apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-7989: Ignore Auth API calls in unauthenticated HTTP handlers

Browse Source 
If an auth API call (such as login, logout) is called on unauthenticated port
such as the 8096 integration server port, we need to ignore such API calls
as calling auth APIs on 8096 is un-necessary and is undefined.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2014-11-28 15:43:29 +05:30
parent 9f4c267d56
commit 21a6bef53b
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
server/src/com/cloud/api/ApiServer.java
View File

@ -66,6 +66,7 @@ import org.apache.cloudstack.api.BaseListCmd;
import org.apache.cloudstack.api.ResponseObject;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.auth.APIAuthenticationManager;
import org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin;
import org.apache.cloudstack.api.command.admin.host.ListHostsCmd;
import org.apache.cloudstack.api.command.admin.router.ListRoutersCmd;
@ -204,6 +205,8 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
private ConfigurationDao _configDao;
@Inject
private EntityManager _entityMgr;
@Inject
APIAuthenticationManager _authManager;
List<PluggableService> _pluggableServices;
List<APIChecker> _apiAccessCheckers;
@ -485,6 +488,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
}
throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent");
} else {
// Don't allow Login/Logout APIs to go past this point
if (_authManager.getAPIAuthenticator(command[0]) != null) {
return null;
}
final Map<String, String> paramMap = new HashMap<String, String>();
final Set keys = params.keySet();
final Iterator keysIter = keys.iterator();
@ -522,12 +529,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
else
buildAuditTrail(auditTrailSb, command[0], response);
} else {
if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout")) {
final String errorString = "Unknown API command: " + command[0];
s_logger.warn(errorString);
auditTrailSb.append(" " + errorString);
throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString);
}
final String errorString = "Unknown API command: " + command[0];
s_logger.warn(errorString);
auditTrailSb.append(" " + errorString);
throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString);
}
}
} catch (final InvalidParameterValueException ex) {

3
server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
View File

@ -57,7 +57,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuth
APICommand command = authenticator.getAnnotation(APICommand.class);
if (command != null && !command.name().isEmpty()
&& APIAuthenticator.class.isAssignableFrom(authenticator)) {
s_authenticators.put(command.name(), authenticator);
s_authenticators.put(command.name().toLowerCase(), authenticator);
}
}
return true;
@ -81,6 +81,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuth
@Override
public APIAuthenticator getAPIAuthenticator(String name) {
name = name.toLowerCase();
APIAuthenticator apiAuthenticator = null;
if (s_authenticators != null && s_authenticators.containsKey(name)) {
try {