Bug 1012527
Summary: | set the JSESSIONID cookie and header when the authentication is successful even when the subsequent query results in error | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | David Jaša <djasa> |
Component: | ovirt-engine-restapi | Assignee: | Michael Pasternak <mpastern> |
Status: | CLOSED WONTFIX | QA Contact: | Elena <edolinin> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.3.0 | CC: | acathrow, bazulay, iheim, mpastern, oramraz, pstehlik, Rhev-m-bugs, srevivo, yeylon |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | 3.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | infra | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-09-29 11:01:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Jaša
2013-09-26 15:14:04 UTC
i disagree (In reply to David Jaša from comment #0) > Description of problem: > Authentication errors should be evaluated prior to any other kinds of errors > and the resulting behaviour WRT authentication information should not be > influenced by subsequent error at all. In practice, that means that when > user authenticates successfully with "prefer: persistent-auth" set, he > should be given JSESSIONID cookie && header no matter how the rest of the > query ends up. this is not correct, since our api uses ROA architecture, every resource is considered a entry point to api (unlike in SOA where you have single entry point where authenticate takes place), so you should see this as accessing incorrect address (url) in the NET. |