etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,561 Commits 322 Branches 325 Tags 975 MiB
Commit Graph

88 Commits

Author SHA1 Message Date
Kelven Yang 73ed03baea CLOUDSTACK-2039: Improve console access security with 128-bit AES encryption and securely-randomized key generation 2013-04-16 01:42:29 +01:00
Kelven Yang 4f38d745b8 CLOUDSTACK-1339: Using Sping interface injection pattern to avoid using CGLIB proxying mode. Spring with CGLIB proxying will concflict with CGLIB usage in CloudStack DB code, CloudStack CGLIB usage can cause Spring to lose tack of its proxied object and therefore creates a massive amount of objects in memory 2013-02-24 13:31:42 -08:00
Kelven Yang 176523254e Improve component lifecycle management with system run-level concept 2013-01-30 15:21:02 -08:00
Kelven Yang da2e6461a6 Remove temporary hacking and use Official way to wire-up servlet with injection under Spring 2013-01-30 15:21:01 -08:00
Kelven Yang f8e5740c31 A workaround to injection problems in servlets (ConsoleProxyServlet and RegisterCompletionServlet) classes 2013-01-24 18:04:48 -08:00
Kelven Yang af67d87662 Fix issues with @DB support in Spring environment 2013-01-15 12:35:03 -08:00
Kelven Yang 96bd1d4172 Forget to save changed file in last commit 2013-01-14 14:10:47 -08:00
Kelven Yang 64c947a9f8 Re-fix startup of management server 2013-01-14 10:52:37 -08:00
Kelven Yang 6fb1a1e6f1 Fix issues after another round of merge 2013-01-11 16:54:32 -08:00
Alex Huang 757e1a931b cleanup warnings in utils 2013-01-10 17:19:30 -08:00
Alex Huang d6f44a4d6a merged from master 2013-01-10 15:55:42 -08:00
Alex Huang fac2270240 more files changed 2013-01-10 15:29:14 -08:00
Alex Huang 56e5fbdee2 removed import of componentlocator and inject from all files 2013-01-10 11:44:47 -08:00
Alex Huang f40e7b7511 removed componentlocator and inject 2013-01-10 11:05:20 -08:00
Rohit Yadav 72693ea382 server: Fix ApiServer init method, we won't use cfg files and it's not used there 
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
 2013-01-09 17:20:46 -08:00
Alex Huang 14bd345f1f merge compiles 2013-01-09 04:41:27 -08:00
Alex Huang 30f2565d98 Merge branch 'api_refactoring' into javelin 2013-01-08 12:36:04 -08:00
Kelven Yang b96bb8feb9 Hook log4j to Spring bootstrapped Javelin server 2013-01-07 18:21:58 -08:00
Kelven Yang 559933f062 First page of Javelin management server bootstraped by Spring is able to show now 2013-01-07 15:54:18 -08:00
Kelven Yang 2e9c55f8f6 More Spring issues to bootstrape javalin server 2013-01-04 14:25:12 -08:00
Rohit Yadav d235859168 Fix PluggableService to provide interface for ACL adapters etc. to get configs 
- Fix interface to return array of strings, or filenames
- Fix StaticRoleBased ACL adapter to process config files by going through all pluggable services
- Refactor interface names

Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
 2013-01-02 16:29:39 -08:00
Rohit Yadav 6fc3bc3760 api_refactor: refactor vpn and vm apis 
- Refactor VPN and VM APIs to admin and user pkgs
- Names space, org.apache.cloudstack
- Fix refactored apis in commands*.in
- Fix comments etc.
- Expand tabs, remove trailing whitespace

Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
 2012-12-03 21:27:02 -08:00
Kelven Yang b38d9b82b6 CloudStack messaging refactoring skeleton 2012-11-13 17:59:39 -08:00
Hugo Trippaers bd58ceccd8 Summary: Make the authenticator responsible for encoding the password and add a SHA256 salted authenticator 
The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator.

The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks.

To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore.

