You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2013/11/21 21:50:20 UTC
git commit: updated refs/heads/4.3 to 98ed8b7
Updated Branches:
refs/heads/4.3 b792e5627 -> 98ed8b7e5
Added missing @Inject to the ipAddressManager
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/98ed8b7e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/98ed8b7e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/98ed8b7e
Branch: refs/heads/4.3
Commit: 98ed8b7e59d7a9445b53b11dc2607b4d1816955a
Parents: b792e56
Author: Alena Prokharchyk <al...@citrix.com>
Authored: Thu Nov 21 12:50:04 2013 -0800
Committer: Alena Prokharchyk <al...@citrix.com>
Committed: Thu Nov 21 12:50:04 2013 -0800
----------------------------------------------------------------------
.../src/com/cloud/user/AccountManagerImpl.java | 147 +++++++++----------
1 file changed, 71 insertions(+), 76 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/98ed8b7e/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 27fd66a..f8c59e2 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -235,7 +235,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Inject
private AffinityGroupDao _affinityGroupDao;
@Inject
-
private AccountGuestVlanMapDao _accountGuestVlanMapDao;
@Inject
private DataCenterVnetDao _dataCenterVnetDao;
@@ -253,6 +252,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
private List<UserAuthenticator> _userAuthenticators;
List<UserAuthenticator> _userPasswordEncoders;
+ @Inject
protected IpAddressManager _ipAddrMgr;
private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("AccountChecker"));
@@ -263,15 +263,15 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
AccountVO _systemAccount;
List<SecurityChecker> _securityCheckers;
-
- int _cleanupInterval;
+
+ int _cleanupInterval;
public List<UserAuthenticator> getUserAuthenticators() {
- return _userAuthenticators;
+ return _userAuthenticators;
}
public void setUserAuthenticators(List<UserAuthenticator> authenticators) {
- _userAuthenticators = authenticators;
+ _userAuthenticators = authenticators;
}
public List<UserAuthenticator> getUserPasswordEncoders() {
@@ -283,13 +283,13 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
}
public List<SecurityChecker> getSecurityCheckers() {
- return _securityCheckers;
- }
+ return _securityCheckers;
+ }
+
+ public void setSecurityCheckers(List<SecurityChecker> securityCheckers) {
+ _securityCheckers = securityCheckers;
+ }
- public void setSecurityCheckers(List<SecurityChecker> securityCheckers) {
- _securityCheckers = securityCheckers;
- }
-
@Override
public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
_systemAccount = _accountDao.findById(AccountVO.ACCOUNT_ID_SYSTEM);
@@ -317,7 +317,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
public UserVO getSystemUser() {
if (_systemUser == null) {
_systemUser = _userDao.findById(User.UID_SYSTEM);
- }
+ }
return _systemUser;
}
@@ -491,14 +491,14 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
UserAccountVO user = null;
user = _userAccountDao.lockRow(id, true);
user.setLoginAttempts(attempts);
- if(toDisable) {
+ if (toDisable) {
user.setState(State.disabled.toString());
}
_userAccountDao.update(id, user);
}
});
} catch (Exception e) {
- s_logger.error("Failed to update login attempts for user with id " + id );
+ s_logger.error("Failed to update login attempts for user with id " + id);
}
}
@@ -518,7 +518,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
return success;
}
-
protected boolean lockAccount(long accountId) {
boolean success = false;
Account account = _accountDao.findById(accountId);
@@ -544,7 +543,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
public boolean deleteAccount(AccountVO account, long callerUserId, Account caller) {
long accountId = account.getId();
- //delete the account record
+ // delete the account record
if (!_accountDao.remove(accountId)) {
s_logger.error("Unable to delete account " + accountId);
return false;
@@ -557,13 +556,12 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
return cleanupAccount(account, callerUserId, caller);
}
-
protected boolean cleanupAccount(AccountVO account, long callerUserId, Account caller) {
long accountId = account.getId();
boolean accountCleanupNeeded = false;
try {
- //cleanup the users from the account
+ // cleanup the users from the account
List<UserVO> users = _userDao.listByAccount(accountId);
for (UserVO user : users) {
if (!_userDao.remove(user.getId())) {
@@ -578,7 +576,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
_gslbService.revokeAllGslbRulesForAccount(caller, accountId);
}
- //delete the account from project accounts
+ // delete the account from project accounts
_projectAccountDao.removeAccountFromProjects(accountId);
// delete all vm groups belonging to accont
@@ -686,7 +684,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
