You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by sa...@apache.org on 2015/01/13 10:34:45 UTC
[1/7] git commit: updated refs/heads/vmware-disk-controllers to
06d4458
Repository: cloudstack
Updated Branches:
refs/heads/vmware-disk-controllers 1a8fe8258 -> 06d4458d0
CLOUDSTACK-8034: Hash user IDs for SAML authentication
The User table's UUID column is restricted to 40 chars only, since we don't
know how long the nameID/userID of a SAML authenticated user will be - the fix
hashes that user ID and takes a substring of length 40 chars. For hashing,
SHA256 is used which returns a 64 char length string.
- Fix tests, add test cases
- Improve checkSAMLUser method
- Use SHA256 one way hashing to create unique UUID for SAML users
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit b2b496288d164fead2c089fb48319e1988b03ce8)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0b94f254
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0b94f254
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0b94f254
Branch: refs/heads/vmware-disk-controllers
Commit: 0b94f254e86e241ab77ddbf0531d43510deadb95
Parents: 1a8fe82
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Mon Jan 12 13:33:57 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jan 12 13:37:51 2015 +0530
----------------------------------------------------------------------
.../cloudstack/saml/SAML2UserAuthenticator.java | 2 +-
.../cloudstack/SAML2UserAuthenticatorTest.java | 26 +++++++++++++++-----
.../apache/cloudstack/utils/auth/SAMLUtils.java | 18 ++++++++++----
.../cloudstack/utils/auth/SAMLUtilsTest.java | 10 ++++++--
4 files changed, 42 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0b94f254/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
index e623fc2..31a93a4 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
@@ -48,7 +48,7 @@ public class SAML2UserAuthenticator extends DefaultUserAuthenticator {
return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
} else {
User user = _userDao.getUser(userAccount.getId());
- if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid()) &&
+ if (user != null && SAMLUtils.checkSAMLUser(user.getUuid(), username) &&
requestParameters != null && requestParameters.containsKey(SAMLUtils.SAML_RESPONSE)) {
return new Pair<Boolean, ActionOnFailedAuthentication>(true, null);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0b94f254/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java
index 29fb496..83792c6 100644
--- a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java
+++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java
@@ -73,14 +73,28 @@ public class SAML2UserAuthenticatorTest {
Mockito.when(userAccountDao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(user);
+ Pair<Boolean, ActionOnFailedAuthentication> pair;
+ Map<String, Object[]> params = new HashMap<String, Object[]>();
+
// When there is no SAMLRequest in params
- Pair<Boolean, ActionOnFailedAuthentication> pair1 = authenticator.authenticate(SAMLUtils.createSAMLId("user1234"), "random", 1l, null);
- Assert.assertFalse(pair1.first());
+ pair = authenticator.authenticate("someUID", "random", 1l, params);
+ Assert.assertFalse(pair.first());
- // When there is SAMLRequest in params
- Map<String, Object[]> params = new HashMap<String, Object[]>();
+ // When there is SAMLRequest in params and user is same as the mocked one
params.put(SAMLUtils.SAML_RESPONSE, new Object[]{});
- Pair<Boolean, ActionOnFailedAuthentication> pair2 = authenticator.authenticate(SAMLUtils.createSAMLId("user1234"), "random", 1l, params);
- Assert.assertTrue(pair2.first());
+ pair = authenticator.authenticate("someUID", "random", 1l, params);
+ Assert.assertTrue(pair.first());
+
+ // When there is SAMLRequest in params but username is null
+ pair = authenticator.authenticate(null, "random", 1l, params);
+ Assert.assertFalse(pair.first());
+
+ // When there is SAMLRequest in params but username is empty
+ pair = authenticator.authenticate("", "random", 1l, params);
+ Assert.assertFalse(pair.first());
+
+ // When there is SAMLRequest in params but username is not valid
+ pair = authenticator.authenticate("someOtherUID", "random", 1l, params);
+ Assert.assertFalse(pair.first());
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0b94f254/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index d129309..dbd2d6f 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -20,6 +20,7 @@
package org.apache.cloudstack.utils.auth;
import com.cloud.utils.HttpUtils;
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V1CertificateGenerator;
@@ -96,18 +97,25 @@ public class SAMLUtils {
public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
public static final String SAML_RESPONSE = "SAMLResponse";
- public static final String SAML_NS = "saml://";
+ public static final String SAML_NS = "SAML-";
public static final String SAML_NAMEID = "SAML_NAMEID";
public static final String SAML_SESSION = "SAML_SESSION";
public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE";
public static String createSAMLId(String uid) {
- String samlUuid = SAML_NS + uid;
- return samlUuid.length() > 40 ? samlUuid.substring(0, 40) : samlUuid;
+ if (uid == null) {
+ return null;
+ }
+ String hash = DigestUtils.sha256Hex(uid);
+ String samlUuid = SAML_NS + hash;
+ return samlUuid.substring(0, 40);
}
- public static Boolean checkSAMLUserId(String uuid) {
- return uuid.startsWith(SAML_NS);
+ public static boolean checkSAMLUser(String uuid, String username) {
+ if (uuid == null || uuid.isEmpty() || username == null || username.isEmpty()) {
+ return false;
+ }
+ return uuid.startsWith(SAML_NS) && createSAMLId(username).equals(uuid);
}
public static String generateSecureRandomId() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0b94f254/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java
----------------------------------------------------------------------