The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
 2012-10-30 12:56:56 +01:00
Kelven Yang d70154609a Wire up injection for dynamically constructed objects 2012-10-29 16:16:07 -07:00
Kelven Yang 3609e44b58 commit for https://reviews.apache.org/r/6608/ 2012-08-27 10:39:49 -07:00
Kelven Yang 04bf1a33c6 apply patch https://reviews.apache.org/r/6572/ 2012-08-13 17:28:41 -07:00
Alex Huang c1c952b42b should have used non url safe 2012-08-07 16:58:16 -07:00
Alex Huang a6a864a1a8 Removed Base64 file and use the apache version 2012-08-07 15:41:54 -07:00
David Nalley e87558256c Patch from Chip Childers 
https://reviews.apache.org/r/5704/
License header updates for the server folder
 2012-07-02 09:51:21 -04:00
David Nalley ae4b66283a cleaning up some line endings 2012-07-02 09:50:28 -04:00
Kelven Yang e8a5d51da7 Support console access through rebooting with XAPI session re-negotiation 2012-05-16 17:02:22 -07:00
Kelven Yang 102bc1f39f Don't use dynamic quiried key size as it varies on different JVM implementation and security providers 2012-04-20 11:43:06 -07:00
Kelven Yang c5083787c2 Hardening console proxy AJAX protocol to address security concerns 2012-04-19 12:10:33 -07:00
Rajesh Battala 327049b5c5 CS-14546: Fixed bug Unable to view console in System and Guest VMs and Added Upgrade script 2012-04-19 21:15:45 +05:30
Kelven Yang 8b8973f941 Complete XenServer Secure Console proxy implementation 2012-04-10 15:57:52 -07:00
Rajesh Battala 3cbb8bc198 Xenserver Secure Console Proxy Phase I 2012-04-10 18:01:56 +05:30
David Nalley 59436be4ee fixing line endings in server 2012-04-07 20:13:10 -04:00
frank 2f634c0913 Switch to Apache license 2012-04-03 04:50:05 -07:00
Kelven Yang 8f2b6dc791 do not default display name from null to other name like host name 2012-01-30 14:57:50 -08:00
Alena Prokharchyk 83400cd15f bug 12776: if there are multiple objects involved in resource creation, verify that they belong to the same account 
status 12776: resolved fixed
 2012-01-17 13:40:37 -08:00
Alena Prokharchyk c581506103 bug 12306: list* command revamp 2012-01-09 10:07:42 -08:00
Alena Prokharchyk 209c4aa881 bug 12444: allow accessing Project's vms console 
status 12444: resolved fixed
 2011-12-08 14:38:21 -08:00
Kelven Yang c3eba2933e bug 11973: Escape VM name to prevent from XSS attack. Reviewed-by: Alex huang 2011-11-28 11:38:31 -08:00
Kelven Yang d9c41df1a1 Make console proxy support UUID 2011-11-03 16:24:08 -07:00
alena a1331d1cfc Intermidiate checkin to Project feature: 
1) Introduce new managers - ProjectManager and DomainManager. Moved all domain related code from AccountManager to DomainManager.
2) Moved some code from ManagementServerImpl to the correct managers.
3) New resource limit for Domain - Project
 2011-09-20 18:35:28 -07:00
alena 569427ba1f bug 11036: if resource_count record is missing for account or domain, insert it during the management server startup (with count=0) 
status 11036: resolved fixed
 2011-09-13 15:23:27 -07:00
Kelven Yang 0421eafba0 bug 10765: add japanese keyboard support for linux OSes 2011-08-31 15:53:01 -07:00
frank 316ed91542 Bug 10860 - PremiumUpgrade is not run when upgrading to 2.2.8 (edit) 
run checker before any component loaded
 2011-07-29 20:22:39 -07:00
frank 262e6784e5 Bug 10860 - PremiumUpgrade is not run when upgrading to 2.2.8 
Use a new target "system-integrity-checker" in components.xml/components-premium.xml.
All checkers must be explicitly specified in XML file, they will execute before any components load

status 10860: resolved fixed
 2011-07-27 17:41:38 -07:00