Bug 962863
Summary: | [RFE] Improve REST API integration for UI Plugins | ||
---|---|---|---|
Product: | [Retired] oVirt | Reporter: | Vojtech Szocs <vszocs> |
Component: | ovirt-engine-webadmin | Assignee: | Vojtech Szocs <vszocs> |
Status: | CLOSED WONTFIX | QA Contact: | bugs <bugs> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | unspecified | CC: | bazulay, ecohen, iheim, mgoldboi, pablo.iranzo, pstehlik, rbalakri, sbonazzo, vszocs |
Target Milestone: | --- | Keywords: | FutureFeature, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | ux | ||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: |
Feature:
Improve REST API integration for UI Plugins
Reason:
Result (if any):
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-22 15:46:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vojtech Szocs
2013-05-14 15:38:26 UTC
CC'ing Michael, maybe it's worth revisiting support for passing session ID (i.e. JSESSIONID value) in a way other than HTTP cookie. This would allow UI plugin code (JavaScript) to communicate directly with Engine REST API. Using JSESSIONID cookie is most likely impossible because REST API expects this cookie to be set for path=/api and plugin code runs under path=/webadmin -> worth giving a try, though. (maybe we can try setting the cookie for the root path) (In reply to vszocs from comment #3) > (maybe we can try setting the cookie for the root path) Bad idea, since there are different JSESSIONID cookies for different applications, depending on cookie path. Target version? Target version = future for now, currently low priority To summarize positive impacts of this RFE: 1. isolation -> each UI plugin will have its own REST API session assigned, i.e. avoid single shared session and issues that come with it 2. transparency -> each UI plugin will have to state permissions for its REST API session explicitly, i.e. permissions unrelated to admin GUI user 3. control -> we can disable REST API session functionality per each UI plugin if necessary 4. simplification -> no need for "keep-alive single shared session" functionality anymore We should consider following items for this RFE: - have one REST session per UI plugin (which also means creating associated Engine user for this purpose) -> plugin vs. plugin REST session isolation - create REST session not from client (WebAdmin/JavaScript) but from server (when serving WebAdmin.html) -> avoid issues with cookies [*] & HTTP Basic Auth handling [**] [*] multiple-cookies (one per UI plugin) with same name (JSESSIONID) for same origin (REST API) is not possible [**] browsers usually cache HTTP "Authorization" request header for given origin (REST API) which complicates authentication from plugin perspective Closing old bugs. If this issue is still relevant/important in current version, please re-open the bug. |