diff --git a/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java b/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java
index 85be2ef..bebfd13 100644
--- a/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java
+++ b/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java
@@ -34,8 +34,14 @@ public class SAMLUtilsTest extends TestCase {
@Test
public void testSAMLId() throws Exception {
- assertTrue(SAMLUtils.checkSAMLUserId(SAMLUtils.createSAMLId("someUID")));
- assertFalse(SAMLUtils.checkSAMLUserId("randomUID"));
+ assertEquals(SAMLUtils.createSAMLId(null), null);
+ assertEquals(SAMLUtils.createSAMLId("someUserName"), "SAML-305e19dd2581f33fd90b3949298ec8b17de");
+
+ assertTrue(SAMLUtils.checkSAMLUser(SAMLUtils.createSAMLId("someUserName"), "someUserName"));
+ assertFalse(SAMLUtils.checkSAMLUser(SAMLUtils.createSAMLId("someUserName"), "someOtherUserName"));
+ assertFalse(SAMLUtils.checkSAMLUser(SAMLUtils.createSAMLId(null), "someOtherUserName"));
+ assertFalse(SAMLUtils.checkSAMLUser("randomUID", "randomUID"));
+ assertFalse(SAMLUtils.checkSAMLUser(null, null));
}
@Test
[2/7] git commit: updated refs/heads/vmware-disk-controllers to
06d4458
Posted by sa...@apache.org.
CLOUDSTACK-8037: URL encode cookie values with UTF8 as per version 1
As per Version 1 cookies, certain characters are now allowed such as space,
colons etc but they should be url encoded using UTF8 encoding. The frontend
has a cookie value unboxing method that removes any double quotes that are added.
As per the doc http://download.oracle.com/javase/6/docs/api/java/net/URLEncoder.html
values are application/x-www-form-urlencoded and as per
http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4 whitespaces are encoded
as +, therefore '+' are replaced by %20 (whitespace).
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 734bd70173c36508f0fc13a30c3aa8006814c019)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/173710d5
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/173710d5
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/173710d5
Branch: refs/heads/vmware-disk-controllers
Commit: 173710d5b48d1a34996f15c3ff1bd80938639b94
Parents: 0b94f25
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Mon Jan 12 13:56:25 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jan 12 14:03:09 2015 +0530
----------------------------------------------------------------------
.../api/command/SAML2LoginAPIAuthenticatorCmd.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/173710d5/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 913c1ae..e1ccc02 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -270,14 +270,14 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
try {
if (_apiServer.verifyUser(user.getId())) {
LoginCmdResponse loginResponse = (LoginCmdResponse) _apiServer.loginUser(session, username, user.getPassword(), domainId, null, remoteAddress, params);
- resp.addCookie(new Cookie("userid", loginResponse.getUserId()));
- resp.addCookie(new Cookie("domainid", loginResponse.getDomainId()));
- resp.addCookie(new Cookie("role", loginResponse.getType()));
+ resp.addCookie(new Cookie("userid", URLEncoder.encode(loginResponse.getUserId(), HttpUtils.UTF_8)));
+ resp.addCookie(new Cookie("domainid", URLEncoder.encode(loginResponse.getDomainId(), HttpUtils.UTF_8)));
+ resp.addCookie(new Cookie("role", URLEncoder.encode(loginResponse.getType(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("username", URLEncoder.encode(loginResponse.getUsername(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("sessionKey", URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("account", URLEncoder.encode(loginResponse.getAccount(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("timezone", URLEncoder.encode(loginResponse.getTimeZone(), HttpUtils.UTF_8)));
- resp.addCookie(new Cookie("userfullname", loginResponse.getFirstName() + "%20" + loginResponse.getLastName()));
+ resp.addCookie(new Cookie("userfullname", URLEncoder.encode(loginResponse.getFirstName() + " " + loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20")));
resp.sendRedirect(_configDao.getValue(Config.SAMLCloudStackRedirectionUrl.key()));
return ApiResponseSerializer.toSerializedString(loginResponse, responseType);
[6/7] git commit: updated refs/heads/vmware-disk-controllers to
06d4458
Posted by sa...@apache.org.
CID-1257434 try with resource
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9239f93a
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9239f93a
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9239f93a
Branch: refs/heads/vmware-disk-controllers
Commit: 9239f93a7d16b1b36b0a9a72edfeec72f366b0af
Parents: 1a7f76a
Author: Daan Hoogland <da...@onecht.net>
Authored: Mon Jan 12 15:09:16 2015 +0100
Committer: Daan Hoogland <da...@onecht.net>
Committed: Mon Jan 12 20:37:21 2015 +0100
----------------------------------------------------------------------
.../cloudstack/storage/resource/NfsSecondaryStorageResource.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9239f93a/services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
----------------------------------------------------------------------
diff --git a/services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java b/services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
index 55f80e1..1b3dc83 100644
--- a/services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
+++ b/services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
@@ -739,8 +739,8 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
metaFile.delete();
uniqDir.delete();
String md5sum = null;
- try {
- md5sum = DigestUtils.md5Hex(new FileInputStream(file));
+ try (FileInputStream fs = new FileInputStream(file)){
+ md5sum = DigestUtils.md5Hex(fs);
} catch (IOException e) {
s_logger.debug("Failed to get md5sum: " + file.getAbsoluteFile());
}
[4/7] git commit: updated refs/heads/vmware-disk-controllers to
06d4458
Posted by sa...@apache.org.
