From 21a6bef53b05d430f2cff53ae37033432603136d Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 28 Nov 2014 15:43:29 +0530 Subject: [PATCH] CLOUDSTACK-7989: Ignore Auth API calls in unauthenticated HTTP handlers If an auth API call (such as login, logout) is called on unauthenticated port such as the 8096 integration server port, we need to ignore such API calls as calling auth APIs on 8096 is un-necessary and is undefined. Signed-off-by: Rohit Yadav --- server/src/com/cloud/api/ApiServer.java | 17 +++++++++++------ .../api/auth/APIAuthenticationManagerImpl.java | 3 ++- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 435efa0d250..e60af3b7d50 100644 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -66,6 +66,7 @@ import org.apache.cloudstack.api.BaseListCmd; import org.apache.cloudstack.api.ResponseObject; import org.apache.cloudstack.api.ResponseObject.ResponseView; import org.apache.cloudstack.api.ServerApiException; +import org.apache.cloudstack.api.auth.APIAuthenticationManager; import org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin; import org.apache.cloudstack.api.command.admin.host.ListHostsCmd; import org.apache.cloudstack.api.command.admin.router.ListRoutersCmd; @@ -204,6 +205,8 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer private ConfigurationDao _configDao; @Inject private EntityManager _entityMgr; + @Inject + APIAuthenticationManager _authManager; List _pluggableServices; List _apiAccessCheckers; @@ -485,6 +488,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer } throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent"); } else { + // Don't allow Login/Logout APIs to go past this point + if (_authManager.getAPIAuthenticator(command[0]) != null) { + return null; + } final Map paramMap = new HashMap(); final Set keys = params.keySet(); final Iterator keysIter = keys.iterator(); @@ -522,12 +529,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer else buildAuditTrail(auditTrailSb, command[0], response); } else { - if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout")) { - final String errorString = "Unknown API command: " + command[0]; - s_logger.warn(errorString); - auditTrailSb.append(" " + errorString); - throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString); - } + final String errorString = "Unknown API command: " + command[0]; + s_logger.warn(errorString); + auditTrailSb.append(" " + errorString); + throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString); } } } catch (final InvalidParameterValueException ex) { diff --git a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java index fc21b1913e4..9d0ab684746 100644 --- a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java +++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java @@ -57,7 +57,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuth APICommand command = authenticator.getAnnotation(APICommand.class); if (command != null && !command.name().isEmpty() && APIAuthenticator.class.isAssignableFrom(authenticator)) { - s_authenticators.put(command.name(), authenticator); + s_authenticators.put(command.name().toLowerCase(), authenticator); } } return true; @@ -81,6 +81,7 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuth @Override public APIAuthenticator getAPIAuthenticator(String name) { + name = name.toLowerCase(); APIAuthenticator apiAuthenticator = null; if (s_authenticators != null && s_authenticators.containsKey(name)) { try {