}
}
- //Delete all VPCs
+ // Delete all VPCs
boolean vpcsDeleted = true;
s_logger.debug("Deleting vpcs for account " + account.getId());
List<? extends Vpc> vpcs = _vpcMgr.getVpcsForAccount(account.getId());
@@ -707,8 +705,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
for (IpAddress ip : ipsToRelease) {
s_logger.debug("Releasing ip " + ip + " as a part of account id=" + accountId + " cleanup");
if (!_ipAddrMgr.disassociatePublicIpAddress(ip.getId(), callerUserId, caller)) {
- s_logger.warn("Failed to release ip address " + ip + " as a part of account id=" + accountId + " clenaup");
- accountCleanupNeeded = true;
+ s_logger.warn("Failed to release ip address " + ip + " as a part of account id=" + accountId + " clenaup");
+ accountCleanupNeeded = true;
}
}
}
@@ -752,18 +750,19 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
s_logger.debug("Releasing portable ip " + ip + " as a part of account id=" + accountId + " cleanup");
_ipAddrMgr.releasePortableIpAddress(ip.getId());
}
- //release dedication if any
+ // release dedication if any
List<DedicatedResourceVO> dedicatedResources = _dedicatedDao.listByAccountId(accountId);
if (dedicatedResources != null && !dedicatedResources.isEmpty()) {
s_logger.debug("Releasing dedicated resources for account " + accountId);
- for (DedicatedResourceVO dr : dedicatedResources){
+ for (DedicatedResourceVO dr : dedicatedResources) {
if (!_dedicatedDao.remove(dr.getId())) {
s_logger.warn("Fail to release dedicated resources for account " + accountId);
}
}
}
- // Updating and deleting the resourceLimit and resourceCount should be the last step in cleanupAccount process.
+ // Updating and deleting the resourceLimit and resourceCount should be the last step in cleanupAccount
+// process.
// Update resource count for this account and for parent domains.
List<ResourceCountVO> resourceCounts = _resourceCountDao.listByOwnerId(accountId, ResourceOwnerType.Account);
for (ResourceCountVO resourceCount : resourceCounts) {
@@ -856,15 +855,15 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
// ////////////// API commands /////////////////////
// ///////////////////////////////////////////////////
-
@Override
@DB
@ActionEvents({
- @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_CREATE, eventDescription = "creating Account"),
- @ActionEvent(eventType = EventTypes.EVENT_USER_CREATE, eventDescription = "creating User")
+ @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_CREATE, eventDescription = "creating Account"),
+ @ActionEvent(eventType = EventTypes.EVENT_USER_CREATE, eventDescription = "creating User")
})
- public UserAccount createUserAccount(final String userName, final String password, final String firstName, final String lastName, final String email, final String timezone, String accountName, final short accountType,
- Long domainId, final String networkDomain, final Map<String, String> details, String accountUUID, final String userUUID) {
+ public UserAccount createUserAccount(final String userName, final String password, final String firstName, final String lastName, final String email, final String timezone, String accountName,
+ final short accountType,
+ Long domainId, final String networkDomain, final Map<String, String> details, String accountUUID, final String userUUID) {
if (accountName == null) {
accountName = userName;
@@ -914,15 +913,15 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
public Pair<Long, Account> doInTransaction(TransactionStatus status) {
// create account
String accountUUID = accountUUIDFinal;
- if(accountUUID == null){
+ if (accountUUID == null) {
accountUUID = UUID.randomUUID().toString();
}
AccountVO account = createAccount(accountNameFinal, accountType, domainIdFinal, networkDomain, details, accountUUID);
long accountId = account.getId();
-
+
// create the first user for the account
UserVO user = createUser(accountId, userName, password, firstName, lastName, email, timezone, userUUID);
-
+
if (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
// set registration token
byte[] bytes = (domainIdFinal + accountNameFinal + userName + System.currentTimeMillis()).getBytes();
@@ -938,7 +937,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
CallContext.current().putContextParameter(Account.class, account.getUuid());
- //check success
+ // check success
return _userAccountDao.findById(userId);
}
@@ -1009,7 +1008,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new InvalidParameterValueException("unable to find user by id");
}
- //don't allow updating system account
+ // don't allow updating system account
if (account != null && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) {
throw new PermissionDeniedException("user id : " + id + " is system account, update is not allowed");
}