CLOUDSTACK-8146: Resource count of primary storage does not consider the detached volumes
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b528047f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b528047f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b528047f
Branch: refs/heads/vmware-disk-controllers
Commit: b528047fb6f1c199e5e1cfe991a10b72a2b32a49
Parents: aaf6a34
Author: Wei Zhou <w....@tech.leaseweb.com>
Authored: Mon Jan 12 12:25:28 2015 +0100
Committer: Wei Zhou <w....@tech.leaseweb.com>
Committed: Mon Jan 12 12:25:28 2015 +0100
----------------------------------------------------------------------
.../com/cloud/storage/dao/VolumeDaoImpl.java | 21 +++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b528047f/engine/schema/src/com/cloud/storage/dao/VolumeDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/storage/dao/VolumeDaoImpl.java b/engine/schema/src/com/cloud/storage/dao/VolumeDaoImpl.java
index 24de717..61cce8d 100644
--- a/engine/schema/src/com/cloud/storage/dao/VolumeDaoImpl.java
+++ b/engine/schema/src/com/cloud/storage/dao/VolumeDaoImpl.java
@@ -65,6 +65,7 @@ public class VolumeDaoImpl extends GenericDaoBase<VolumeVO, Long> implements Vol
protected final SearchBuilder<VolumeVO> AllFieldsSearch;
protected GenericSearchBuilder<VolumeVO, Long> CountByAccount;
protected GenericSearchBuilder<VolumeVO, SumCount> primaryStorageSearch;
+ protected GenericSearchBuilder<VolumeVO, SumCount> primaryStorageSearch2;
protected GenericSearchBuilder<VolumeVO, SumCount> secondaryStorageSearch;
@Inject
ResourceTagDao _tagsDao;
@@ -367,7 +368,6 @@ public class VolumeDaoImpl extends GenericDaoBase<VolumeVO, Long> implements Vol
primaryStorageSearch = createSearchBuilder(SumCount.class);
primaryStorageSearch.select("sum", Func.SUM, primaryStorageSearch.entity().getSize());
primaryStorageSearch.and("accountId", primaryStorageSearch.entity().getAccountId(), Op.EQ);
- primaryStorageSearch.and("virtualRouterVmIds", primaryStorageSearch.entity().getInstanceId(), Op.NIN);
primaryStorageSearch.and().op("path", primaryStorageSearch.entity().getPath(), Op.NNULL);
primaryStorageSearch.or("states", primaryStorageSearch.entity().getState(), Op.IN);
primaryStorageSearch.cp();
@@ -375,6 +375,18 @@ public class VolumeDaoImpl extends GenericDaoBase<VolumeVO, Long> implements Vol
primaryStorageSearch.and("isRemoved", primaryStorageSearch.entity().getRemoved(), Op.NULL);
primaryStorageSearch.done();
+ primaryStorageSearch2 = createSearchBuilder(SumCount.class);
+ primaryStorageSearch2.select("sum", Func.SUM, primaryStorageSearch2.entity().getSize());
+ primaryStorageSearch2.and("accountId", primaryStorageSearch2.entity().getAccountId(), Op.EQ);
+ primaryStorageSearch2.and().op("instanceId", primaryStorageSearch2.entity().getInstanceId(), Op.NULL);
+ primaryStorageSearch2.or("virtualRouterVmIds", primaryStorageSearch2.entity().getInstanceId(), Op.NIN);
+ primaryStorageSearch2.cp();
+ primaryStorageSearch2.and().op("path", primaryStorageSearch2.entity().getPath(), Op.NNULL);
+ primaryStorageSearch2.or("states", primaryStorageSearch2.entity().getState(), Op.IN);
+ primaryStorageSearch2.cp();
+ primaryStorageSearch2.and("displayVolume", primaryStorageSearch2.entity().isDisplayVolume(), Op.EQ);
+ primaryStorageSearch2.and("isRemoved", primaryStorageSearch2.entity().getRemoved(), Op.NULL);
+
secondaryStorageSearch = createSearchBuilder(SumCount.class);
secondaryStorageSearch.select("sum", Func.SUM, secondaryStorageSearch.entity().getSize());
secondaryStorageSearch.and("accountId", secondaryStorageSearch.entity().getAccountId(), Op.EQ);
@@ -405,11 +417,14 @@ public class VolumeDaoImpl extends GenericDaoBase<VolumeVO, Long> implements Vol
@Override
public long primaryStorageUsedForAccount(long accountId, List<Long> virtualRouters) {
- SearchCriteria<SumCount> sc = primaryStorageSearch.create();
- sc.setParameters("accountId", accountId);
+ SearchCriteria<SumCount> sc;
if (!virtualRouters.isEmpty()) {
+ sc = primaryStorageSearch2.create();
sc.setParameters("virtualRouterVmIds", virtualRouters.toArray(new Object[virtualRouters.size()]));
+ } else {
+ sc = primaryStorageSearch.create();
}
+ sc.setParameters("accountId", accountId);
sc.setParameters("states", State.Allocated);
sc.setParameters("displayVolume", 1);
List<SumCount> storageSpace = customSearch(sc, null);
[3/7] git commit: updated refs/heads/vmware-disk-controllers to
06d4458
Posted by sa...@apache.org.
