Example 1 with APIChecker
use of org.apache.cloudstack.acl.APIChecker in project cloudstack by apache.
the class ApiServer method checkCommandAvailable.
private void checkCommandAvailable(final User user, final String commandName, final InetAddress remoteAddress) throws PermissionDeniedException {
if (user == null) {
throw new PermissionDeniedException("User is null for role based API access check for command" + commandName);
}
final Account account = accountMgr.getAccount(user.getAccountId());
final String accessAllowedCidrs = ApiServiceConfiguration.ApiAllowedSourceCidrList.valueIn(account.getId()).replaceAll("\\s", "");
final Boolean apiSourceCidrChecksEnabled = ApiServiceConfiguration.ApiSourceCidrChecksEnabled.value();
if (apiSourceCidrChecksEnabled) {
s_logger.debug("CIDRs from which account '" + account.toString() + "' is allowed to perform API calls: " + accessAllowedCidrs);
if (!NetUtils.isIpInCidrList(remoteAddress, accessAllowedCidrs.split(","))) {
s_logger.warn("Request by account '" + account.toString() + "' was denied since " + remoteAddress + " does not match " + accessAllowedCidrs);
throw new OriginDeniedException("Calls from disallowed origin", account, remoteAddress);
}
}
for (final APIChecker apiChecker : apiAccessCheckers) {
apiChecker.checkAccess(user, commandName);
}
}
Also used :
UserAccount(com.cloud.user.UserAccount)
Account(com.cloud.user.Account)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
APIChecker(org.apache.cloudstack.acl.APIChecker)
OriginDeniedException(com.cloud.exception.OriginDeniedException)
Example 2 with APIChecker
use of org.apache.cloudstack.acl.APIChecker in project cloudstack by apache.
the class ApiDiscoveryServiceImpl method listApis.
@Override
public ListResponse<? extends BaseResponse> listApis(User user, String name) {
ListResponse<ApiDiscoveryResponse> response = new ListResponse<ApiDiscoveryResponse>();
List<ApiDiscoveryResponse> responseList = new ArrayList<ApiDiscoveryResponse>();
if (user == null)
return null;
if (name != null) {
if (!s_apiNameDiscoveryResponseMap.containsKey(name))
return null;
for (APIChecker apiChecker : _apiAccessCheckers) {
try {
apiChecker.checkAccess(user, name);
} catch (Exception ex) {
s_logger.debug("API discovery access check failed for " + name + " with " + ex.getMessage());
return null;
}
}
responseList.add(s_apiNameDiscoveryResponseMap.get(name));
} else {
for (String apiName : s_apiNameDiscoveryResponseMap.keySet()) {
boolean isAllowed = true;
for (APIChecker apiChecker : _apiAccessCheckers) {
try {
apiChecker.checkAccess(user, apiName);
} catch (Exception ex) {
isAllowed = false;
}
}
if (isAllowed)
responseList.add(s_apiNameDiscoveryResponseMap.get(apiName));
}
}
response.setResponses(responseList);
return response;
}
Also used :
ListResponse(org.apache.cloudstack.api.response.ListResponse)
ArrayList(java.util.ArrayList)
ApiDiscoveryResponse(org.apache.cloudstack.api.response.ApiDiscoveryResponse)
APIChecker(org.apache.cloudstack.acl.APIChecker)
Aggregations
APIChecker (org.apache.cloudstack.acl.APIChecker)2
OriginDeniedException (com.cloud.exception.OriginDeniedException)1
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)1
Account (com.cloud.user.Account)1
UserAccount (com.cloud.user.UserAccount)1
ArrayList (java.util.ArrayList)1
ApiDiscoveryResponse (org.apache.cloudstack.api.response.ApiDiscoveryResponse)1
ListResponse (org.apache.cloudstack.api.response.ListResponse)1
