commit ab510952efdd5333e197d23042816ba6ecfa3339
Author: David Goetz <email address hidden>
Date: Tue May 27 09:52:39 2014 -0700
xLO bug with auth tokens expiring during download.
Just put SLO and DLO after any auth middleware. This works because when
the request goes through that middleware in the pipeline the
authentication takes place: validation of the token, setting up who the
user is, and setting the authorization call back. Each subrequest made
for the segments will be subjected to that authorization call back which
verifies the user has access to the individual segments.
To get this to work with keystone, the keystone identity is set up
during __call__ and applied to the authorize function using a
functools.partial. When the authorize function is later called from the
environ by the proxy server the idenity that was set up when the request
passed through the auth middleware is used, not what can be pulled out
of the possibly altered state of the request's environment.
Reviewed: https:/ /review. openstack. org/92165 /git.openstack. org/cgit/ openstack/ swift/commit/ ?id=ab510952efd d5333e197d23042 816ba6ecfa3339
Committed: https:/
Submitter: Jenkins
Branch: master
commit ab510952efdd533 3e197d23042816b a6ecfa3339
Author: David Goetz <email address hidden>
Date: Tue May 27 09:52:39 2014 -0700
xLO bug with auth tokens expiring during download.
Just put SLO and DLO after any auth middleware. This works because when
the request goes through that middleware in the pipeline the
authentication takes place: validation of the token, setting up who the
user is, and setting the authorization call back. Each subrequest made
for the segments will be subjected to that authorization call back which
verifies the user has access to the individual segments.
To get this to work with keystone, the keystone identity is set up partial. When the authorize function is later called from the
during __call__ and applied to the authorize function using a
functools.
environ by the proxy server the idenity that was set up when the request
passed through the auth middleware is used, not what can be pulled out
of the possibly altered state of the request's environment.
DocImpact
fixes bug: 1315133
Change-Id: I7827dd2d9dfbb3 c6424773fb28913 55d47e372ba