CLOUDSTACK-8035: Generate and store X509Cert and reuse this for SAML
The fix generates X509Certificate if missing from DB and uses that for eternity.
SAML SP metadata remains same since it's using the same X509 certificate and
it remains same after restarts. The certificate is serialized, base64 encoded
and stored in the keystore table under a specific name. For reading, it's
retrieved, base64 decoded and deserialized.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 43587143811b222ca131b0e1237f9e99cd94694d)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/aaf6a34c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/aaf6a34c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/aaf6a34c
Branch: refs/heads/vmware-disk-controllers
Commit: aaf6a34c54a88e92b03696c91f4fcc1ddc472559
Parents: 173710d
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Mon Jan 12 16:44:23 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jan 12 16:49:49 2015 +0530
----------------------------------------------------------------------
.../cloudstack/saml/SAML2AuthManagerImpl.java | 39 ++++++++++++++++----
.../apache/cloudstack/utils/auth/SAMLUtils.java | 3 +-
2 files changed, 34 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaf6a34c/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index 3178f31..f175081 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -27,6 +27,7 @@ import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
import org.apache.cloudstack.framework.security.keystore.KeystoreVO;
import org.apache.cloudstack.utils.auth.SAMLUtils;
import org.apache.log4j.Logger;
+import org.apache.commons.codec.binary.Base64;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -45,6 +46,12 @@ import org.springframework.stereotype.Component;
import javax.ejb.Local;
import javax.inject.Inject;
import javax.xml.stream.FactoryConfigurationError;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutput;
+import java.io.ObjectOutputStream;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
@@ -94,12 +101,12 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
}
private boolean setup() {
- KeystoreVO keyStoreVO = _ksDao.findByName(SAMLUtils.CERTIFICATE_NAME);
+ KeystoreVO keyStoreVO = _ksDao.findByName(SAMLUtils.SAMLSP_KEYPAIR);
if (keyStoreVO == null) {
try {
KeyPair keyPair = SAMLUtils.generateRandomKeyPair();
- _ksDao.save(SAMLUtils.CERTIFICATE_NAME, SAMLUtils.savePrivateKey(keyPair.getPrivate()), SAMLUtils.savePublicKey(keyPair.getPublic()), "saml-sp");
- keyStoreVO = _ksDao.findByName(SAMLUtils.CERTIFICATE_NAME);
+ _ksDao.save(SAMLUtils.SAMLSP_KEYPAIR, SAMLUtils.savePrivateKey(keyPair.getPrivate()), SAMLUtils.savePublicKey(keyPair.getPublic()), "samlsp-keypair");
+ keyStoreVO = _ksDao.findByName(SAMLUtils.SAMLSP_KEYPAIR);
} catch (NoSuchProviderException | NoSuchAlgorithmException e) {
s_logger.error("Unable to create and save SAML keypair");
}
@@ -110,10 +117,28 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
PublicKey publicKey = SAMLUtils.loadPublicKey(keyStoreVO.getKey());
if (privateKey != null && publicKey != null) {
spKeyPair = new KeyPair(publicKey, privateKey);
- try {
- spX509Key = SAMLUtils.generateRandomX509Certificate(spKeyPair);
- } catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateEncodingException | SignatureException | InvalidKeyException e) {
- s_logger.error("SAML Plugin won't be able to use X509 signed authentication");
+ KeystoreVO x509VO = _ksDao.findByName(SAMLUtils.SAMLSP_X509CERT);
+ if (x509VO == null) {
+ try {
+ spX509Key = SAMLUtils.generateRandomX509Certificate(spKeyPair);
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutput out = new ObjectOutputStream(bos);
+ out.writeObject(spX509Key);
+ out.flush();
+ _ksDao.save(SAMLUtils.SAMLSP_X509CERT, Base64.encodeBase64String(bos.toByteArray()), "", "samlsp-x509cert");
+ bos.close();
+ } catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateEncodingException | SignatureException | InvalidKeyException | IOException e) {
+ s_logger.error("SAML Plugin won't be able to use X509 signed authentication");
+ }
+ } else {
+ try {
+ ByteArrayInputStream bi = new ByteArrayInputStream(Base64.decodeBase64(x509VO.getCertificate()));
+ ObjectInputStream si = new ObjectInputStream(bi);
+ spX509Key = (X509Certificate) si.readObject();
+ bi.close();
+ } catch (IOException | ClassNotFoundException ignored) {
+ s_logger.error("SAML Plugin won't be able to use X509 signed authentication. Failed to load X509 Certificate from Database.");
+ }
}
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aaf6a34c/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index dbd2d6f..bb4af3a 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -100,7 +100,8 @@ public class SAMLUtils {
public static final String SAML_NS = "SAML-";
public static final String SAML_NAMEID = "SAML_NAMEID";
public static final String SAML_SESSION = "SAML_SESSION";
- public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE";
+ public static final String SAMLSP_KEYPAIR = "SAMLSP_KEYPAIR";
+ public static final String SAMLSP_X509CERT = "SAMLSP_X509CERT";
public static String createSAMLId(String uid) {
if (uid == null) {
[7/7] git commit: updated refs/heads/vmware-disk-controllers to
06d4458
Posted by sa...@apache.org.
