CLOUDSTACK-7989: Ignore Auth API calls in unauthenticated HTTP handlers

If an auth API call (such as login, logout) is called on unauthenticated port
such as the 8096 integration server port, we need to ignore such API calls
as calling auth APIs on 8096 is un-necessary and is undefined.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Author: yadvr

server/src/com/cloud/api/ApiServer.java

@@ -66,6 +66,7 @@
 import org.apache.cloudstack.api.ResponseObject;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
 import org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.host.ListHostsCmd;
 import org.apache.cloudstack.api.command.admin.router.ListRoutersCmd;
@@ -204,6 +205,8 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
     private ConfigurationDao _configDao;
     @Inject
     private EntityManager _entityMgr;
+    @Inject
+    APIAuthenticationManager _authManager;
 
     List<PluggableService> _pluggableServices;
     List<APIChecker> _apiAccessCheckers;
@@ -485,6 +488,10 @@ public String handleRequest(final Map params, final String responseType, final S
                 }
                 throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent");
             } else {
+                // Don't allow Login/Logout APIs to go past this point
+                if (_authManager.getAPIAuthenticator(command[0]) != null) {
+                    return null;
+                }
                 final Map<String, String> paramMap = new HashMap<String, String>();
                 final Set keys = params.keySet();
                 final Iterator keysIter = keys.iterator();
@@ -522,12 +529,10 @@ public String handleRequest(final Map params, final String responseType, final S
                     else
                         buildAuditTrail(auditTrailSb, command[0], response);
                 } else {
-                    if (!command[0].equalsIgnoreCase("login") && !command[0].equalsIgnoreCase("logout")) {
-                        final String errorString = "Unknown API command: " + command[0];
-                        s_logger.warn(errorString);
-                        auditTrailSb.append(" " + errorString);
-                        throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString);
-                    }
+                    final String errorString = "Unknown API command: " + command[0];
+                    s_logger.warn(errorString);
+                    auditTrailSb.append(" " + errorString);
+                    throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, errorString);
                 }
             }
         } catch (final InvalidParameterValueException ex) {

server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java

@@ -57,7 +57,7 @@ public boolean start() {
             APICommand command = authenticator.getAnnotation(APICommand.class);
             if (command != null && !command.name().isEmpty()
                     && APIAuthenticator.class.isAssignableFrom(authenticator)) {
-                s_authenticators.put(command.name(), authenticator);
+                s_authenticators.put(command.name().toLowerCase(), authenticator);
             }
         }
         return true;
@@ -81,6 +81,7 @@ public List<Class<?>> getCommands() {
 
     @Override
     public APIAuthenticator getAPIAuthenticator(String name) {
+        name = name.toLowerCase();
         APIAuthenticator apiAuthenticator = null;
         if (s_authenticators != null && s_authenticators.containsKey(name)) {
             try {