bug 8565: throw unsupported error code when non existing api command is sent

status 8565: resolved fixed
2025-10-26 08:42:29 +01:00 · 2011-02-15 15:51:10 -08:00 · 2011-02-15 15:51:10 -08:00 · a05400604b
commit a05400604b
parent 36e058114f
2 changed files with 21 additions and 18 deletions
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@ -31,7 +31,6 @@ import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.security.InvalidParameterException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
@ -507,7 +506,7 @@ public class ApiServer implements HttpRequestHandler {
 	       return isCommandAvailable;
 	   }
-    public boolean verifyRequest(Map<String, Object[]> requestParameters, Long userId) throws InvalidParameterException {
+    public boolean verifyRequest(Map<String, Object[]> requestParameters, Long userId) throws ServerApiException {
        try {
            String apiKey = null;
            String secretKey = null;
@ -529,16 +528,16 @@ public class ApiServer implements HttpRequestHandler {
            	short accountType = userAccount.getType();
            	if (!isCommandAvailable(accountType, commandName)) {
-            		return false;
+            	    s_logger.warn("The given command:"+commandName+" does not exist");
                    throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:"+commandName+" does not exist");
            	}
            	return true;
            }else{
            	//check against every available command to see if the command exists or not
            	if(!isCommandAvailable(commandName) && !commandName.equals("login") && !commandName.equals("logout")){
            		s_logger.warn("The given command:"+commandName+" does not exist");
-            		throw new InvalidParameterException("The given command:"+commandName+" does not exist");
+            		throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:"+commandName+" does not exist");
            	}
            }
            // - build a request string with sorted params, make sure it's all lowercase
@ -599,7 +598,8 @@ public class ApiServer implements HttpRequestHandler {
            UserContext.updateContext(user.getId(), account, null);
            if (!isCommandAvailable(account.getType(), commandName)) {
-        		return false;
+                s_logger.warn("The given command:"+commandName+" does not exist");
                throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:"+commandName+" does not exist");
        	}
            // verify secret key exists
@ -623,9 +623,9 @@ public class ApiServer implements HttpRequestHandler {
            }
            return equalSig;
        } catch (Exception ex) {
-        	if(ex instanceof InvalidParameterException){
+            if (ex instanceof ServerApiException && ((ServerApiException) ex).getErrorCode() == BaseCmd.UNSUPPORTED_ACTION_ERROR) {
-        		throw new InvalidParameterException(ex.getMessage());
+                throw (ServerApiException)ex;
-        	}
+            } 
            s_logger.error("unable to verifty request signature", ex);
        }
        return false;
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@ -19,7 +19,6 @@
 package com.cloud.api;
 import java.io.IOException;
 import java.security.InvalidParameterException;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Map;
@ -275,7 +274,7 @@ public class ApiServlet extends HttpServlet {
                if (session != null) {
                    try {
                        session.invalidate();
-                    }catch (IllegalStateException ise) {}
+                    } catch (IllegalStateException ise) {}
                }
                auditTrailSb.append(" " + HttpServletResponse.SC_UNAUTHORIZED +  " " + "unable to verify user credentials and/or request signature");
@ -283,13 +282,17 @@ public class ApiServlet extends HttpServlet {
                writeResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType);
            }
-        }catch (InvalidParameterException ipe){
+        } catch (Exception ex) {
-            auditTrailSb.append(" " + HttpServletResponse.SC_NOT_FOUND +  " " + ipe.getMessage());
+            if (ex instanceof ServerApiException && ((ServerApiException) ex).getErrorCode() == BaseCmd.UNSUPPORTED_ACTION_ERROR) {
-            String serializedResponse = _apiServer.getSerializedApiError(HttpServletResponse.SC_NOT_FOUND, ipe.getMessage(), params, responseType);
+                ServerApiException se = (ServerApiException)ex;
-            writeResponse(resp, serializedResponse, HttpServletResponse.SC_NOT_FOUND, responseType);
+                String serializedResponseText = _apiServer.getSerializedApiError(se.getErrorCode(), se.getDescription(), params, responseType);
-        }catch (Exception ex) {
+                resp.setHeader("X-Description", se.getDescription());
-            s_logger.error("unknown exception writing api response", ex);
+                writeResponse(resp, serializedResponseText, se.getErrorCode(), responseType);
-            auditTrailSb.append(" unknown exception writing api response");
+                auditTrailSb.append(" " +se.getErrorCode() + " " + se.getDescription());
            } else {
                s_logger.error("unknown exception writing api response", ex);
                auditTrailSb.append(" unknown exception writing api response");
            }
        } finally {
            s_accessLogger.info(auditTrailSb.toString());            
            // cleanup user context to prevent from being peeked in other request context