Bug 1051568
Summary: | [RFE] Ability to configure API calls to not generate a login/logout event | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Jake Hunsaker <jhunsaker> |
Component: | ovirt-engine-restapi | Assignee: | Juan Hernández <juan.hernandez> |
Status: | CLOSED NOTABUG | QA Contact: | Shai Revivo <srevivo> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 3.2.0 | CC: | acathrow, bazulay, iheim, oramraz, pstehlik, Rhev-m-bugs, yeylon |
Target Milestone: | --- | Keywords: | FutureFeature, Triaged |
Target Release: | 3.4.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | infra | ||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-01-14 19:29:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jake Hunsaker
2014-01-10 15:20:00 UTC
API calls generate a login/logout event only if not using persistent authentication. If using the Python or Java SDKs this should happen automatically. If the customer is accessing the RESTAPI in some other ways then solution to this problem is to explicitly use persistent authentication. The first request sent by the client should contain the "Prefer" header and the authentication details: GET /api HTTP/1.1 Prefer: persistent-auth Content-type: application/xml Accept: application/xml Authorization: Basic YWRtaW5AaW50ZXJuYWw6cmVkaGF0MTIz The server will return the response, including a session cookie: HTTP/1.1 200 OK Header: Date: Fri, 10 Jan 2014 15:32:20 GMT Set-Cookie: JSESSIONID=4RNIBiN40YTHC61APsDL-1Tx; Path=/api; Secure Further requests should send again the "Prefer" header and the session cookie: GET /api/vms HTTP/1.1 Prefer: persistent-auth Cookie: JSESSIONID=4RNIBiN40YTHC61APsDL-1Tx Content-type: application Accept: application This will generate only one session in the server side, and only one login message in the log. For more details see here: http://www.ovirt.org/Features/RESTSessionManagement I would suggest to use one of the SDKs, as they provide this for free, and simplify the development. If this is enough for the customer I would suggest to close the bug as NOTABUG. Closing this as NOTABUG per C#1 |