Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #8118 (closed)

Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

share conection refactoring

Reported by: atarkowska Owned by: atarkowska
Priority: critical Milestone: OMERO-4.4
Component: Web Version: n.a.
Keywords: n.a. Cc: jamoore
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2012-03-27 (11)

Description (last modified by atarkowska)

Due to the new changes handled by decorator there is a need to rewrite share activation.
Right now there is no way to create new omero session without knowing user password. I also couldn't join share to use it as an omero session.

sh = conn.getShare(share_id)
cl = omero.client(str(conn.host))
sf = cl.joinSession(sh.uuid)
share = sf.getShareService()
share.activate(sh.id.val)
 File "/Users/ola/Dev/omero/components/tools/OmeroWeb/omeroweb/../omeroweb/decorators.py", line 68, in get_share_connection
    sf = cl.joinSession(sh.uuid)
 File "/Users/ola/Dev/omero/dist/lib/python/omero/clients.py", line 409, in joinSession
   return self.createSession(session, session)
 File "/Users/ola/Dev/omero/dist/lib/python/omero/clients.py", line 463, in createSession
   prx = self.getRouter(self.__ic).createSession(username, password, ctx)
 File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/Glacier2_Router_ice.py", line 107, in createSession
   return _M_Glacier2.Router._op_createSession.invoke(self, ((userId, password), _ctx))
PermissionDeniedException: exception ::Glacier2::PermissionDeniedException
{
   reason = Password check failed for '9c9f9fc9-743f-43c6-aaac-a90c639c5259': [user=my_user_name, created=2012-02-23 09:39:26.216, closed=2012-02-23 09:50:07.155248]
}

After bug investigation it seams that utest pass because share (which is nothing else then session) is active for timeToIdle (10 min by default) and everyone can join it with suuid. THe same problem is faced while member activate the share = access the share. The session is also available for timeToIdle (10 min by default).

In order to prevent security problems would be perfect if user who is a member of the share would access that object (and make a query for additional data associated with it) directly using standard omero connection. Otherwise client application has to store password and maintain additional connections. Number of connections per user could potentially grow very fast, as a user can click on many shares listed on the hierarchy.

Change History (20)

comment:1 Changed 8 years ago by atarkowska

  • Status changed from new to accepted

comment:2 Changed 8 years ago by atarkowska

  • Cc cxallan added
  • Component changed from General to Web
  • Priority changed from minor to critical

comment:3 Changed 8 years ago by atarkowska

  • Description modified (diff)
  • Owner changed from atarkowska to jmoore

comment:4 Changed 8 years ago by atarkowska

  • Description modified (diff)

comment:5 Changed 8 years ago by atarkowska

  • Description modified (diff)

comment:7 Changed 8 years ago by jmoore

  • Owner jmoore deleted
  • Status changed from accepted to new

comment:8 Changed 8 years ago by jmoore

  • Owner set to jmoore

comment:9 Changed 8 years ago by atarkowska

  • Description modified (diff)

comment:10 Changed 8 years ago by jburel

  • Sprint changed from 2012-02-28 (9) to 2012-03-13 (10)

Moved from sprint 2012-02-28 (9)

comment:11 Changed 8 years ago by cxallan

With #3527 getting at least close to being merged in we should be able to test the usage of the omero.share property in the context of completely eliminating the secondary connections.

comment:12 Changed 8 years ago by cxallan

  • Cc jmoore added; cxallan removed
  • Owner changed from jmoore to cxallan
  • Remaining Time changed from 1 to 1.5

comment:13 Changed 8 years ago by jburel

  • Sprint changed from 2012-03-13 (10) to 2012-03-27 (11)

Moved from sprint 2012-03-13 (10)

comment:14 Changed 8 years ago by cxallan

  • Owner changed from cxallan to atarkowska

comment:15 Changed 8 years ago by atarkowska

  • Status changed from new to accepted

comment:16 Changed 8 years ago by atarkowska

  • Remaining Time changed from 1.5 to 0
  • Status changed from accepted to closed

comment:17 Changed 7 years ago by Aleksandra Tarkowska <A.Tarkowska@…>

  • Resolution set to fixed

(In [8ef520057ddd0a29ce66d6a8e17601039b7c25df/ome.git] on branch develop) maintaining share connection, close #8118

comment:18 Changed 7 years ago by Aleksandra Tarkowska <A.Tarkowska@…>

(In [93ca273084881741f31412b3fc89046ab7b91c60/ome.git] on branch develop) removing conn_share variable

by either replacing by conn handling share in decorator or just share_id, see #8118

comment:19 Changed 7 years ago by Aleksandra Tarkowska <A.Tarkowska@…>

(In [772c82df4714c360e63b32a4e7931638e501af3c/ome.git] on branch develop) maintaining share connection, close #8118

comment:20 Changed 7 years ago by Aleksandra Tarkowska <A.Tarkowska@…>

(In [3427069ad445ee41f6ef7e926049773c643fdca7/ome.git] on branch develop) removing conn_share variable

by either replacing by conn handling share in decorator or just share_id, see #8118

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.86441 sec.)

We're Hiring!