Merge branch 'stable' of github.com:abiquo/abiquo into ABICLOUDPREMIU…

…M-3550-StatisticsVMachinesNotAllocated
abiquo · Apr 11, 2012 · 361c015 · 361c015
2 parents 5a30c2d + b9c348f
commit 361c015
Show file tree

Hide file tree

Showing 84 changed files with 2,058 additions and 625 deletions.
diff --git a/am/src/main/java/com/abiquo/am/exceptions/AMError.java b/am/src/main/java/com/abiquo/am/exceptions/AMError.java
@@ -35,9 +35,9 @@ public enum AMError
     TEMPLATE_INVALID("TEMPLATE-INVALID", "Invalid OVF Document"), //
     TEMPLATE_INVALID_LOCATION("TEMPLATE-INVALID-LOC", "Invalid OVF URL"), //
     TEMPLATE_INVALID_MULTIPLE_DISKS("TEMPLATE-INVALID-MULTIPLE-DISK",
-        "OVF document contains no referenced disk or more than one."), TEMPLATE_INVALID_MULTIPLE_FILES(
+        "Invalid number of disks. The OVF document can only contain ONE referenced disk."), TEMPLATE_INVALID_MULTIPLE_FILES(
         "TEMPLATE-INVALID-MULTIPLE-FILE",
-        "OVF document contains no referenced file or more than one."), TEMPLATE_INVALID_DISK_REFERENCE(
+        "Invalid number of referenced files. The OVF document can only contain ONE referenced file."), TEMPLATE_INVALID_DISK_REFERENCE(
         "TEMPLATE-INVALID-DISK-REFRENCE",
         "Virtual Hardware Section contains no reference to the disk."), TEMPLATE_NOT_FOUND(
         "TEMPLATE-NOT-FOUND", "OVF Document not found in the Template Repository"), //

diff --git a/api/src/main/java/com/abiquo/api/eventing/VSMSubscriberImpl.java b/api/src/main/java/com/abiquo/api/eventing/VSMSubscriberImpl.java
@@ -38,7 +38,6 @@
 import com.abiquo.server.core.cloud.VirtualMachine;
 import com.abiquo.server.core.cloud.VirtualMachineDAO;
 import com.abiquo.server.core.cloud.VirtualMachineRep;
-import com.abiquo.server.core.cloud.VirtualMachineState;
 import com.abiquo.server.core.infrastructure.Datacenter;
 import com.abiquo.server.core.infrastructure.InfrastructureRep;
 import com.abiquo.server.core.infrastructure.RemoteService;
@@ -111,10 +110,10 @@ public void subscribe()
                     vMachineDAO.findVirtualMachinesByDatacenter(datacenter.getId());
                 for (VirtualMachine vMachine : vMachines)
                 {
-                    if (vMachine.isDeployed()
-                        && !vMachine.getState().equals(VirtualMachineState.LOCKED))
+                    if (vMachine.getState().existsInHypervisor())
                     {
-                        LOGGER.info("Refreshing subscription for virtual machine '" + vMachine.getName() + '"');
+                        LOGGER.info("Refreshing subscription for virtual machine '"
+                            + vMachine.getName() + '"');
                         vsmStub.subscribe(remoteService, vMachine, Boolean.FALSE);
                     }
                 }