CID-1256275 regression: resource leak in systemvm update code
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/06d4458d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/06d4458d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/06d4458d
Branch: refs/heads/vmware-disk-controllers
Commit: 06d4458d0a9de5be7a7bf590678eb4b03989e9a1
Parents: 9239f93
Author: Daan Hoogland <da...@onecht.net>
Authored: Mon Jan 12 20:40:01 2015 +0100
Committer: Daan Hoogland <da...@onecht.net>
Committed: Mon Jan 12 20:40:01 2015 +0100
----------------------------------------------------------------------
.../com/cloud/upgrade/dao/Upgrade442to450.java | 242 ++++++++++---------
1 file changed, 128 insertions(+), 114 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06d4458d/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java
index 86c2439..191e022 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java
@@ -175,132 +175,146 @@ public class Upgrade442to450 implements DbUpgrade {
}
private void updateSystemVmTemplates(Connection conn) {
- PreparedStatement pstmt = null;
- ResultSet rs = null;
s_logger.debug("Updating System Vm template IDs");
- try{
- //Get all hypervisors in use
- Set<Hypervisor.HypervisorType> hypervisorsListInUse = new HashSet<Hypervisor.HypervisorType>();
- try {
- pstmt = conn.prepareStatement("select distinct(hypervisor_type) from `cloud`.`cluster` where removed is null");
- rs = pstmt.executeQuery();
- while(rs.next()){
- switch (Hypervisor.HypervisorType.getType(rs.getString(1))) {
- case XenServer: hypervisorsListInUse.add(Hypervisor.HypervisorType.XenServer);
- break;
- case KVM: hypervisorsListInUse.add(Hypervisor.HypervisorType.KVM);
- break;
- case VMware: hypervisorsListInUse.add(Hypervisor.HypervisorType.VMware);
- break;
- case Hyperv: hypervisorsListInUse.add(Hypervisor.HypervisorType.Hyperv);
- break;
- case LXC: hypervisorsListInUse.add(Hypervisor.HypervisorType.LXC);
- break;
- default: // no action on cases Any, BareMetal, None, Ovm, Parralels, Simulator and VirtualBox:
- break;
- }
+ //Get all hypervisors in use
+ Set<Hypervisor.HypervisorType> hypervisorsListInUse = new HashSet<Hypervisor.HypervisorType>();
+ try (PreparedStatement pstmt = conn.prepareStatement("select distinct(hypervisor_type) from `cloud`.`cluster` where removed is null");
+ ResultSet rs = pstmt.executeQuery()
+ ) {
+ while(rs.next()){
+ switch (Hypervisor.HypervisorType.getType(rs.getString(1))) {
+ case XenServer: hypervisorsListInUse.add(Hypervisor.HypervisorType.XenServer);
+ break;
+ case KVM: hypervisorsListInUse.add(Hypervisor.HypervisorType.KVM);
+ break;
+ case VMware: hypervisorsListInUse.add(Hypervisor.HypervisorType.VMware);
+ break;
+ case Hyperv: hypervisorsListInUse.add(Hypervisor.HypervisorType.Hyperv);
+ break;
+ case LXC: hypervisorsListInUse.add(Hypervisor.HypervisorType.LXC);
+ break;
+ default: // no action on cases Any, BareMetal, None, Ovm, Parralels, Simulator and VirtualBox:
+ break;
}
- } catch (SQLException e) {
- throw new CloudRuntimeException("Error while listing hypervisors in use", e);
}
+ } catch (SQLException e) {
+ s_logger.error("updateSystemVmTemplates:Exception while getting hypervisor types from clusters: "+e.getMessage());
+ throw new CloudRuntimeException("updateSystemVmTemplates:Exception while getting hypervisor types from clusters", e);
+ }
- Map<Hypervisor.HypervisorType, String> NewTemplateNameList = new HashMap<Hypervisor.HypervisorType, String>(){
- { put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.5");
- put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.5");
- put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.5");
- put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.5");
- put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.5");
- }
- };
-
- Map<Hypervisor.HypervisorType, String> routerTemplateConfigurationNames = new HashMap<Hypervisor.HypervisorType, String>(){
- { put(Hypervisor.HypervisorType.XenServer, "router.template.xen");
- put(Hypervisor.HypervisorType.VMware, "router.template.vmware");
- put(Hypervisor.HypervisorType.KVM, "router.template.kvm");
- put(Hypervisor.HypervisorType.LXC, "router.template.lxc");
- put(Hypervisor.HypervisorType.Hyperv, "router.template.hyperv");
- }
- };
-
- Map<Hypervisor.HypervisorType, String> newTemplateUrl = new HashMap<Hypervisor.HypervisorType, String>(){
- { put(Hypervisor.HypervisorType.XenServer, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-xen.vhd.bz2");
