeblue.com/csforge/>
>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>> CloudStack Infrastructure
>>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>>> CloudStack Bootcamp Training
>>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>>
>>>> This email and any attachments to it may be confidential and are
>>>> intended solely for the use of the individual to whom it is addressed.
>>>> Any views or opinions expressed are solely those of the author and do
>>>> not necessarily represent those of Shape Blue Ltd or related
>>>>companies.
>>>> If you are not the intended recipient of this email, you must neither
>>>> take any action based upon its contents, nor copy or show it to
>>>>anyone.
>>>> Please contact the sender if you believe you have received this email
>>>>in
>>>> error. Shape Blue Ltd is a company incorporated in England & Wales.
>>>> ShapeBlue Services India LLP is a company incorporated in India and is
>>>> operated under license from Shape Blue Ltd. Shape Blue Brasil
>>>> Consultoria Ltda is a company incorporated in Brasil and is operated
>>>> under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
>>>> registered by The Republic of South Africa and is traded under license
>>>> from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>>
>>> Regards,
>>> Rohit Yadav
>>> Software Architect, ShapeBlue
>>> M. +41 779015219 | rohit.yadav@shapeblue.com
>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>
>>>
>>>
>>> Find out more about ShapeBlue and our range of CloudStack related
>>>services
>>>
>>> IaaS Cloud Design &
>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>> CSForge ­ rapid IaaS deployment
>>>framework<http://shapeblue.com/csforge/>
>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>> CloudStack Infrastructure
>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>> CloudStack Bootcamp Training
>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>
>>> This email and any attachments to it may be confidential and are
>>>intended
>>> solely for the use of the individual to whom it is addressed. Any views
>>> or opinions expressed are solely those of the author and do not
>>> necessarily represent those of Shape Blue Ltd or related companies. If
>>> you are not the intended recipient of this email, you must neither take
>>> any action based upon its contents, nor copy or show it to anyone.
>>>Please
>>> contact the sender if you believe you have received this email in
>>>error.
>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>>> Services India LLP is a company incorporated in India and is operated
>>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda
>>>is
>>> a company incorporated in Brasil and is operated under license from
>>>Shape
>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic
>>>of
>>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>>> is a registered trademark.
>
>Regards,
>Rohit Yadav
>Software Architect, ShapeBlue
>M. +41 779015219 | rohit.yadav@shapeblue.com
>Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
>Find out more about ShapeBlue and our range of CloudStack related services
>
>IaaS Cloud Design &
>Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>CloudStack Infrastructure
>Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>CloudStack Bootcamp Training
>Courses<http://shapeblue.com/cloudstack-training/>
>
>This email and any attachments to it may be confidential and are intended
>solely for the use of the individual to whom it is addressed. Any views
>or opinions expressed are solely those of the author and do not
>necessarily represent those of Shape Blue Ltd or related companies. If
>you are not the intended recipient of this email, you must neither take
>any action based upon its contents, nor copy or show it to anyone. Please
>contact the sender if you believe you have received this email in error.
>Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>Services India LLP is a company incorporated in India and is operated
>under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>a company incorporated in Brasil and is operated under license from Shape
>Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>is a registered trademark.

Mime
View raw message