diff --git a/api/src/main/java/com/abiquo/api/exceptions/APIError.java b/api/src/main/java/com/abiquo/api/exceptions/APIError.java
diff --git a/api/src/main/java/com/abiquo/api/handlers/AdminEnterpriseSecurityRequestHandler.java b/api/src/main/java/com/abiquo/api/handlers/AdminEnterpriseSecurityRequestHandler.java
@@ -0,0 +1,90 @@
+/**
+ * Abiquo community edition
+ * cloud management application for hybrid clouds
+ * Copyright (C) 2008-2010 - Abiquo Holdings S.L.
+ *
+ * This application is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU LESSER GENERAL PUBLIC
+ * LICENSE as published by the Free Software Foundation under
+ * version 3 of the License
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * LESSER GENERAL PUBLIC LICENSE v.3 for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+package com.abiquo.api.handlers;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.wink.server.handlers.HandlersChain;
+import org.apache.wink.server.handlers.MessageContext;
+import org.springframework.security.AccessDeniedException;
+
+import com.abiquo.api.resources.EnterprisesResource;
+
+/**
+ * Request handler to check permissions of the logged user to use the requested virtual datacenter.
+ * This means that all request to uris who depend on "cloud/virtualdatacenters/{id}" will be checked
+ * by this handler.
+ * 
+ * @author scastro
+ */
+public class AdminEnterpriseSecurityRequestHandler extends SecurityPathRequestHandler
+{
+
+    /**
+     * in this case must be a <code>\w</code> and not a <code>\d</code>
+     */
+    private static String ENTERPRISE_ID_REGEX = EnterprisesResource.ENTERPRISES_PATH + "/(\\w+)";
+
+    private static String ENTERPRISES_PATH_REGEX = ENTERPRISE_ID_REGEX + "[/]?.*$";
+
+    @Override
+    public boolean matches(final String path)
+    {
+        return path.matches(ENTERPRISES_PATH_REGEX);
+    }
+
+    @Override
+    public void handleRequest(final MessageContext context, final HandlersChain chain)
+        throws Throwable
+    {
+        // check if path maches with 'admin/enterprises/{id}*'
+        String path = context.getUriInfo().getPath();
+        // 1. get user from context [userName, authType, privileges list]
+        Object[] userprorps = getCurrentLoginInfo();
+
+        // 3. get enterprise id from path
+        Pattern p = Pattern.compile(ENTERPRISE_ID_REGEX);
+        Matcher m = p.matcher(path);
+        // matcher ALLWAYS must find the enterprise id in the second group (remember that group 0 is
+        // the original string)
+        m.find();
+        String gr = m.group(1);
+        if (!gr.equals("_"))
+        {
+            Integer idEnt = new Integer(gr);
+
+            boolean isAllowed =
+                getUserService().isUserAllowedToEnterprise((String) userprorps[0],
+                    (String) userprorps[1], (String[]) userprorps[2], idEnt);
+
+            if (!isAllowed)
+            {
+                // throw forbidden if is not allowed
+                throw new AccessDeniedException("Missing privilege to get info from other enterprises");
+            }
+        }
+
+        // finally
+        chain.doChain(context);
+    }
+}
diff --git a/api/src/main/java/com/abiquo/api/handlers/CloudEnterpriseSecurityRequestHandler.java b/api/src/main/java/com/abiquo/api/handlers/CloudEnterpriseSecurityRequestHandler.java
@@ -26,14 +26,10 @@
 
 import org.apache.wink.server.handlers.HandlersChain;
 import org.apache.wink.server.handlers.MessageContext;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.context.SecurityContextHolder;
 
 import com.abiquo.api.exceptions.APIError;
 import com.abiquo.api.exceptions.NotFoundException;
 import com.abiquo.api.resources.cloud.VirtualDatacentersResource;
-import com.abiquo.api.spring.security.AbiquoUserDetails;
-import com.abiquo.server.core.enterprise.User.AuthType;
 
 /**
  * Request handler to check permissions of the logged user to use the requested virtual datacenter.
@@ -42,79 +38,49 @@
  * 
  * @author scastro
  */
-public class CloudEnterpriseSecurityRequestHandler extends SecurityRequestHandler
+public class CloudEnterpriseSecurityRequestHandler extends SecurityPathRequestHandler
 {
 
     private static String VIRTUAL_DATACENTER_ID_REGEX =
         VirtualDatacentersResource.VIRTUAL_DATACENTERS_PATH + "/(\\d+)";
 
     private static String VIRTUAL_DATACENTER_PATH_REGEX = VIRTUAL_DATACENTER_ID_REGEX + "[/]?.*$";
 
+    @Override
+    public boolean matches(final String path)
+    {
+        return path.matches(VIRTUAL_DATACENTER_PATH_REGEX);
+    }
+
     @Override
     public void handleRequest(final MessageContext context, final HandlersChain chain)
         throws Throwable
     {
         // check if path maches with 'cloud/virtualdatacenter/{id}*'
         String path = context.getUriInfo().getPath();
-        if (path.matches(VIRTUAL_DATACENTER_PATH_REGEX))
-        {
-            // 1. get user from context [userName, authType, privileges list]
-            Object[] userprorps = getCurrentLoginUsername();
+        // 1. get user from context [userName, authType, privileges list]
+        Object[] userprorps = getCurrentLoginInfo();
 
