Example 1 with OriginDeniedException
use of com.cloud.exception.OriginDeniedException in project cloudstack by apache.
the class ApiServer method checkCommandAvailable.
private void checkCommandAvailable(final User user, final String commandName, final InetAddress remoteAddress) throws PermissionDeniedException {
if (user == null) {
throw new PermissionDeniedException("User is null for role based API access check for command" + commandName);
}
final Account account = accountMgr.getAccount(user.getAccountId());
final String accessAllowedCidrs = ApiServiceConfiguration.ApiAllowedSourceCidrList.valueIn(account.getId()).replaceAll("\\s", "");
final Boolean apiSourceCidrChecksEnabled = ApiServiceConfiguration.ApiSourceCidrChecksEnabled.value();
if (apiSourceCidrChecksEnabled) {
s_logger.debug("CIDRs from which account '" + account.toString() + "' is allowed to perform API calls: " + accessAllowedCidrs);
if (!NetUtils.isIpInCidrList(remoteAddress, accessAllowedCidrs.split(","))) {
s_logger.warn("Request by account '" + account.toString() + "' was denied since " + remoteAddress + " does not match " + accessAllowedCidrs);
throw new OriginDeniedException("Calls from disallowed origin", account, remoteAddress);
}
}
for (final APIChecker apiChecker : apiAccessCheckers) {
apiChecker.checkAccess(user, commandName);
}
}
Also used :
UserAccount(com.cloud.user.UserAccount)
Account(com.cloud.user.Account)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
APIChecker(org.apache.cloudstack.acl.APIChecker)
OriginDeniedException(com.cloud.exception.OriginDeniedException)
Aggregations
OriginDeniedException (com.cloud.exception.OriginDeniedException)1
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)1
Account (com.cloud.user.Account)1
UserAccount (com.cloud.user.UserAccount)1
APIChecker (org.apache.cloudstack.acl.APIChecker)1