- put(Hypervisor.HypervisorType.VMware, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-vmware.ova");
- put(Hypervisor.HypervisorType.KVM, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-kvm.qcow2.bz2");
- put(Hypervisor.HypervisorType.LXC, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-kvm.qcow2.bz2");
- put(Hypervisor.HypervisorType.Hyperv, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-hyperv.vhd.zip");
- }
- };
-
- Map<Hypervisor.HypervisorType, String> newTemplateChecksum = new HashMap<Hypervisor.HypervisorType, String>(){
- { put(Hypervisor.HypervisorType.XenServer, "2b15ab4401c2d655264732d3fc600241");
- put(Hypervisor.HypervisorType.VMware, "3106a79a4ce66cd7f6a7c50e93f2db57");
- put(Hypervisor.HypervisorType.KVM, "aa9f501fecd3de1daeb9e2f357f6f002");
- put(Hypervisor.HypervisorType.LXC, "aa9f501fecd3de1daeb9e2f357f6f002");
- put(Hypervisor.HypervisorType.Hyperv, "70bd30ea02ee9ed67d2c6b85c179cee9");
- }
- };
-
- for (Map.Entry<Hypervisor.HypervisorType, String> hypervisorAndTemplateName : NewTemplateNameList.entrySet()){
- s_logger.debug("Updating " + hypervisorAndTemplateName.getKey() + " System Vms");
- try {
- //Get 4.5.0 system Vm template Id for corresponding hypervisor
- pstmt = conn.prepareStatement("select id from `cloud`.`vm_template` where name = ? and removed is null order by id desc limit 1");
- pstmt.setString(1, hypervisorAndTemplateName.getValue());
- rs = pstmt.executeQuery();
+ Map<Hypervisor.HypervisorType, String> NewTemplateNameList = new HashMap<Hypervisor.HypervisorType, String>() {
+ {
+ put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.5");
+ put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.5");
+ put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.5");
+ put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.5");
+ put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.5");
+ }
+ };
+
+ Map<Hypervisor.HypervisorType, String> routerTemplateConfigurationNames = new HashMap<Hypervisor.HypervisorType, String>() {
+ {
+ put(Hypervisor.HypervisorType.XenServer, "router.template.xen");
+ put(Hypervisor.HypervisorType.VMware, "router.template.vmware");
+ put(Hypervisor.HypervisorType.KVM, "router.template.kvm");
+ put(Hypervisor.HypervisorType.LXC, "router.template.lxc");
+ put(Hypervisor.HypervisorType.Hyperv, "router.template.hyperv");
+ }
+ };
+
+ Map<Hypervisor.HypervisorType, String> newTemplateUrl = new HashMap<Hypervisor.HypervisorType, String>() {
+ {
+ put(Hypervisor.HypervisorType.XenServer, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-xen.vhd.bz2");
+ put(Hypervisor.HypervisorType.VMware, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-vmware.ova");
+ put(Hypervisor.HypervisorType.KVM, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-kvm.qcow2.bz2");
+ put(Hypervisor.HypervisorType.LXC, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-kvm.qcow2.bz2");
+ put(Hypervisor.HypervisorType.Hyperv, "http://download.cloud.com/templates/4.5/systemvm64template-4.5-hyperv.vhd.zip");
+ }
+ };
+
+ Map<Hypervisor.HypervisorType, String> newTemplateChecksum = new HashMap<Hypervisor.HypervisorType, String>() {
+ {
+ put(Hypervisor.HypervisorType.XenServer, "2b15ab4401c2d655264732d3fc600241");
+ put(Hypervisor.HypervisorType.VMware, "3106a79a4ce66cd7f6a7c50e93f2db57");
+ put(Hypervisor.HypervisorType.KVM, "aa9f501fecd3de1daeb9e2f357f6f002");
+ put(Hypervisor.HypervisorType.LXC, "aa9f501fecd3de1daeb9e2f357f6f002");
+ put(Hypervisor.HypervisorType.Hyperv, "70bd30ea02ee9ed67d2c6b85c179cee9");
+ }
+ };
+
+ for (Map.Entry<Hypervisor.HypervisorType, String> hypervisorAndTemplateName : NewTemplateNameList.entrySet()) {
+ s_logger.debug("Updating " + hypervisorAndTemplateName.getKey() + " System Vms");
+ try (PreparedStatement pstmt = conn.prepareStatement("select id from `cloud`.`vm_template` where name = ? and removed is null order by id desc limit 1")) {
+ //Get 4.5.0 system Vm template Id for corresponding hypervisor
+ long templateId = -1;
+ pstmt.setString(1, hypervisorAndTemplateName.getValue());
+ try (ResultSet rs = pstmt.executeQuery()) {
if(rs.next()){
- long templateId = rs.getLong(1);
- rs.close();
- pstmt.close();
- pstmt = conn.prepareStatement("update `cloud`.`vm_template` set type='SYSTEM' where id = ?");
- pstmt.setLong(1, templateId);
- pstmt.executeUpdate();
- pstmt.close();
- // update templete ID of system Vms
- pstmt = conn.prepareStatement("update `cloud`.`vm_instance` set vm_template_id = ? where type <> 'User' and hypervisor_type = ?");
