Example 6 with CloudAuthenticationException
use of com.cloud.legacymodel.exceptions.CloudAuthenticationException in project cosmic by MissionCriticalCloud.
the class LogContext method register.
public static LogContext register(final long callingUserId, final long callingAccountId) throws CloudAuthenticationException {
final Account account = s_entityMgr.findById(Account.class, callingAccountId);
if (account == null) {
throw new CloudAuthenticationException("The account is no longer current.").add(Account.class, Long.toString(callingAccountId));
}
final User user = s_entityMgr.findById(User.class, callingUserId);
if (user == null) {
throw new CloudAuthenticationException("The user is no longer current.").add(User.class, Long.toString(callingUserId));
}
return register(user, account);
}
Also used :
Account(com.cloud.legacymodel.user.Account)
User(com.cloud.legacymodel.user.User)
CloudAuthenticationException(com.cloud.legacymodel.exceptions.CloudAuthenticationException)
Example 7 with CloudAuthenticationException
use of com.cloud.legacymodel.exceptions.CloudAuthenticationException in project cosmic by MissionCriticalCloud.
the class LogContext method register.
public static LogContext register(final long callingUserId, final long callingAccountId, final String contextId) throws CloudAuthenticationException {
final Account account = s_entityMgr.findById(Account.class, callingAccountId);
if (account == null) {
throw new CloudAuthenticationException("The account is no longer current.").add(Account.class, Long.toString(callingAccountId));
}
final User user = s_entityMgr.findById(User.class, callingUserId);
if (user == null) {
throw new CloudAuthenticationException("The user is no longer current.").add(User.class, Long.toString(callingUserId));
}
return register(user, account, contextId);
}
Also used :
Account(com.cloud.legacymodel.user.Account)
User(com.cloud.legacymodel.user.User)
CloudAuthenticationException(com.cloud.legacymodel.exceptions.CloudAuthenticationException)
Example 8 with CloudAuthenticationException
use of com.cloud.legacymodel.exceptions.CloudAuthenticationException in project cosmic by MissionCriticalCloud.
the class QueryManagerImpl method searchForServiceOfferingsInternal.
private Pair<List<ServiceOfferingJoinVO>, Integer> searchForServiceOfferingsInternal(final ListServiceOfferingsCmd cmd) {
// Note
// The filteredOfferings method for offerings is being modified in accordance with
// discussion with Will/Kevin
// For now, we will be listing the following based on the usertype
// 1. For root, we will filteredOfferings all offerings
// 2. For domainAdmin and regular users, we will filteredOfferings everything in
// their domains+parent domains ... all the way
// till
// root
Boolean isAscending = Boolean.parseBoolean(_configDao.getValue("sortkey.algorithm"));
isAscending = isAscending == null ? true : isAscending;
final Filter searchFilter = new Filter(ServiceOfferingJoinVO.class, "sortKey", isAscending, cmd.getStartIndex(), cmd.getPageSizeVal());
final Account caller = CallContext.current().getCallingAccount();
final Object name = cmd.getServiceOfferingName();
final Object id = cmd.getId();
final Object keyword = cmd.getKeyword();
final Long vmId = cmd.getVirtualMachineId();
final Long domainId = cmd.getDomainId();
final Boolean isSystem = cmd.getIsSystem();
final String vmTypeStr = cmd.getSystemVmType();
final ServiceOfferingVO currentVmOffering;
final Boolean isRecursive = cmd.isRecursive();
final SearchCriteria<ServiceOfferingJoinVO> sc = _srvOfferingJoinDao.createSearchCriteria();
if (!_accountMgr.isRootAdmin(caller.getId()) && isSystem) {
throw new InvalidParameterValueException("Only ROOT admins can access system's offering");
}
// domain
if (domainId != null && !_accountMgr.isRootAdmin(caller.getId())) {
// child of so's domain
if (!isPermissible(caller.getDomainId(), domainId)) {
throw new PermissionDeniedException("The account:" + caller.getAccountName() + " does not fall in the same domain hierarchy as the service offering");
}
}
if (vmId != null) {
final VMInstanceVO vmInstance = _vmInstanceDao.findById(vmId);
if (vmInstance == null || vmInstance.getRemoved() != null) {
final InvalidParameterValueException ex = new InvalidParameterValueException("unable to find a virtual machine with specified id");
ex.addProxyObject(vmId.toString(), "vmId");
throw ex;
}
_accountMgr.checkAccess(caller, null, true, vmInstance);
currentVmOffering = _srvOfferingDao.findByIdIncludingRemoved(vmInstance.getId(), vmInstance.getServiceOfferingId());
sc.addAnd("id", SearchCriteria.Op.NEQ, currentVmOffering.getId());
// 1. Only return offerings with the same storage type
sc.addAnd("useLocalStorage", SearchCriteria.Op.EQ, currentVmOffering.getUseLocalStorage());
// 2.In case vm is running return only offerings greater than equal to current offering compute.
