Hi,
I created a pull request with the changes:
https://github.com/codenvy/che-core/pull/146
Could you review it?
Thanks,
Tal Sapan | T: +972 9 7779580 |
www.sap.com
From: che-dev-bounces@xxxxxxxxxxx [mailto:che-dev-bounces@xxxxxxxxxxx]
On Behalf Of Sergii Kabashniuk
Sent: יום ה 09 יולי 2015 15:43
To: che developer discussions
Subject: Re: [che-dev] Authentication token in requests from builder to che
On Thu, Jul 9, 2015 at 10:35 AM, Sapan, Tal <tal.sapan@xxxxxxx> wrote:
Hi,
I used a filter to get the token from the request query parameter (which is sent by che code) and add it as a header.
This is working well.
However, there are a few places I noticed in which this token is not sent: when checking
isAvailable for remote builder and remote runner (during registration of pre-configured builders and runners and also in
other places).
For the token to be passed in these calls it's necessary to make 2 changes:
1.
Change the HTTP call itself in
RemoteServiceDescriptor.isAvailable
method to use a call like in
getServiceDescriptor (this will also check the returned response has a valid structure).
2.
When calling
executor.execute during registration of pre-configured runners and builders, wrap the executed runnables in
ThreadLocalPropagateContext.wrap so the environment context will be kept (according to the documentation of
ThreadLocalPropagateContext).
I will create a pull request with these changes unless you have a different suggestion for a fix.
Yes. Plz. No suggestion since I'm not fully understand your use case.
Best regards,
Tal Sapan | T:
+972 9 7779580 | www.sap.com
From:
che-dev-bounces@xxxxxxxxxxx [mailto:che-dev-bounces@xxxxxxxxxxx]
On Behalf Of Sergii Kabashniuk
Sent: יום ג 07 יולי 2015 17:10
To: che developer discussions
Subject: Re: [che-dev] Authentication token in requests from builder to che
On Tue, Jul 7, 2015 at 5:01 PM, Sapan, Tal <tal.sapan@xxxxxxx> wrote:
Hi,
The httpJsonHelperImpl member and all the methods in HttpJsonHelper are static, so this cannot be done with injection.
Do you suggest to make the member public so it can be changed?
I would like not to do that.
I have seen other places in the code that open an HttpURLConnection directly (with new URL(…).openConnection())
without going through HttpJsonHelper, so this change will not affect them.
One such place is in SourcesManagerImpl, in download method. I am not sure if there is a current EnvironmentContext
available (with the details of the user which initiated the build) there.
HttpJsonHelper aproch sutable to the methods that return DTO objects, SourcesManagerImpl download is not the case.
Because HttpJsonHelperImpl uses EnvironmentContext to get the authentication token, I don't know if it's possible
to change the implementation there to use HttpJsonHelper. Even if I create a new HttpJsonHelperImpl I will need the current user's details to get the token.
Do you have a suggestion for this case?
You can put your token inside EnvironmentContext with some kind of javax.servlet.Filter
Thanks,
Tal Sapan | T:
+972 9 7779580 | www.sap.com
From:
che-dev-bounces@xxxxxxxxxxx [mailto:che-dev-bounces@xxxxxxxxxxx]
On Behalf Of Sergii Kabashniuk
Sent: יום ג 07 יולי 2015 16:44
To: che developer discussions
Subject: Re: [che-dev] Authentication token in requests from builder to che
The only one way for now. what I see how to implement that is following:
On server startup you need to change implementation of the HttpJsonHelper.httpJsonHelperImpl
with class what extend HttpJsonHelperImpl and change implementation of requestString method.
On Tue, Jul 7, 2015 at 4:24 PM, Sapan, Tal <tal.sapan@xxxxxxx> wrote:
Hi,
Could you kindly take a look and reply to my question?
Best regards,
From: Sapan, Tal
Sent: יום ה
02
יולי 2015 18:18
To: 'che-dev@xxxxxxxxxxx'
Subject: Authentication token in requests from builder to che
Hi,
I have a question regarding how to pass the authentication token when the builder makes a REST call to Che API.
In our scenario we use OAuth 2.0 protocol for authentication.
The request from the client to the builder service ("/builder/<workspace id>/build" API) passes the authentication token as an "Authorization: Bearer" header.
The builder then fetches information about the workspace by calling che workspace API "/workspace/<workspace id>".
In this request we have to pass the authentication token the same way it was received - as "Authorization: Bearer" header.
From looking deeper into the code that sends the REST call, it seems that a token taken from the current user is added to the request as a URL parameter, but no headers are added.
This happens in other API calls as well (like export etc).
Is there currently a way to send the authentication token as a header?
If not, would a pull request for adding authentication to a request in a more general way be acceptable (allow the option of sending as a URL parameter, header and maybe cookie
as well)?
Best regards,
Tal Sapan | T:
+972 9 7779580 | www.sap.com
_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev
_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev
_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev
|