-            // 3. get virtualdatacenter id from path
-            Pattern p = Pattern.compile(VIRTUAL_DATACENTER_ID_REGEX);
-            Matcher m = p.matcher(path);
-            // matcher ALLWAYS must find the vdc id in the second group (remember that group 0 is
-            // the original string)
-            m.find();
-            Integer idVdc = new Integer(m.group(1));
+        // 3. get virtualdatacenter id from path
+        Pattern p = Pattern.compile(VIRTUAL_DATACENTER_ID_REGEX);
+        Matcher m = p.matcher(path);
+        // matcher ALLWAYS must find the vdc id in the second group (remember that group 0 is
+        // the original string)
+        m.find();
+        Integer idVdc = new Integer(m.group(1));
 
-            boolean isAllowed =
-                getUserService().isUserAllowedToUseVirtualDatacenter((String) userprorps[0],
-                    (String) userprorps[1], (String[]) userprorps[2], idVdc);
+        boolean isAllowed =
+            getUserService().isUserAllowedToUseVirtualDatacenter((String) userprorps[0],
+                (String) userprorps[1], (String[]) userprorps[2], idVdc);
 
-            if (!isAllowed)
-            {
-                // throw not found if is not allowed
-                throw new NotFoundException(APIError.NON_EXISTENT_VIRTUAL_DATACENTER);
-            }
+        if (!isAllowed)
+        {
+            // throw not found if is not allowed
+            throw new NotFoundException(APIError.NON_EXISTENT_VIRTUAL_DATACENTER);
         }
 
         // finally
         chain.doChain(context);
     }
 
-    private Object[] getCurrentLoginUsername()
-    {
-        String authtype = "";
-        String username = "";
-        String[] privileges = null;
-        if (SecurityContextHolder.getContext().getAuthentication().getPrincipal() instanceof AbiquoUserDetails)
-        {
-            AbiquoUserDetails details =
-                (AbiquoUserDetails) SecurityContextHolder.getContext().getAuthentication()
-                    .getPrincipal();
-
-            AuthType authType =
-                AuthType.valueOf(details.getAuthType() != null ? details.getAuthType()
-                    : AuthType.ABIQUO.name());
-            authtype = authType.name();
-            username = details.getUsername();
-            GrantedAuthority[] autorities = details.getAuthorities();
-            privileges = new String[autorities.length];
-            for (int i = 0; i < autorities.length; i++)
-            {
-                privileges[i] = autorities[i].getAuthority().replaceFirst("ROLE_", "");
-            }
-        }
-        else
-        { // Backward compatibility and bzngine
-            username = SecurityContextHolder.getContext().getAuthentication().getName();
-            throw new RuntimeException("The authentication was not an AbiquoUserDetails but "
-                + SecurityContextHolder.getContext().getAuthentication().getClass()
-                    .getCanonicalName());
-        }
-
-        return new Object[] {username, authtype, privileges};
-    }
 }
diff --git a/api/src/main/java/com/abiquo/api/handlers/RESTHandlerFactory.java b/api/src/main/java/com/abiquo/api/handlers/RESTHandlerFactory.java
@@ -41,8 +41,11 @@ public class RESTHandlerFactory extends HandlersFactory
         // Injects the IRESTLinkBuilder object to all the methods.
         listOfHandlers.add(new RESTHandler());
 
-        // security
-        listOfHandlers.add(new CloudEnterpriseSecurityRequestHandler());
+        // security path handlers
+        List<SecurityPathRequestHandler> pathHandlers = new ArrayList<SecurityPathRequestHandler>();
+        pathHandlers.add(new CloudEnterpriseSecurityRequestHandler());
+        pathHandlers.add(new AdminEnterpriseSecurityRequestHandler());
+        listOfHandlers.add(new SecurityPathRequestHandler(pathHandlers));
 
         return listOfHandlers;
     }