Task #8118 (closed)
share conection refactoring
Reported by: | atarkowska | Owned by: | atarkowska |
---|---|---|---|
Priority: | critical | Milestone: | OMERO-4.4 |
Component: | Web | Version: | n.a. |
Keywords: | n.a. | Cc: | jamoore |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2012-03-27 (11) |
Description (last modified by atarkowska)
Due to the new changes handled by decorator there is a need to rewrite share activation.
Right now there is no way to create new omero session without knowing user password. I also couldn't join share to use it as an omero session.
sh = conn.getShare(share_id) cl = omero.client(str(conn.host)) sf = cl.joinSession(sh.uuid) share = sf.getShareService() share.activate(sh.id.val)
File "/Users/ola/Dev/omero/components/tools/OmeroWeb/omeroweb/../omeroweb/decorators.py", line 68, in get_share_connection sf = cl.joinSession(sh.uuid) File "/Users/ola/Dev/omero/dist/lib/python/omero/clients.py", line 409, in joinSession return self.createSession(session, session) File "/Users/ola/Dev/omero/dist/lib/python/omero/clients.py", line 463, in createSession prx = self.getRouter(self.__ic).createSession(username, password, ctx) File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/Glacier2_Router_ice.py", line 107, in createSession return _M_Glacier2.Router._op_createSession.invoke(self, ((userId, password), _ctx)) PermissionDeniedException: exception ::Glacier2::PermissionDeniedException { reason = Password check failed for '9c9f9fc9-743f-43c6-aaac-a90c639c5259': [user=my_user_name, created=2012-02-23 09:39:26.216, closed=2012-02-23 09:50:07.155248] }
After bug investigation it seams that utest pass because share (which is nothing else then session) is active for timeToIdle (10 min by default) and everyone can join it with suuid. THe same problem is faced while member activate the share = access the share. The session is also available for timeToIdle (10 min by default).
In order to prevent security problems would be perfect if user who is a member of the share would access that object (and make a query for additional data associated with it) directly using standard omero connection. Otherwise client application has to store password and maintain additional connections. Number of connections per user could potentially grow very fast, as a user can click on many shares listed on the hierarchy.
Change History (20)
comment:1 Changed 12 years ago by atarkowska
- Status changed from new to accepted
comment:2 Changed 12 years ago by atarkowska
- Cc cxallan added
- Component changed from General to Web
- Priority changed from minor to critical
comment:3 Changed 12 years ago by atarkowska
- Description modified (diff)
- Owner changed from atarkowska to jmoore
comment:4 Changed 12 years ago by atarkowska
- Description modified (diff)
comment:5 Changed 12 years ago by atarkowska
- Description modified (diff)
comment:6 Changed 12 years ago by atarkowska
comment:7 Changed 12 years ago by jmoore
- Owner jmoore deleted
- Status changed from accepted to new
comment:8 Changed 12 years ago by jmoore
- Owner set to jmoore
comment:9 Changed 12 years ago by atarkowska
- Description modified (diff)
comment:10 Changed 12 years ago by jburel
- Sprint changed from 2012-02-28 (9) to 2012-03-13 (10)
Moved from sprint 2012-02-28 (9)
comment:11 Changed 12 years ago by cxallan
With #3527 getting at least close to being merged in we should be able to test the usage of the omero.share property in the context of completely eliminating the secondary connections.
comment:12 Changed 12 years ago by cxallan
- Cc jmoore added; cxallan removed
- Owner changed from jmoore to cxallan
- Remaining Time changed from 1 to 1.5
comment:13 Changed 12 years ago by jburel
- Sprint changed from 2012-03-13 (10) to 2012-03-27 (11)
Moved from sprint 2012-03-13 (10)
comment:14 Changed 12 years ago by cxallan
- Owner changed from cxallan to atarkowska
comment:15 Changed 12 years ago by atarkowska
- Status changed from new to accepted
comment:16 Changed 12 years ago by atarkowska
- Remaining Time changed from 1.5 to 0
- Status changed from accepted to closed
comment:17 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>
- Resolution set to fixed
(In [8ef520057ddd0a29ce66d6a8e17601039b7c25df/ome.git] on branch develop) maintaining share connection, close #8118
comment:18 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>
(In [93ca273084881741f31412b3fc89046ab7b91c60/ome.git] on branch develop) removing conn_share variable
by either replacing by conn handling share in decorator or just share_id, see #8118
comment:19 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>
(In [772c82df4714c360e63b32a4e7931638e501af3c/ome.git] on branch develop) maintaining share connection, close #8118
comment:20 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>
(In [3427069ad445ee41f6ef7e926049773c643fdca7/ome.git] on branch develop) removing conn_share variable
by either replacing by conn handling share in decorator or just share_id, see #8118
test on http://github.com/aleksandra-tarkowska/openmicroscopy/commit/60f040f97cc529b3110b403000f11e6fa8935b6d