Introduction of a new Transaction API that is more consistent with the style
of Spring's transaction managment. The existing Transaction class was renamed
to TransactionLegacy. All of the non-DAO code in the management server has been
updated to use the new Transaction API.
ACS is now comprised of a hierarchy of spring application contexts.
Each plugin can contribute configuration files to add to an existing
module or create it's own module.
Additionally, for the mgmt server, ACS custom AOP is no longer used
and instead we use Spring AOP to manage interceptors.
The managed context framework provides a simple way to add logic
to ACS at the various entry points of the system. As threads are
launched and ran listeners can be registered for onEntry or onLeave
of the managed context. This framework will be used specifically
to handle DB transaction checking and setting up the CallContext.
This framework is need to transition away from ACS custom AOP to
Spring AOP.
Various classes are using member injection to inject extensible objects.
Really those object should come from an AdapterList that is injected in.
This patch switches the code to use setter injection that will later allow
spring to inject an AdapterList or something similar to allow
extensibility.
SimulatoComponentContext need sto include the dedicated resource manager
to see the commands/apis exposed by it.
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
Description:
Currently, userdata sent over to the DeployVMCmd and
updateVMCmd commands can be upto 2K in length, whether
sent over GET or POST. We remove this limitation for
POST to change this limit to 32K. Also enabling lazy
load on userdata to improve performance during reads
of large sized userdata from user VM records.
Signed-off-by: Min Chen <min.chen@citrix.com>
If any API contains '&' i.e. no key value pair or '&<paramter-name>' i.e. a parameter without a value, then we get an NPE as owasp.esapi.StringUtilities.stripControls deosn't handle NPE.
Non-printable characters results in empty pages for all users loading the
corrupted object in the web interface. It also results in the API call results
getting truncated with an error when it encounters the non-printable characters.
Every decoded parameter value is checked for control character using OWASP's
ESAPI library.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Mgmt server impl is a pluggable service, fix it's method
- Fix getCommands() to return all cmd api classes supported by this mgmt server
- For api-discovery, get commands from pluggable services only, don't use reflections
- Don't use reflections in ApiServer, iterate pluggableservices
- Fix api discovery unit test
- The fix was done automatically using following python program along with
following step:
1. Get all apis provided by default mgmt server, all of them are in cloud-api now
cd api/src/org/apache/cloudstack/api/command
find . >> apis
2. For all apis, generate java code that adds the class to the cmdList arraylist:
f = open('apis', 'r')
data = f.read()
f.close()
output = ""
for a in data.split('\n'):
output += "cmdList.add(%s);" % a.split('/')[-1].replace('.java', '.class')
# wrote output to a file, copied content to mgmt server impl's getCommands()
# similarly, fixed import statements using same code, splitting on /
Testing:
Ran apiserver, put breakpoints in ApiServer's init() where classes are processed
Total cmd classes found by reflections (ReflectUtil) = 354
Total cmd classes found by getCommands for all pluggable services = 354
Next, copied the comma separated values for each set to a string in ipython, a & b
set(a).difference(set(b)) returned null.
The above test implies both set of cmd classes found by both methods, i.e. using
reflections and using getCommands() had same set of apis and all were unique.
Conclusion:
The changes are idempotent and don't break api server's cmd class api discovery
processing.
BUG-ID: CLOUDSTACK-1210
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Get rid of boolean decode arg
- Method assumes that OTW params have been already decoded
- Remove redundant code that tries to decode again based on boolean arg
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