if (vmInstance.getState() == VirtualMachine.State.Running) {
sc.addAnd("cpu", Op.GTEQ, currentVmOffering.getCpu());
sc.addAnd("ramSize", Op.GTEQ, currentVmOffering.getRamSize());
}
}
// boolean includePublicOfferings = false;
if (_accountMgr.isNormalUser(caller.getId()) || _accountMgr.isDomainAdmin(caller.getId()) || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
// For non-root users.
if (isSystem) {
throw new InvalidParameterValueException("Only root admins can access system's offering");
}
if (isRecursive) {
// domain + all sub-domains
if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
throw new InvalidParameterValueException("Only ROOT admins and Domain admins can list service offerings with isrecursive=true");
}
final DomainVO domainRecord = _domainDao.findById(caller.getDomainId());
sc.addAnd("domainPath", SearchCriteria.Op.LIKE, domainRecord.getPath() + "%");
} else {
// domain + all ancestors
// find all domain Id up to root domain for this account
final List<Long> domainIds = new ArrayList<>();
DomainVO domainRecord;
if (vmId != null) {
final UserVmVO vmInstance = _userVmDao.findById(vmId);
domainRecord = _domainDao.findById(vmInstance.getDomainId());
if (domainRecord == null) {
s_logger.error("Could not find the domainId for vmId:" + vmId);
throw new CloudAuthenticationException("Could not find the domainId for vmId:" + vmId);
}
} else {
domainRecord = _domainDao.findById(caller.getDomainId());
if (domainRecord == null) {
s_logger.error("Could not find the domainId for account:" + caller.getAccountName());
throw new CloudAuthenticationException("Could not find the domainId for account:" + caller.getAccountName());
}
}
domainIds.add(domainRecord.getId());
while (domainRecord.getParent() != null) {
domainRecord = _domainDao.findById(domainRecord.getParent());
domainIds.add(domainRecord.getId());
}
final SearchCriteria<ServiceOfferingJoinVO> spc = _srvOfferingJoinDao.createSearchCriteria();
spc.addOr("domainId", SearchCriteria.Op.IN, domainIds.toArray());
// include public offering as well
spc.addOr("domainId", SearchCriteria.Op.NULL);
sc.addAnd("domainId", SearchCriteria.Op.SC, spc);
}
} else {
// for root users
if (caller.getDomainId() != 1 && isSystem) {
// NON ROOT admin
throw new InvalidParameterValueException("Non ROOT admins cannot access system's offering");
}
if (domainId != null) {
sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId);
}
}
if (keyword != null) {
final SearchCriteria<ServiceOfferingJoinVO> ssc = _srvOfferingJoinDao.createSearchCriteria();
ssc.addOr("displayText", SearchCriteria.Op.LIKE, "%" + keyword + "%");
ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
sc.addAnd("name", SearchCriteria.Op.SC, ssc);
}
if (id != null) {
sc.addAnd("id", SearchCriteria.Op.EQ, id);
}
if (isSystem != null) {
// note that for non-root users, isSystem is always false when
// control comes to here
sc.addAnd("systemUse", SearchCriteria.Op.EQ, isSystem);
}
if (name != null) {
sc.addAnd("name", SearchCriteria.Op.EQ, name);
}
if (vmTypeStr != null) {
sc.addAnd("vmType", SearchCriteria.Op.EQ, vmTypeStr);
}
final Pair<List<ServiceOfferingJoinVO>, Integer> result = _srvOfferingJoinDao.searchAndCount(sc, searchFilter);
return result;
}
Also used :
Account(com.cloud.legacymodel.user.Account)
UserVmVO(com.cloud.vm.UserVmVO)
ServiceOfferingJoinVO(com.cloud.api.query.vo.ServiceOfferingJoinVO)
