cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [49/51] [abbrv] git commit: updated refs/heads/useraccount-refactoring to 1e25886
Date Fri, 28 Nov 2014 18:04:03 GMT
CLOUDSTACK-7989: Ignore Auth API calls in unauthenticated HTTP handlers

If an auth API call (such as login, logout) is called on unauthenticated port
such as the 8096 integration server port, we need to ignore such API calls
as calling auth APIs on 8096 is un-necessary and is undefined.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/21a6bef5
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/21a6bef5
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/21a6bef5

Branch: refs/heads/useraccount-refactoring
Commit: 21a6bef53b05d430f2cff53ae37033432603136d
Parents: 9f4c267
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Fri Nov 28 15:43:29 2014 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Fri Nov 28 15:43:29 2014 +0530

----------------------------------------------------------------------
 server/src/com/cloud/api/ApiServer.java            | 17 +++++++++++------
 .../api/auth/APIAuthenticationManagerImpl.java     |  3 ++-
 2 files changed, 13 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21a6bef5/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 435efa0..e60af3b 100644
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -66,6 +66,7 @@ import org.apache.cloudstack.api.BaseListCmd;
 import org.apache.cloudstack.api.ResponseObject;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
 import org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.host.ListHostsCmd;
 import org.apache.cloudstack.api.command.admin.router.ListRoutersCmd;
@@ -204,6 +205,8 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
     private ConfigurationDao _configDao;
     @Inject
     private EntityManager _entityMgr;
+    @Inject
+    APIAuthenticationManager _authManager;
 
     List<PluggableService> _pluggableServices;
     List<APIChecker> _apiAccessCheckers;
@@ -485,6 +488,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
                 }
                 throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid
request, no command sent");
             } else {
+                // Don't allow Login/Logout APIs to go past this point
+                if (_authManager.getAPIAuthenticator(command[0]) != null) {
+                    return null;
+                }
                 final Map<String, String> paramMap = new HashMap<String, String>();
                 final Set keys = params.keySet();
                 final Iterator keysIter = keys.iterator();
@@ -522,12 +529,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
                     else
                         buildAuditTrail(auditTrailSb, command[0], response);
                 } else {
-                    if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout"))
{
-                        final String errorString = "Unknown API command: " + command[0];
-                        s_logger.warn(errorString);
-                        auditTrailSb.append(" " + errorString);
-                        throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR,
errorString);
-                    }
+                    final String errorString = "Unknown API command: " + command[0];
+                    s_logger.warn(errorString);
+                    auditTrailSb.append(" " + errorString);
+                    throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString);
                 }
             }
         } catch (final InvalidParameterValueException ex) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21a6bef5/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
index fc21b19..9d0ab68 100644
--- a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
+++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
@@ -57,7 +57,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements
APIAuth
             APICommand command = authenticator.getAnnotation(APICommand.class);
             if (command != null && !command.name().isEmpty()
                     && APIAuthenticator.class.isAssignableFrom(authenticator)) {
-                s_authenticators.put(command.name(), authenticator);
+                s_authenticators.put(command.name().toLowerCase(), authenticator);
             }
         }
         return true;
@@ -81,6 +81,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements
APIAuth
 
     @Override
     public APIAuthenticator getAPIAuthenticator(String name) {
+        name = name.toLowerCase();
         APIAuthenticator apiAuthenticator = null;
         if (s_authenticators != null && s_authenticators.containsKey(name)) {
             try {


Mime
View raw message