Currently any new API extension to CloudStack must edit
commands.properties to add the appropriate ACLs. This generally works
fine for ACS as we control the contents of that file and distribute
all the code ourself. The hang up comes when somebody develops code
outside of ACS and want to add their code to an existing ACS
installation. The Spring work that has been done has made this much
easier, but you are still required to manually edit
commands.properties. This change introduces the following logic.
First check commands.properties for ACL info. If ACL info exists, use
that to authorize the command. If no ACL information exists (ie
null), then look at the @APICommand annotation. The defaults of
@APICommand will provide no ACL info. If the @APICommand annotation
provides no ACL info, use that.
ACS is now comprised of a hierarchy of spring application contexts.
Each plugin can contribute configuration files to add to an existing
module or create it's own module.
Additionally, for the mgmt server, ACS custom AOP is no longer used
and instead we use Spring AOP to manage interceptors.
Various classes are using member injection to inject extensible objects.
Really those object should come from an AdapterList that is injected in.
This patch switches the code to use setter injection that will later allow
spring to inject an AdapterList or something similar to allow
extensibility.
Plugin should not be responsible for existence of checking an API, this was wrong.
Throw exception boldly when checkAccess fails.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Fix StaticRoleBasedAPIAccessChecker to check api access based on roletype
- Remove properties file which is not needed now for api discovery plugin
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
