CLOUDSTACK-7989: Ignore Auth API calls in unauthenticated HTTP handlers

If an auth API call (such as login, logout) is called on unauthenticated port
such as the 8096 integration server port, we need to ignore such API calls
as calling auth APIs on 8096 is un-necessary and is undefined.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

server/src/com/cloud/api/ApiServer.java

@@ -66,6 +66,7 @@ import org.apache.cloudstack.api.BaseListCmd;
 import org.apache.cloudstack.api.ResponseObject;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
 import org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.host.ListHostsCmd;
 import org.apache.cloudstack.api.command.admin.router.ListRoutersCmd;
@@ -204,6 +205,8 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
     private ConfigurationDao _configDao;
     @Inject
     private EntityManager _entityMgr;
+    @Inject
+    APIAuthenticationManager _authManager;
 
     List<PluggableService> _pluggableServices;
     List<APIChecker> _apiAccessCheckers;
@@ -485,6 +488,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
                 }
                 throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent");
             } else {
+                // Don't allow Login/Logout APIs to go past this point
+                if (_authManager.getAPIAuthenticator(command[0]) != null) {
+                    return null;
+                }
                 final Map<String, String> paramMap = new HashMap<String, String>();
                 final Set keys = params.keySet();
                 final Iterator keysIter = keys.iterator();
@@ -522,14 +529,12 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
                     else
                         buildAuditTrail(auditTrailSb, command[0], response);
                 } else {
-                    if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout")) {
                     final String errorString = "Unknown API command: " + command[0];
                     s_logger.warn(errorString);
                     auditTrailSb.append(" " + errorString);
                     throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString);
                 }
             }
-            }
         } catch (final InvalidParameterValueException ex) {
             s_logger.info(ex.getMessage());
             throw new ServerApiException(ApiErrorCode.PARAM_ERROR, ex.getMessage(), ex);

server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java

@@ -57,7 +57,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuth
             APICommand command = authenticator.getAnnotation(APICommand.class);
             if (command != null && !command.name().isEmpty()
                     && APIAuthenticator.class.isAssignableFrom(authenticator)) {
-                s_authenticators.put(command.name(), authenticator);
+                s_authenticators.put(command.name().toLowerCase(), authenticator);
             }
         }
         return true;
@@ -81,6 +81,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuth
 
     @Override
     public APIAuthenticator getAPIAuthenticator(String name) {
+        name = name.toLowerCase();
         APIAuthenticator apiAuthenticator = null;
         if (s_authenticators != null && s_authenticators.containsKey(name)) {
             try {