diff --git a/awsapi/src/com/cloud/bridge/service/S3RestServlet.java b/awsapi/src/com/cloud/bridge/service/S3RestServlet.java index 78479975960..6f648ad384d 100644 --- a/awsapi/src/com/cloud/bridge/service/S3RestServlet.java +++ b/awsapi/src/com/cloud/bridge/service/S3RestServlet.java @@ -24,6 +24,8 @@ import java.security.SignatureException; import java.sql.SQLException; import java.util.Enumeration; +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -41,6 +43,7 @@ import org.w3c.dom.NodeList; import com.cloud.bridge.io.MultiPartDimeInputStream; import com.cloud.bridge.model.SAcl; import com.cloud.bridge.persist.PersistContext; +import com.cloud.bridge.persist.dao.CloudStackConfigurationDao; import com.cloud.bridge.persist.dao.UserCredentialsDao; import com.cloud.bridge.service.controller.s3.S3BucketAction; import com.cloud.bridge.service.controller.s3.S3ObjectAction; @@ -58,6 +61,7 @@ import com.cloud.bridge.service.exception.InvalidBucketName; import com.cloud.bridge.service.exception.NoSuchObjectException; import com.cloud.bridge.service.exception.PermissionDeniedException; import com.cloud.bridge.util.AuthenticationUtils; +import com.cloud.bridge.util.ConfigurationHelper; import com.cloud.bridge.util.HeaderParam; import com.cloud.bridge.util.RestAuth; import com.cloud.bridge.util.S3SoapAuth; @@ -67,7 +71,9 @@ import com.cloud.bridge.util.S3SoapAuth; */ public class S3RestServlet extends HttpServlet { private static final long serialVersionUID = -6168996266762804877L; - + public static final String ENABLE_S3_API="enable.s3.api"; + private static boolean isS3APIEnabled = false; + public static final Logger logger = Logger.getLogger(S3RestServlet.class); protected void doGet(HttpServletRequest req, HttpServletResponse resp) { @@ -99,6 +105,26 @@ public class S3RestServlet extends HttpServlet { processRequest( req, resp, "DELETE" ); } + public void init( ServletConfig config ) throws ServletException { + try{ + ConfigurationHelper.preConfigureConfigPathFromServletContext(config.getServletContext()); + UserCredentialsDao.preCheckTableExistence(); + // check if API is enabled + CloudStackConfigurationDao csDao = new CloudStackConfigurationDao(); + String value = csDao.getConfigValue(ENABLE_S3_API); + if(value != null) { + isS3APIEnabled = Boolean.valueOf(value); + } + + }finally { + PersistContext.commitTransaction(true); + PersistContext.closeSession(true); + } + + } + + + /** * POST requests do not get authenticated on entry. The associated * access key and signature headers are embedded in the message not encoded @@ -116,6 +142,12 @@ public class S3RestServlet extends HttpServlet { // to report our version of this capability. // -> unauthenticated calls, should still be done over HTTPS String cloudAction = request.getParameter( "Action" ); + + if(!isS3APIEnabled){ + throw new RuntimeException("Amazon S3 API is disabled."); + } + + if (null != cloudAction) { if (cloudAction.equalsIgnoreCase( "SetUserKeys" )) { diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 94b106ac83f..d62b2690a00 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -220,6 +220,7 @@ public enum Config { ElasticLoadBalancerVmGcInterval("Advanced", ManagementServer.class, Integer.class, "network.loadbalancer.basiczone.elb.gc.interval.minutes", "30", "Garbage collection interval to destroy unused ELB vms in minutes. Minimum of 5", null), SortKeyAlgorithm("Advanced", ManagementServer.class, Boolean.class, "sortkey.algorithm", "false", "Sort algorithm for those who use sort key(template, disk offering, service offering, network offering), true means ascending sort while false means descending sort", null), EnableEC2API("Advanced", ManagementServer.class, Boolean.class, "enable.ec2.api", "false", "enable EC2 API on CloudStack", null), + EnableS3API("Advanced", ManagementServer.class, Boolean.class, "enable.s3.api", "false", "enable Amazon S3 API on CloudStack", null), // Ovm OvmPublicNetwork("Hidden", ManagementServer.class, String.class, "ovm.public.network.device", null, "Specify the public bridge on host for public network", null), diff --git a/setup/db/db/schema-302to303.sql b/setup/db/db/schema-302to303.sql index da5be42e52c..578db97d852 100755 --- a/setup/db/db/schema-302to303.sql +++ b/setup/db/db/schema-302to303.sql @@ -118,5 +118,6 @@ DELETE FROM `cloud`.`configuration` WHERE name='xen.min.version'; DELETE FROM `cloud`.`configuration` WHERE name='xen.min.xapi.version'; INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'enable.ec2.api', 'false', 'enable EC2 API on CloudStack'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'enable.s3.api', 'false', 'enable Amazon S3 API on CloudStack'); ALTER TABLE `cloud`.`account` ADD COLUMN `default_zone_id` bigint unsigned; -ALTER TABLE `cloud`.`account` ADD CONSTRAINT `fk_account__default_zone_id` FOREIGN KEY `fk_account__default_zone_id`(`default_zone_id`) REFERENCES `data_center`(`id`) ON DELETE CASCADE; \ No newline at end of file +ALTER TABLE `cloud`.`account` ADD CONSTRAINT `fk_account__default_zone_id` FOREIGN KEY `fk_account__default_zone_id`(`default_zone_id`) REFERENCES `data_center`(`id`) ON DELETE CASCADE;