- pstmt.setLong(1, templateId);
- pstmt.setString(2, hypervisorAndTemplateName.getKey().toString());
- pstmt.executeUpdate();
- pstmt.close();
- // Change value of global configuration parameter router.template.* for the corresponding hypervisor
- pstmt = conn.prepareStatement("UPDATE `cloud`.`configuration` SET value = ? WHERE name = ?");
- pstmt.setString(1, hypervisorAndTemplateName.getValue());
- pstmt.setString(2, routerTemplateConfigurationNames.get(hypervisorAndTemplateName.getKey()));
- pstmt.executeUpdate();
- pstmt.close();
- } else {
- rs.close();
- pstmt.close();
- if (hypervisorsListInUse.contains(hypervisorAndTemplateName.getKey())){
- throw new CloudRuntimeException("4.5.0 " + hypervisorAndTemplateName.getKey() + " SystemVm template not found. Cannot upgrade system Vms");
- } else {
- s_logger.warn("4.5.0 " + hypervisorAndTemplateName.getKey() + " SystemVm template not found. " + hypervisorAndTemplateName.getKey() + " hypervisor is not used, so not failing upgrade");
- // Update the latest template URLs for corresponding hypervisor
- pstmt = conn.prepareStatement("UPDATE `cloud`.`vm_template` SET url = ? , checksum = ? WHERE hypervisor_type = ? AND type = 'SYSTEM' AND removed is null order by id desc limit 1");
- pstmt.setString(1, newTemplateUrl.get(hypervisorAndTemplateName.getKey()));
- pstmt.setString(2, newTemplateChecksum.get(hypervisorAndTemplateName.getKey()));
- pstmt.setString(3, hypervisorAndTemplateName.getKey().toString());
- pstmt.executeUpdate();
- pstmt.close();
- }
+ templateId = rs.getLong(1);
}
- } catch (SQLException e) {
- throw new CloudRuntimeException("Error while updating "+ hypervisorAndTemplateName.getKey() +" systemVm template", e);
- }
- }
- s_logger.debug("Updating System Vm Template IDs Complete");
- } finally {
- try {
- if (rs != null) {
- rs.close();
+ } catch (SQLException e)
+ {
+ s_logger.error("updateSystemVmTemplates:Exception while getting ids of templates: "+e.getMessage());
+ throw new CloudRuntimeException("updateSystemVmTemplates:Exception while getting ids of templates", e);
}
- if (pstmt != null) {
- pstmt.close();
+ // change template type to SYSTEM
+ if (templateId != -1) {
+ try(PreparedStatement templ_type_pstmt = conn.prepareStatement("update `cloud`.`vm_template` set type='SYSTEM' where id = ?");)
+ {
+ templ_type_pstmt.setLong(1, templateId);
+ templ_type_pstmt.executeUpdate();
+ }
+ catch (SQLException e)
+ {
+ s_logger.error("updateSystemVmTemplates:Exception while updating template with id " + templateId + " to be marked as 'system': "+e.getMessage());
+ throw new CloudRuntimeException("updateSystemVmTemplates:Exception while updating template with id " + templateId + " to be marked as 'system'", e);
+ }
+ // update template ID of system Vms
+ try(PreparedStatement update_templ_id_pstmt = conn.prepareStatement("update `cloud`.`vm_instance` set vm_template_id = ? where type <> 'User' and hypervisor_type = ?");)
+ {
+ update_templ_id_pstmt.setLong(1, templateId);
+ update_templ_id_pstmt.setString(2, hypervisorAndTemplateName.getKey().toString());
+ update_templ_id_pstmt.executeUpdate();
+ }catch (Exception e)
+ {
+ s_logger.error("updateSystemVmTemplates:Exception while setting template for " + hypervisorAndTemplateName.getKey().toString() + " to " + templateId + ": "+e.getMessage());
+ throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting template for " + hypervisorAndTemplateName.getKey().toString() + " to " + templateId, e);
+ }
+ // Change value of global configuration parameter router.template.* for the corresponding hypervisor
+ try(PreparedStatement update_pstmt = conn.prepareStatement("UPDATE `cloud`.`configuration` SET value = ? WHERE name = ?");) {
+ update_pstmt.setString(1, hypervisorAndTemplateName.getValue());
+ update_pstmt.setString(2, routerTemplateConfigurationNames.get(hypervisorAndTemplateName.getKey()));
+ update_pstmt.executeUpdate();
+ }catch (SQLException e)
+ {
+ s_logger.error("updateSystemVmTemplates:Exception while setting " + routerTemplateConfigurationNames.get(hypervisorAndTemplateName.getKey()) + " to " + hypervisorAndTemplateName.getValue() + ": "+e.getMessage());
+ throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting " + routerTemplateConfigurationNames.get(hypervisorAndTemplateName.getKey()) + " to " + hypervisorAndTemplateName.getValue(), e);
+ }
+ } else {
+ if (hypervisorsListInUse.contains(hypervisorAndTemplateName.getKey())){