CloudAuthenticationException(com.cloud.legacymodel.exceptions.CloudAuthenticationException)
ArrayList(java.util.ArrayList)
VMInstanceVO(com.cloud.vm.VMInstanceVO)
ServiceOfferingVO(com.cloud.service.ServiceOfferingVO)
DomainVO(com.cloud.domain.DomainVO)
Filter(com.cloud.utils.db.Filter)
TemplateFilter(com.cloud.legacymodel.storage.VirtualMachineTemplate.TemplateFilter)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 9 with CloudAuthenticationException
use of com.cloud.legacymodel.exceptions.CloudAuthenticationException in project cosmic by MissionCriticalCloud.
the class QueryManagerImpl method searchForDiskOfferingsInternal.
private Pair<List<DiskOfferingJoinVO>, Integer> searchForDiskOfferingsInternal(final ListDiskOfferingsCmd cmd) {
// Note
// The list method for offerings is being modified in accordance with
// discussion with Will/Kevin
// For now, we will be listing the following based on the usertype
// 1. For root, we will list all offerings
// 2. For domainAdmin and regular users, we will list everything in
// their domains+parent domains ... all the way
// till
// root
Boolean isAscending = Boolean.parseBoolean(_configDao.getValue("sortkey.algorithm"));
isAscending = isAscending == null ? true : isAscending;
final Filter searchFilter = new Filter(DiskOfferingJoinVO.class, "sortKey", isAscending, cmd.getStartIndex(), cmd.getPageSizeVal());
final SearchCriteria<DiskOfferingJoinVO> sc = _diskOfferingJoinDao.createSearchCriteria();
sc.addAnd("type", Op.EQ, DiskOfferingVO.Type.Disk);
final Account account = CallContext.current().getCallingAccount();
final Object name = cmd.getDiskOfferingName();
final Object id = cmd.getId();
final Object keyword = cmd.getKeyword();
final Long domainId = cmd.getDomainId();
final Boolean isRootAdmin = _accountMgr.isRootAdmin(account.getAccountId());
final Boolean isRecursive = cmd.isRecursive();
// associated with this domain
if (domainId != null) {
if (_accountMgr.isRootAdmin(account.getId()) || isPermissible(account.getDomainId(), domainId)) {
// check if the user's domain == do's domain || user's domain is
// a child of so's domain for non-root users
sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId);
if (!isRootAdmin) {
sc.addAnd("displayOffering", SearchCriteria.Op.EQ, 1);
}
return _diskOfferingJoinDao.searchAndCount(sc, searchFilter);
} else {
throw new PermissionDeniedException("The account:" + account.getAccountName() + " does not fall in the same domain hierarchy as the disk offering");
}
}
final List<Long> domainIds;
// and everything above till root
if (_accountMgr.isNormalUser(account.getId()) || _accountMgr.isDomainAdmin(account.getId()) || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
if (isRecursive) {
// domain + all sub-domains
if (account.getType() == Account.ACCOUNT_TYPE_NORMAL) {
throw new InvalidParameterValueException("Only ROOT admins and Domain admins can list disk offerings with isrecursive=true");
}
final DomainVO domainRecord = _domainDao.findById(account.getDomainId());
sc.addAnd("domainPath", SearchCriteria.Op.LIKE, domainRecord.getPath() + "%");
} else {
// domain + all ancestors
// find all domain Id up to root domain for this account
domainIds = new ArrayList<>();
DomainVO domainRecord = _domainDao.findById(account.getDomainId());
if (domainRecord == null) {
s_logger.error("Could not find the domainId for account:" + account.getAccountName());
