From d9c41df1a1bda19baa066052d1006600b1dbbcce Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Thu, 3 Nov 2011 16:23:17 -0700 Subject: [PATCH] Make console proxy support UUID --- api/src/com/cloud/api/IdentityService.java | 1 + .../com/cloud/Identity/dao/IdentityDao.java | 1 + .../consoleproxy/ConsoleProxyManagerImpl.java | 15 +++++---- .../cloud/identity/IdentityServiceImpl.java | 4 +++ .../cloud/identity/dao/IdentityDaoImpl.java | 12 +++++-- .../cloud/servlet/ConsoleProxyServlet.java | 31 ++++++++++--------- 6 files changed, 40 insertions(+), 24 deletions(-) diff --git a/api/src/com/cloud/api/IdentityService.java b/api/src/com/cloud/api/IdentityService.java index 1c36be520fe..7b9401ed423 100644 --- a/api/src/com/cloud/api/IdentityService.java +++ b/api/src/com/cloud/api/IdentityService.java @@ -19,5 +19,6 @@ package com.cloud.api; public interface IdentityService { Long getIdentityId(IdentityMapper mapper, String identityString); + Long getIdentityId(String tableName, String identityString); String getIdentityUuid(String tableName, String identityString); } diff --git a/server/src/com/cloud/Identity/dao/IdentityDao.java b/server/src/com/cloud/Identity/dao/IdentityDao.java index 148fd97c92f..88ac49ab188 100644 --- a/server/src/com/cloud/Identity/dao/IdentityDao.java +++ b/server/src/com/cloud/Identity/dao/IdentityDao.java @@ -23,5 +23,6 @@ import com.cloud.utils.db.GenericDao; public interface IdentityDao extends GenericDao { Long getIdentityId(IdentityMapper mapper, String identityString); + Long getIdentityId(String tableName, String identityString); String getIdentityUuid(String tableName, String identityString); } diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java index 2172d4e263e..5e69c4fcdfa 100755 --- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java +++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java @@ -74,6 +74,7 @@ import com.cloud.host.Host; import com.cloud.host.HostVO; import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor.HypervisorType; +import com.cloud.identity.dao.IdentityDao; import com.cloud.info.ConsoleProxyConnectionInfo; import com.cloud.info.ConsoleProxyInfo; import com.cloud.info.ConsoleProxyLoadInfo; @@ -209,6 +210,9 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx UserVmDetailsDao _vmDetailsDao; @Inject ResourceManager _resourceMgr; + + @Inject + IdentityDao _identityDao; private ConsoleProxyListener _listener; @@ -681,7 +685,7 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx @Override public AgentControlAnswer onConsoleAccessAuthentication(ConsoleAccessAuthenticationCommand cmd) { - long vmId = 0; + Long vmId = null; String ticketInUrl = cmd.getTicket(); if (ticketInUrl == null) { @@ -720,11 +724,10 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx } return new ConsoleAccessAuthenticationAnswer(cmd, false); } - - try { - vmId = Long.parseLong(cmd.getVmId()); - } catch (NumberFormatException e) { - s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication", e); + + vmId = _identityDao.getIdentityId("vm_instance", cmd.getVmId()); + if(vmId == null) { + s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication"); return new ConsoleAccessAuthenticationAnswer(cmd, false); } diff --git a/server/src/com/cloud/identity/IdentityServiceImpl.java b/server/src/com/cloud/identity/IdentityServiceImpl.java index 87c56dbe804..146c1449b7a 100644 --- a/server/src/com/cloud/identity/IdentityServiceImpl.java +++ b/server/src/com/cloud/identity/IdentityServiceImpl.java @@ -38,6 +38,10 @@ public class IdentityServiceImpl implements Manager, IdentityService { return _identityDao.getIdentityId(mapper, identityString); } + public Long getIdentityId(String tableName, String identityString) { + return _identityDao.getIdentityId(tableName, identityString); + } + public String getIdentityUuid(String tableName, String identityString) { return _identityDao.getIdentityUuid(tableName, identityString); } diff --git a/server/src/com/cloud/identity/dao/IdentityDaoImpl.java b/server/src/com/cloud/identity/dao/IdentityDaoImpl.java index db9cda80cfa..aee5c1b44a1 100644 --- a/server/src/com/cloud/identity/dao/IdentityDaoImpl.java +++ b/server/src/com/cloud/identity/dao/IdentityDaoImpl.java @@ -39,7 +39,13 @@ public class IdentityDaoImpl extends GenericDaoBase implements @DB public Long getIdentityId(IdentityMapper mapper, String identityString) { - assert(mapper.entityTableName() != null); + assert(mapper.entityTableName() != null); + return