Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #8118 (closed)

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

share conection refactoring

Reported by: atarkowska Owned by: atarkowska
Priority: critical Milestone: OMERO-4.4
Component: Web Version: n.a.
Keywords: n.a. Cc: jamoore
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2012-03-27 (11)

Description (last modified by atarkowska)

Due to the new changes handled by decorator there is a need to rewrite share activation.
Right now there is no way to create new omero session without knowing user password. I also couldn't join share to use it as an omero session.

sh = conn.getShare(share_id)
cl = omero.client(str(conn.host))
sf = cl.joinSession(sh.uuid)
share = sf.getShareService()
share.activate(sh.id.val)

 File "/Users/ola/Dev/omero/components/tools/OmeroWeb/omeroweb/../omeroweb/decorators.py", line 68, in get_share_connection
    sf = cl.joinSession(sh.uuid)
 File "/Users/ola/Dev/omero/dist/lib/python/omero/clients.py", line 409, in joinSession
   return self.createSession(session, session)
 File "/Users/ola/Dev/omero/dist/lib/python/omero/clients.py", line 463, in createSession
   prx = self.getRouter(self.__ic).createSession(username, password, ctx)
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/Glacier2_Router_ice.py", line 107, in createSession
   return _M_Glacier2.Router._op_createSession.invoke(self, ((userId, password), _ctx))
PermissionDeniedException: exception ::Glacier2::PermissionDeniedException
{
   reason = Password check failed for '9c9f9fc9-743f-43c6-aaac-a90c639c5259': [user=my_user_name, created=2012-02-23 09:39:26.216, closed=2012-02-23 09:50:07.155248]
}

After bug investigation it seams that utest pass because share (which is nothing else then session) is active for timeToIdle (10 min by default) and everyone can join it with suuid. THe same problem is faced while member activate the share = access the share. The session is also available for timeToIdle (10 min by default).

In order to prevent security problems would be perfect if user who is a member of the share would access that object (and make a query for additional data associated with it) directly using standard omero connection. Otherwise client application has to store password and maintain additional connections. Number of connections per user could potentially grow very fast, as a user can click on many shares listed on the hierarchy.

Change History (20)

comment:1 Changed 12 years ago by atarkowska

  • Status changed from new to accepted

comment:2 Changed 12 years ago by atarkowska

  • Cc cxallan added
  • Component changed from General to Web
  • Priority changed from minor to critical

comment:3 Changed 12 years ago by atarkowska

  • Description modified (diff)
  • Owner changed from atarkowska to jmoore

comment:4 Changed 12 years ago by atarkowska

  • Description modified (diff)

comment:5 Changed 12 years ago by atarkowska

  • Description modified (diff)

comment:7 Changed 12 years ago by jmoore

  • Owner jmoore deleted
  • Status changed from accepted to new

comment:8 Changed 12 years ago by jmoore

  • Owner set to jmoore

comment:9 Changed 12 years ago by atarkowska

  • Description modified (diff)

comment:10 Changed 12 years ago by jburel

  • Sprint changed from 2012-02-28 (9) to 2012-03-13 (10)

Moved from sprint 2012-02-28 (9)

comment:11 Changed 12 years ago by cxallan

With #3527 getting at least close to being merged in we should be able to test the usage of the omero.share property in the context of completely eliminating the secondary connections.

comment:12 Changed 12 years ago by cxallan

  • Cc jmoore added; cxallan removed
  • Owner changed from jmoore to cxallan
  • Remaining Time changed from 1 to 1.5

comment:13 Changed 12 years ago by jburel

  • Sprint changed from 2012-03-13 (10) to 2012-03-27 (11)

Moved from sprint 2012-03-13 (10)

comment:14 Changed 12 years ago by cxallan

  • Owner changed from cxallan to atarkowska

comment:15 Changed 12 years ago by atarkowska

  • Status changed from new to accepted

comment:16 Changed 12 years ago by atarkowska

  • Remaining Time changed from 1.5 to 0
  • Status changed from accepted to closed

comment:17 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>

  • Resolution set to fixed

(In [8ef520057ddd0a29ce66d6a8e17601039b7c25df/ome.git] on branch develop) maintaining share connection, close #8118

comment:18 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>

(In [93ca273084881741f31412b3fc89046ab7b91c60/ome.git] on branch develop) removing conn_share variable

by either replacing by conn handling share in decorator or just share_id, see #8118

comment:19 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>

(In [772c82df4714c360e63b32a4e7931638e501af3c/ome.git] on branch develop) maintaining share connection, close #8118

comment:20 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>

(In [3427069ad445ee41f6ef7e926049773c643fdca7/ome.git] on branch develop) removing conn_share variable

by either replacing by conn handling share in decorator or just share_id, see #8118

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.71320 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!