From a05400604b5129e5e663cf973bb6621dea360af9 Mon Sep 17 00:00:00 2001 From: alena Date: Tue, 15 Feb 2011 15:51:10 -0800 Subject: [PATCH] bug 8565: throw unsupported error code when non existing api command is sent status 8565: resolved fixed --- server/src/com/cloud/api/ApiServer.java | 18 +++++++++--------- server/src/com/cloud/api/ApiServlet.java | 21 ++++++++++++--------- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 1819990e9f9..d37473eb885 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -31,7 +31,6 @@ import java.net.ServerSocket; import java.net.Socket; import java.net.URLDecoder; import java.net.URLEncoder; -import java.security.InvalidParameterException; import java.security.SecureRandom; import java.util.ArrayList; import java.util.Collections; @@ -507,7 +506,7 @@ public class ApiServer implements HttpRequestHandler { return isCommandAvailable; } - public boolean verifyRequest(Map requestParameters, Long userId) throws InvalidParameterException { + public boolean verifyRequest(Map requestParameters, Long userId) throws ServerApiException { try { String apiKey = null; String secretKey = null; @@ -529,16 +528,16 @@ public class ApiServer implements HttpRequestHandler { short accountType = userAccount.getType(); if (!isCommandAvailable(accountType, commandName)) { - return false; + s_logger.warn("The given command:"+commandName+" does not exist"); + throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:"+commandName+" does not exist"); } return true; }else{ //check against every available command to see if the command exists or not if(!isCommandAvailable(commandName) && !commandName.equals("login") && !commandName.equals("logout")){ s_logger.warn("The given command:"+commandName+" does not exist"); - throw new InvalidParameterException("The given command:"+commandName+" does not exist"); + throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:"+commandName+" does not exist"); } - } // - build a request string with sorted params, make sure it's all lowercase @@ -599,7 +598,8 @@ public class ApiServer implements HttpRequestHandler { UserContext.updateContext(user.getId(), account, null); if (!isCommandAvailable(account.getType(), commandName)) { - return false; + s_logger.warn("The given command:"+commandName+" does not exist"); + throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:"+commandName+" does not exist"); } // verify secret key exists @@ -623,9 +623,9 @@ public class ApiServer implements HttpRequestHandler { } return equalSig; } catch (Exception ex) { - if(ex instanceof InvalidParameterException){ - throw new InvalidParameterException(ex.getMessage()); - } + if (ex instanceof ServerApiException && ((ServerApiException) ex).getErrorCode() == BaseCmd.UNSUPPORTED_ACTION_ERROR) { + throw (ServerApiException)ex; + } s_logger.error("unable to verifty request signature", ex); } return false; diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java index 5ecfa759ce9..f8673709d05 100755 --- a/server/src/com/cloud/api/ApiServlet.java +++ b/server/src/com/cloud/api/ApiServlet.java @@ -19,7 +19,6 @@ package com.cloud.api; import java.io.IOException; -import java.security.InvalidParameterException; import java.util.Enumeration; import java.util.HashMap; import java.util.Map; @@ -275,7 +274,7 @@ public class ApiServlet extends HttpServlet { if (session != null) { try { session.invalidate(); - }catch (IllegalStateException ise) {} + } catch (IllegalStateException ise) {} } auditTrailSb.append(" " + HttpServletResponse.SC_UNAUTHORIZED + " " + "unable to verify user credentials and/or request signature"); @@ -283,13 +282,17 @@ public class ApiServlet extends HttpServlet { writeResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType); } - }catch (InvalidParameterException ipe){ - auditTrailSb.append(" " + HttpServletResponse.SC_NOT_FOUND + " " + ipe.getMessage()); - String serializedResponse = _apiServer.getSerializedApiError(HttpServletResponse.SC_NOT_FOUND, ipe.getMessage(), params, responseType); - writeResponse(resp, serializedResponse, HttpServletResponse.SC_NOT_FOUND, responseType); - }catch (Exception ex) { - s_logger.error("unknown exception writing api response", ex); - auditTrailSb.append(" unknown exception writing api response"); + } catch (Exception ex) { + if (ex instanceof ServerApiException && ((ServerApiException) ex).getErrorCode() == BaseCmd.UNSUPPORTED_ACTION_ERROR) { + ServerApiException se = (ServerApiException)ex; + String serializedResponseText = _apiServer.getSerializedApiError(se.getErrorCode(), se.getDescription(), params, responseType); + resp.setHeader("X-Description", se.getDescription()); + writeResponse(resp, serializedResponseText, se.getErrorCode(), responseType); + auditTrailSb.append(" " +se.getErrorCode() + " " + se.getDescription()); + } else { + s_logger.error("unknown exception writing api response", ex); + auditTrailSb.append(" unknown exception writing api response"); + } } finally { s_accessLogger.info(auditTrailSb.toString()); // cleanup user context to prevent from being peeked in other request context