@@ -1172,15 +1171,14 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public Boolean doInTransaction(TransactionStatus status) {
boolean success = doSetUserStatus(userId, State.enabled);
-
+
// make sure the account is enabled too
success = success && enableAccount(user.getAccountId());
-
+
return success;
}
});
-
if (success) {
// whenever the user is successfully enabled, reset the login attempts to zero
updateLoginAttempts(userId, 0, false);
@@ -1281,7 +1279,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
checkAccess(caller, null, true, account);
- //don't allow to delete default account (system and admin)
+ // don't allow to delete default account (system and admin)
if (account.isDefault()) {
throw new InvalidParameterValueException("The account is default and can't be removed");
}
@@ -1500,8 +1498,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
throw new InvalidParameterValueException("The specified user doesn't exist in the system");
}
-
- //don't allow to delete default user (system and admin users)
+
+ // don't allow to delete default user (system and admin users)
if (user.isDefault()) {
throw new InvalidParameterValueException("The user is default and can't be removed");
}
@@ -1555,11 +1553,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
try {
List<AccountVO> accountsForCleanupInDomain = _accountDao.findCleanupsForRemovedAccounts(domainId);
if (accountsForCleanupInDomain.isEmpty()) {
- //release dedication if any, before deleting the domain
+ // release dedication if any, before deleting the domain
List<DedicatedResourceVO> dedicatedResources = _dedicatedDao.listByDomainId(domainId);
if (dedicatedResources != null && !dedicatedResources.isEmpty()) {
s_logger.debug("Releasing dedicated resources for domain" + domainId);
- for (DedicatedResourceVO dr : dedicatedResources){
+ for (DedicatedResourceVO dr : dedicatedResources) {
if (!_dedicatedDao.remove(dr.getId())) {
s_logger.warn("Fail to release dedicated resources for domain " + domainId);
}
@@ -1684,18 +1682,18 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
// Account type to role type translation
switch (accountType) {
- case Account.ACCOUNT_TYPE_ADMIN:
- roleType = RoleType.Admin;
- break;
- case Account.ACCOUNT_TYPE_DOMAIN_ADMIN:
- roleType = RoleType.DomainAdmin;
- break;
- case Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN:
- roleType = RoleType.ResourceAdmin;
- break;
- case Account.ACCOUNT_TYPE_NORMAL:
- roleType = RoleType.User;
- break;
+ case Account.ACCOUNT_TYPE_ADMIN:
+ roleType = RoleType.Admin;
+ break;
+ case Account.ACCOUNT_TYPE_DOMAIN_ADMIN:
+ roleType = RoleType.DomainAdmin;
+ break;
+ case Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN:
+ roleType = RoleType.ResourceAdmin;
+ break;
+ case Account.ACCOUNT_TYPE_NORMAL:
+ roleType = RoleType.User;
+ break;
}
return roleType;
}
@@ -1710,7 +1708,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
return _userDao.findByIdIncludingRemoved(userId);
}
-
@Override
public User getActiveUserByRegistrationToken(String registrationToken) {
return _userDao.findUserByRegistrationToken(registrationToken);
@@ -1770,20 +1767,20 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public AccountVO doInTransaction(TransactionStatus status) {
AccountVO account = _accountDao.persist(new AccountVO(accountName, domainId, networkDomain, accountType, uuid));
-
+
if (account == null) {
throw new CloudRuntimeException("Failed to create account name " + accountName + " in domain id=" + domainId);
}
-
+
Long accountId = account.getId();
-
+
if (details != null) {
_accountDetailsDao.persist(accountId, details);
}
-
+
// Create resource count records for the account
_resourceCountDao.createResourceCounts(accountId, ResourceLimit.ResourceOwnerType.Account);
-
+
// Create default security group
_networkGroupMgr.createDefaultSecurityGroup(accountId);
@@ -1798,7 +1795,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
}
String encodedPassword = null;
- for (UserAuthenticator authenticator : _userPasswordEncoders) {
+ for (UserAuthenticator authenticator : _userPasswordEncoders) {
encodedPassword = authenticator.encode(password);
if (encodedPassword != null) {
break;
@@ -1808,8 +1805,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new CloudRuntimeException("Failed to encode password");
}
- if(userUUID == null){
- userUUID = UUID.randomUUID().toString();
+ if (userUUID == null) {
+ userUUID = UUID.randomUUID().toString();
}
UserVO user = _userDao.persist(new UserVO(accountId, userName, encodedPassword, firstName, lastName, email, timezone, userUUID));
CallContext.current().putContextParameter(User.class, user.getUuid());
@@ -1824,7 +1821,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
} // else log some kind of error event? This likely means the user doesn't exist, or has been deleted...