throw new CloudAuthenticationException("Could not find the domainId for account:" + account.getAccountName());
}
domainIds.add(domainRecord.getId());
while (domainRecord.getParent() != null) {
domainRecord = _domainDao.findById(domainRecord.getParent());
domainIds.add(domainRecord.getId());
}
final SearchCriteria<DiskOfferingJoinVO> spc = _diskOfferingJoinDao.createSearchCriteria();
spc.addOr("domainId", SearchCriteria.Op.IN, domainIds.toArray());
// include public offering as where
spc.addOr("domainId", SearchCriteria.Op.NULL);
sc.addAnd("domainId", SearchCriteria.Op.SC, spc);
// non-root users should not see system offering at all
sc.addAnd("systemUse", SearchCriteria.Op.EQ, false);
}
}
if (keyword != null) {
final SearchCriteria<DiskOfferingJoinVO> ssc = _diskOfferingJoinDao.createSearchCriteria();
ssc.addOr("displayText", SearchCriteria.Op.LIKE, "%" + keyword + "%");
ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
sc.addAnd("name", SearchCriteria.Op.SC, ssc);
}
if (id != null) {
sc.addAnd("id", SearchCriteria.Op.EQ, id);
}
if (name != null) {
sc.addAnd("name", SearchCriteria.Op.EQ, name);
}
return _diskOfferingJoinDao.searchAndCount(sc, searchFilter);
}
Also used :
Account(com.cloud.legacymodel.user.Account)
CloudAuthenticationException(com.cloud.legacymodel.exceptions.CloudAuthenticationException)
DiskOfferingJoinVO(com.cloud.api.query.vo.DiskOfferingJoinVO)
DomainVO(com.cloud.domain.DomainVO)
Filter(com.cloud.utils.db.Filter)
TemplateFilter(com.cloud.legacymodel.storage.VirtualMachineTemplate.TemplateFilter)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
Example 10 with CloudAuthenticationException
use of com.cloud.legacymodel.exceptions.CloudAuthenticationException in project cosmic by MissionCriticalCloud.
the class ApiServer method loginUser.
@Override
public ResponseObject loginUser(final HttpSession session, final String username, final String password, Long domainId, final String domainPath, final InetAddress loginIpAddress, final Map<String, Object[]> requestParameters) throws CloudAuthenticationException {
// we will default to ROOT
if (domainId == null) {
if (domainPath == null || domainPath.trim().length() == 0) {
domainId = Domain.ROOT_DOMAIN;
} else {
final Domain domainObj = _domainMgr.findDomainByPath(domainPath);
if (domainObj != null) {
domainId = domainObj.getId();
} else {
// if an unknown path is passed in, fail the login call
throw new CloudAuthenticationException("Unable to find the domain from the path " + domainPath);
}
}
}
final UserAccount userAcct = _accountMgr.authenticateUser(username, password, domainId, loginIpAddress, requestParameters);
if (userAcct != null) {
final String timezone = userAcct.getTimezone();
float offsetInHrs = 0f;
if (timezone != null) {
final TimeZone t = TimeZone.getTimeZone(timezone);
s_logger.info("Current user logged in under " + timezone + " timezone");
final java.util.Date date = new java.util.Date();
final long longDate = date.getTime();
final float offsetInMs = (t.getOffset(longDate));
offsetInHrs = offsetInMs / (1000 * 60 * 60);
s_logger.info("Timezone offset from UTC is: " + offsetInHrs);
}
final Account account = _accountMgr.getAccount(userAcct.getAccountId());
// set the userId and account object for everyone
session.setAttribute("userid", userAcct.getId());
final UserVO user = (UserVO) _accountMgr.getActiveUser(userAcct.getId());
if (user.getUuid() != null) {
session.setAttribute("user_UUID", user.getUuid());
}
session.setAttribute("username", userAcct.getUsername());
session.setAttribute("firstname", userAcct.getFirstname());
session.setAttribute("lastname", userAcct.getLastname());
session.setAttribute("accountobj", account);
session.setAttribute("account", account.getAccountName());
session.setAttribute("domainid", account.getDomainId());
final DomainVO domain = (DomainVO) _domainMgr.getDomain(account.getDomainId());
if (domain.getUuid() != null) {
session.setAttribute("domain_UUID", domain.getUuid());
}
if (domain.getName() != null) {
session.setAttribute(ApiConstants.DOMAIN_NAME, domain.getName());
}
session.setAttribute("type", Short.valueOf(account.getType()).toString());
session.setAttribute("registrationtoken", userAcct.getRegistrationToken());
session.setAttribute("registered", Boolean.toString(userAcct.isRegistered()));
if (timezone != null) {
session.setAttribute("timezone", timezone);
session.setAttribute("timezoneoffset", Float.valueOf(offsetInHrs).toString());
}
// (bug 5483) generate a session key that the user must submit on every request to prevent CSRF, add that
// to the login response so that session-based authenticators know to send the key back
final SecureRandom sesssionKeyRandom = new SecureRandom();
final byte[] sessionKeyBytes = new byte[20];
sesssionKeyRandom.nextBytes(sessionKeyBytes);
final String sessionKey = Base64.encodeBase64URLSafeString(sessionKeyBytes);
session.setAttribute(ApiConstants.SESSIONKEY, sessionKey);
return createLoginResponse(session);
}
throw new CloudAuthenticationException("Failed to authenticate user " + username + " in domain " + domainId + "; please provide valid credentials");
}
Also used :
UserAccount(com.cloud.legacymodel.user.UserAccount)
Account(com.cloud.legacymodel.user.Account)
CloudAuthenticationException(com.cloud.legacymodel.exceptions.CloudAuthenticationException)
Date(java.util.Date)
SecureRandom(java.security.SecureRandom)
Date(java.util.Date)
ResponseDate(org.apache.http.protocol.ResponseDate)
DomainVO(com.cloud.domain.DomainVO)
TimeZone(java.util.TimeZone)
UserVO(com.cloud.user.UserVO)
Domain(com.cloud.legacymodel.domain.Domain)
UserAccount(com.cloud.legacymodel.user.UserAccount)
Aggregations
CloudAuthenticationException (com.cloud.legacymodel.exceptions.CloudAuthenticationException)13
Account (com.cloud.legacymodel.user.Account)11
User (com.cloud.legacymodel.user.User)7
DomainVO (com.cloud.domain.DomainVO)5
TemplateFilter (com.cloud.legacymodel.storage.VirtualMachineTemplate.TemplateFilter)3
UserAccount (com.cloud.legacymodel.user.UserAccount)3
Filter (com.cloud.utils.db.Filter)3
Domain (com.cloud.legacymodel.domain.Domain)2
InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)2
PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)2
ArrayList (java.util.ArrayList)2
HashSet (java.util.HashSet)2
List (java.util.List)2
ServerApiException (com.cloud.api.ServerApiException)1
DataCenterJoinVO (com.cloud.api.query.vo.DataCenterJoinVO)1
DiskOfferingJoinVO (com.cloud.api.query.vo.DiskOfferingJoinVO)1
ServiceOfferingJoinVO (com.cloud.api.query.vo.ServiceOfferingJoinVO)1
UserAuthenticator (com.cloud.server.auth.UserAuthenticator)1
ActionOnFailedAuthentication (com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication)1
ServiceOfferingVO (com.cloud.service.ServiceOfferingVO)1
