diff --git a/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java b/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java index ac503c9ef6d..b1bd198309a 100644 --- a/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java +++ b/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java @@ -18,14 +18,8 @@ package org.apache.cloudstack.consoleproxy; import com.cloud.utils.component.Manager; import org.apache.cloudstack.api.command.user.consoleproxy.ConsoleEndpoint; -import org.apache.cloudstack.framework.config.ConfigKey; -import org.apache.cloudstack.framework.config.Configurable; -public interface ConsoleAccessManager extends Manager, Configurable { - - ConfigKey ConsoleProxyExtraSecurityValidationEnabled = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED, Boolean.class, - "consoleproxy.extra.security.validation.enabled", "false", - "Enable/disable extra security validation for console proxy using an extra token.", true); +public interface ConsoleAccessManager extends Manager { ConsoleEndpoint generateConsoleEndpoint(Long vmId, String extraSecurityToken, String clientAddress); diff --git a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java index f6dd2e06158..559ceb43e05 100644 --- a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java +++ b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java @@ -47,10 +47,8 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; import org.apache.cloudstack.api.command.user.consoleproxy.ConsoleEndpoint; import org.apache.cloudstack.context.CallContext; -import org.apache.cloudstack.framework.config.ConfigKey; import org.apache.cloudstack.framework.security.keys.KeysManager; import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; @@ -60,8 +58,10 @@ import javax.crypto.spec.SecretKeySpec; import javax.inject.Inject; import javax.naming.ConfigurationException; +import java.util.Arrays; import java.util.Date; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; import java.util.UUID; @@ -90,6 +90,10 @@ public class ConsoleAccessManagerImpl extends ManagerBase implements ConsoleAcce public static final Logger s_logger = Logger.getLogger(ConsoleAccessManagerImpl.class.getName()); + private static final List unsupportedConsoleVMState = Arrays.asList( + VirtualMachine.State.Stopped, VirtualMachine.State.Error, VirtualMachine.State.Destroyed + ); + private static Set allowedSessions; @Override @@ -130,13 +134,6 @@ public class ConsoleAccessManagerImpl extends ManagerBase implements ConsoleAcce return new ConsoleEndpoint(false, null, "Permission denied"); } - if (BooleanUtils.isTrue(ConsoleAccessManager.ConsoleProxyExtraSecurityValidationEnabled.value()) && - StringUtils.isBlank(extraSecurityToken)) { - String errorMsg = "Extra security validation is enabled but the extra token is missing"; - s_logger.error(errorMsg); - return new ConsoleEndpoint(false, errorMsg); - } - String sessionUuid = UUID.randomUUID().toString(); return generateAccessEndpoint(vmId, sessionUuid, extraSecurityToken, clientAddress); } catch (Exception e) { @@ -207,15 +204,23 @@ public class ConsoleAccessManagerImpl extends ManagerBase implements ConsoleAcce throw new CloudRuntimeException(msg); } - if (vm.getHostId() == null) { - msg = "VM " + vmId + " lost host info, sending blank response for console access request"; + String vmUuid = vm.getUuid(); + if (unsupportedConsoleVMState.contains(vm.getState())) { + msg = "VM " + vmUuid + " must be running to connect console, sending blank response for console access request"; s_logger.warn(msg); throw new CloudRuntimeException(msg); } - HostVO host = managementServer.getHostBy(vm.getHostId()); + Long hostId = vm.getState() != VirtualMachine.State.Migrating ? vm.getHostId() : vm.getLastHostId(); + if (hostId == null) { + msg = "VM " + vmUuid + " lost host info, sending blank response for console access request"; + s_logger.warn(msg); + throw new CloudRuntimeException(msg); + } + + HostVO host = managementServer.getHostBy(hostId); if (host == null) { - msg = "VM " + vmId + "'s host does not exist, sending blank response for console access request"; + msg = "VM " + vmUuid + "'s host does not exist, sending blank response for console access request"; s_logger.warn(msg); throw new CloudRuntimeException(msg); } @@ -482,13 +487,4 @@ public class ConsoleAccessManagerImpl extends ManagerBase implements ConsoleAcce } } - @Override - public String getConfigComponentName() { - return ConsoleAccessManagerImpl.class.getSimpleName(); - } - - @Override - public ConfigKey[] getConfigKeys() { - return new ConfigKey[] { ConsoleProxyExtraSecurityValidationEnabled }; - } } diff --git a/ui/src/components/widgets/Console.vue b/ui/src/components/widgets/Console.vue index d31277e2b32..7125dfabe87 100644 --- a/ui/src/components/widgets/Console.vue +++ b/ui/src/components/widgets/Console.vue @@ -28,7 +28,6 @@