getIdentityId(mapper.entityTableName(), identityString); + } + + @DB + public Long getIdentityId(String tableName, String identityString) { + assert(tableName != null); assert(identityString != null); PreparedStatement pstmt = null; @@ -47,7 +53,7 @@ public class IdentityDaoImpl extends GenericDaoBase implements try { try { pstmt = txn.prepareAutoCloseStatement( - String.format("SELECT id FROM `%s` WHERE id=? OR uuid=?", mapper.entityTableName()) + String.format("SELECT id FROM `%s` WHERE id=? OR uuid=?", tableName) // TODO : after graceful period, use following line turn on more secure check // String.format("SELECT id FROM %s WHERE (id=? AND uuid IS NULL) OR uuid=?", mapper.entityTableName()) @@ -75,7 +81,7 @@ public class IdentityDaoImpl extends GenericDaoBase implements txn.close(); } return null; - } + } @DB public String getIdentityUuid(String tableName, String identityString) { diff --git a/server/src/com/cloud/servlet/ConsoleProxyServlet.java b/server/src/com/cloud/servlet/ConsoleProxyServlet.java index 9a75d112a00..92013cbd50b 100644 --- a/server/src/com/cloud/servlet/ConsoleProxyServlet.java +++ b/server/src/com/cloud/servlet/ConsoleProxyServlet.java @@ -37,6 +37,7 @@ import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Base64; import org.apache.log4j.Logger; +import com.cloud.api.IdentityService; import com.cloud.host.HostVO; import com.cloud.server.ManagementServer; import com.cloud.storage.GuestOSVO; @@ -67,6 +68,7 @@ public class ConsoleProxyServlet extends HttpServlet { private final static VirtualMachineManager _vmMgr = ComponentLocator.getLocator(ManagementServer.Name).getManager(VirtualMachineManager.class); private final static DomainManager _domainMgr = ComponentLocator.getLocator(ManagementServer.Name).getManager(DomainManager.class); private final static ManagementServer _ms = (ManagementServer)ComponentLocator.getComponent(ManagementServer.Name); + private final static IdentityService _identityService = (IdentityService)ComponentLocator.getLocator(ManagementServer.Name).getManager(IdentityService.class); @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) { @@ -132,15 +134,13 @@ public class ConsoleProxyServlet extends HttpServlet { return; } - String vmIdString = req.getParameter("vm"); - long vmId = 0; - try { - vmId = Long.parseLong(vmIdString); - } catch(NumberFormatException e) { - s_logger.info("invalid console servlet command parameter: " + vmIdString); - sendResponse(resp, ""); - return; - } + String vmIdString = req.getParameter("vm"); + Long vmId = _identityService.getIdentityId("vm_instance", vmIdString); + if(vmId == null) { + s_logger.info("invalid console servlet command parameter: " + vmIdString); + sendResponse(resp, ""); + return; + } if(!checkSessionPermision(req, vmId, accountObj)) { sendResponse(resp, "Permission denied"); @@ -154,14 +154,13 @@ public class ConsoleProxyServlet extends HttpServlet { } else { handleAuthRequest(req, resp, vmId); } - } catch (Throwable e) { s_logger.error("Unexepected exception in ConsoleProxyServlet", e); sendResponse(resp, "Server Internal Error"); } } - private void handleThumbnailRequest(HttpServletRequest req, HttpServletResponse resp, long vmId) { + private void handleThumbnailRequest(HttpServletRequest req, HttpServletResponse resp, long vmId) { VMInstanceVO vm = _vmMgr.findById(vmId); if(vm == null) { s_logger.warn("VM " + vmId + " does not exist, sending blank response for thumbnail request"); @@ -297,8 +296,9 @@ public class ConsoleProxyServlet extends HttpServlet { host = portInfo.first(); } String sid = vm.getVncPassword(); - long tag = vm.getId(); - String ticket = genAccessTicket(host, String.valueOf(portInfo.second()), sid, String.valueOf(tag)); + String tag = String.valueOf(vm.getId()); + tag = _identityService.getIdentityUuid("vm_instance", tag); + String ticket = genAccessTicket(host, String.valueOf(portInfo.second()), sid, tag); sb.append("/getscreen?host=").append(host); sb.append("&port=").append(portInfo.second()); @@ -322,8 +322,9 @@ public class ConsoleProxyServlet extends HttpServlet { host = portInfo.first(); } String sid = vm.getVncPassword(); - long tag = vm.getId(); - String ticket = genAccessTicket(host, String.valueOf(portInfo.second()), sid, String.valueOf(tag)); + String tag = String.valueOf(vm.getId()); + tag = _identityService.getIdentityUuid("vm_instance", tag); + String ticket = genAccessTicket(host, String.valueOf(portInfo.second()), sid, tag); sb.append("/ajax?host=").append(host); sb.append("&port=").append(portInfo.second());