+ throw new CloudRuntimeException("4.5.0 " + hypervisorAndTemplateName.getKey() + " SystemVm template not found. Cannot upgrade system Vms");
+ } else {
+ s_logger.warn("4.5.0 " + hypervisorAndTemplateName.getKey() + " SystemVm template not found. " + hypervisorAndTemplateName.getKey() + " hypervisor is not used, so not failing upgrade");
+ // Update the latest template URLs for corresponding hypervisor
+ try(PreparedStatement update_templ_url_pstmt = conn.prepareStatement("UPDATE `cloud`.`vm_template` SET url = ? , checksum = ? WHERE hypervisor_type = ? AND type = 'SYSTEM' AND removed is null order by id desc limit 1");) {
+ update_templ_url_pstmt.setString(1, newTemplateUrl.get(hypervisorAndTemplateName.getKey()));
+ update_templ_url_pstmt.setString(2, newTemplateChecksum.get(hypervisorAndTemplateName.getKey()));
+ update_templ_url_pstmt.setString(3, hypervisorAndTemplateName.getKey().toString());
+ update_templ_url_pstmt.executeUpdate();
+ }catch (SQLException e)
+ {
+ s_logger.error("updateSystemVmTemplates:Exception while updating 'url' and 'checksum' for hypervisor type " + hypervisorAndTemplateName.getKey().toString() + ": "+e.getMessage());
+ throw new CloudRuntimeException("updateSystemVmTemplates:Exception while updating 'url' and 'checksum' for hypervisor type " + hypervisorAndTemplateName.getKey().toString(), e);
+ }
+ }
}
} catch (SQLException e) {
- s_logger.debug("exception while cleaning resources during sytemvm upgrade.", e);
+ s_logger.error("updateSystemVmTemplates:Exception while getting ids of templates: "+e.getMessage());
+ throw new CloudRuntimeException("updateSystemVmTemplates:Exception while getting ids of templates", e);
}
}
+ s_logger.debug("Updating System Vm Template IDs Complete");
}
[5/7] git commit: updated refs/heads/vmware-disk-controllers to
06d4458
Posted by sa...@apache.org.
CLOUDSTACK-8037: Fix attribute detection, tested to work with onelogin.com
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 23de431f96e1dad8a21055ac98926c428e83c775)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1a7f76ac
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1a7f76ac
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1a7f76ac
Branch: refs/heads/vmware-disk-controllers
Commit: 1a7f76ac77b05eec796637f96b4ceca3f1c7af33
Parents: b528047
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Mon Jan 12 18:55:52 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jan 12 19:41:10 2015 +0530
----------------------------------------------------------------------
.../command/SAML2LoginAPIAuthenticatorCmd.java | 37 +++++++++++---------
1 file changed, 21 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1a7f76ac/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index e1ccc02..6e86d23 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -240,22 +240,27 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
}
}
- AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
- List<Attribute> attributes = attributeStatement.getAttributes();
-
- // Try capturing standard LDAP attributes
- for (Attribute attribute: attributes) {
- String attributeName = attribute.getName();
- String attributeValue = attribute.getAttributeValues().get(0).getDOM().getTextContent();
- if (attributeName.equalsIgnoreCase("uid") && uniqueUserId == null) {
- username = attributeValue;
- uniqueUserId = SAMLUtils.createSAMLId(username);
- } else if (attributeName.equalsIgnoreCase("givenName")) {
- firstName = attributeValue;
- } else if (attributeName.equalsIgnoreCase(("sn"))) {
- lastName = attributeValue;
- } else if (attributeName.equalsIgnoreCase("mail")) {
- email = attributeValue;
+ List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
+ if (attributeStatements != null && attributeStatements.size() > 0) {
+ for (AttributeStatement attributeStatement: attributeStatements) {
+ if (attributeStatement == null) {
+ continue;
+ }
+ // Try capturing standard LDAP attributes
+ for (Attribute attribute: attributeStatement.getAttributes()) {
+ String attributeName = attribute.getName();
+ String attributeValue = attribute.getAttributeValues().get(0).getDOM().getTextContent();
+ if (attributeName.equalsIgnoreCase("uid") && uniqueUserId == null) {
+ username = attributeValue;
+ uniqueUserId = SAMLUtils.createSAMLId(username);
+ } else if (attributeName.equalsIgnoreCase("givenName")) {
+ firstName = attributeValue;
+ } else if (attributeName.equalsIgnoreCase(("sn"))) {
+ lastName = attributeValue;
+ } else if (attributeName.equalsIgnoreCase("mail")) {
+ email = attributeValue;
+ }
+ }
}
}