cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject git commit: updated refs/heads/4.5 to d28b716
Date Fri, 28 Nov 2014 10:16:26 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.5 66afce66b -> d28b716d8


CLOUDSTACK-7989: Ignore Auth API calls in unauthenticated HTTP handlers

If an auth API call (such as login, logout) is called on unauthenticated port
such as the 8096 integration server port, we need to ignore such API calls
as calling auth APIs on 8096 is un-necessary and is undefined.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 21a6bef53b05d430f2cff53ae37033432603136d)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d28b716d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d28b716d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d28b716d

Branch: refs/heads/4.5
Commit: d28b716d8aec70f7f8b53990b22a7932fa4725d2
Parents: 66afce6
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Fri Nov 28 15:43:29 2014 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Fri Nov 28 15:46:17 2014 +0530

----------------------------------------------------------------------
 server/src/com/cloud/api/ApiServer.java            | 17 +++++++++++------
 .../api/auth/APIAuthenticationManagerImpl.java     |  3 ++-
 2 files changed, 13 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d28b716d/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 2156d60..f35bd9d 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -66,6 +66,7 @@ import org.apache.cloudstack.api.BaseListCmd;
 import org.apache.cloudstack.api.ResponseObject;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
 import org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.host.ListHostsCmd;
 import org.apache.cloudstack.api.command.admin.router.ListRoutersCmd;
@@ -204,6 +205,8 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
     private ConfigurationDao _configDao;
     @Inject
     private EntityManager _entityMgr;
+    @Inject
+    APIAuthenticationManager _authManager;
 
     List<PluggableService> _pluggableServices;
     List<APIChecker> _apiAccessCheckers;
@@ -483,6 +486,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
                 }
                 throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid
request, no command sent");
             } else {
+                // Don't allow Login/Logout APIs to go past this point
+                if (_authManager.getAPIAuthenticator(command[0]) != null) {
+                    return null;
+                }
                 final Map<String, String> paramMap = new HashMap<String, String>();
                 final Set keys = params.keySet();
                 final Iterator keysIter = keys.iterator();
@@ -520,12 +527,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
                     else
                         buildAuditTrail(auditTrailSb, command[0], response);
                 } else {
-                    if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout"))
{
-                        final String errorString = "Unknown API command: " + command[0];
-                        s_logger.warn(errorString);
-                        auditTrailSb.append(" " + errorString);
-                        throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR,
errorString);
-                    }
+                    final String errorString = "Unknown API command: " + command[0];
+                    s_logger.warn(errorString);
+                    auditTrailSb.append(" " + errorString);
+                    throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString);
                 }
             }
         } catch (final InvalidParameterValueException ex) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d28b716d/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
index fc21b19..9d0ab68 100644
--- a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
+++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
@@ -57,7 +57,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements
APIAuth
             APICommand command = authenticator.getAnnotation(APICommand.class);
             if (command != null && !command.name().isEmpty()
                     && APIAuthenticator.class.isAssignableFrom(authenticator)) {
-                s_authenticators.put(command.name(), authenticator);
+                s_authenticators.put(command.name().toLowerCase(), authenticator);
             }
         }
         return true;
@@ -81,6 +81,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements
APIAuth
 
     @Override
     public APIAuthenticator getAPIAuthenticator(String name) {
+        name = name.toLowerCase();
         APIAuthenticator apiAuthenticator = null;
         if (s_authenticators != null && s_authenticators.containsKey(name)) {
             try {


Mime
View raw message