}
-
@Override
public UserAccount authenticateUser(String username, String password, Long domainId, String loginIpAddress, Map<String, Object[]> requestParameters) {
UserAccount user = null;
@@ -1925,7 +1921,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
}
if (user != null) {
- //don't allow to authenticate system user
+ // don't allow to authenticate system user
if (user.getId() == User.UID_SYSTEM) {
s_logger.error("Failed to authenticate user: " + username + " in domain " + domainId);
return null;
@@ -1956,7 +1952,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
}
boolean authenticated = false;
- for(UserAuthenticator authenticator : _userAuthenticators) {
+ for (UserAuthenticator authenticator : _userAuthenticators) {
if (authenticator.authenticate(username, password, domainId, requestParameters)) {
authenticated = true;
break;
@@ -1984,7 +1980,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
// return null;
}
// Whenever the user is able to log in successfully, reset the login attempts to zero
- if(!isInternalAccount(userAccount.getType()))
+ if (!isInternalAccount(userAccount.getType()))
updateLoginAttempts(userAccount.getId(), 0, false);
return userAccount;
@@ -1997,11 +1993,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (userAccount != null) {
if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
if (!isInternalAccount(userAccount.getType())) {
- //Internal accounts are not disabled
+ // Internal accounts are not disabled
int attemptsMade = userAccount.getLoginAttempts() + 1;
if (attemptsMade < _allowedLoginAttempts) {
updateLoginAttempts(userAccount.getId(), attemptsMade, false);
- s_logger.warn("Login attempt failed. You have " + ( _allowedLoginAttempts - attemptsMade ) + " attempt(s) remaining");
+ s_logger.warn("Login attempt failed. You have " + (_allowedLoginAttempts - attemptsMade) + " attempt(s) remaining");
} else {
updateLoginAttempts(userAccount.getId(), _allowedLoginAttempts, true);
s_logger.warn("User " + userAccount.getUsername() + " has been disabled due to multiple failed login attempts." +
@@ -2023,7 +2019,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
return _accountDao.findUserAccountByApiKey(apiKey);
}
- @Override @DB
+ @Override
+ @DB
@ActionEvent(eventType = EventTypes.EVENT_REGISTER_FOR_SECRET_API_KEY, eventDescription = "register for the developer API keys")
public String[] createApiKeyAndSecretKey(RegisterCmd cmd) {
final Long userId = cmd.getId();
@@ -2033,7 +2030,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new InvalidParameterValueException("unable to find user by id");
}
- //don't allow updating system user
+ // don't allow updating system user
if (user.getId() == User.UID_SYSTEM) {
throw new PermissionDeniedException("user id : " + user.getId() + " is system account, update is not allowed");
}
@@ -2106,8 +2103,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
return null;
}
-
-
@Override
public void buildACLSearchBuilder(SearchBuilder<? extends ControlledEntity> sb,
Long domainId, boolean isRecursive, List<Long> permittedAccounts, ListProjectResourcesCriteria listProjectResourcesCriteria) {
@@ -2177,7 +2172,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long>
- permittedAccounts, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject,
+ permittedAccounts, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject,
boolean listAll, boolean forProjectInvitation) {
Long domainId = domainIdRecursiveListProject.first();
if (domainId != null) {
@@ -2206,7 +2201,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (userAccount != null) {
checkAccess(caller, null, false, userAccount);
- //check permissions
+ // check permissions
permittedAccounts.add(userAccount.getId());
} else {
throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid());