[jira] [Resolved] (CLOUDSTACK-6349) IAM - No error message presented to the user , when invalid password is provided.

Wed, 16 Apr 2014 17:12:06 -0700 

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Prachi Damle resolved CLOUDSTACK-6349.
--------------------------------------

    Resolution: Fixed

AccountManager used to figure out if a user is an Admin, domain admin or normal 
user based on 'accountType' property.

But with IAM, this should be done using the account Id to load the account and 
check the policies tied to that account.

This was not done in a particular code which was still trying to call IAM by 
passing in the accountType value instead of account ID.


> IAM - No error message presented to the user , when invalid password is 
> provided.
> ---------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6349
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6349
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>    Affects Versions: 4.4.0
>         Environment: Build from 4.4.
>            Reporter: Sangeetha Hariharan
>            Assignee: Prachi Damle
>            Priority: Critical
>             Fix For: 4.4.0
>
>
> Try to log in as regular user , by providing invalid username/password.
> User is not presented with any error message:
> apilog.log:
> 2014-04-07 10:51:15,849 INFO  [a.c.c.a.ApiServer] 
> (catalina-exec-6:ctx-5511ac44)  10.215.3.0 -- POST command=login domain=/ 
> unknown exception writing api response
> Management server log:
> 2014-04-07 10:47:28,001 DEBUG [c.c.a.ApiServlet] 
> (catalina-exec-3:ctx-845578ba) ===START===  10.215.3.0 -- POST
> 2014-04-07 10:47:28,003 DEBUG [c.c.u.AccountManagerImpl] 
> (catalina-exec-3:ctx-845578ba) Attempting to log in user: test in domain 1
> 2014-04-07 10:47:28,003 DEBUG [c.c.s.a.SHA256SaltedUserAuthenticator] 
> (catalina-exec-3:ctx-845578ba) Retrieving user: test
> 2014-04-07 10:47:28,005 DEBUG [c.c.s.a.MD5UserAuthenticator] 
> (catalina-exec-3:ctx-845578ba) Retrieving user: test
> 2014-04-07 10:47:28,009 DEBUG [c.c.s.a.MD5UserAuthenticator] 
> (catalina-exec-3:ctx-845578ba) Password does not match
> 2014-04-07 10:47:28,012 DEBUG [c.c.s.a.PlainTextUserAuthenticator] 
> (catalina-exec-3:ctx-845578ba) Retrieving user: test
> 2014-04-07 10:47:28,016 DEBUG [c.c.s.a.PlainTextUserAuthenticator] 
> (catalina-exec-3:ctx-845578ba) Password does not match
> 2014-04-07 10:47:28,016 DEBUG [c.c.u.AccountManagerImpl] 
> (catalina-exec-3:ctx-845578ba) Unable to authenticate user with username test 
> in domain 1
> 2014-04-07 10:47:28,019 ERROR [c.c.a.ApiServlet] 
> (catalina-exec-3:ctx-845578ba) unknown exception writing api response
> com.cloud.exception.InvalidParameterValueException: Caller cannot be passed 
> as NULL to IAM!
>         at 
> org.apache.cloudstack.iam.RoleBasedEntityAccessChecker.checkAccess(RoleBasedEntityAccessChecker.java:67)
>         at 
> com.cloud.user.AccountManagerImpl.isRootAdmin(AccountManagerImpl.java:371)
>         at 
> com.cloud.user.AccountManagerImpl.isInternalAccount(AccountManagerImpl.java:420)
>         at 
> com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:2045)
>         at 
> com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1871)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:601)
>         at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>         at 
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at 
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
>         at $Proxy99.authenticateUser(Unknown Source)
>         at com.cloud.api.ApiServer.loginUser(ApiServer.java:850)
>         at 
> com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:231)
>         at com.cloud.api.ApiServlet.access$000(ApiServlet.java:54)
>         at com.cloud.api.ApiServlet$1.run(ApiServlet.java:118)
>         at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
>         at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
>         at 
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
>         at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:115)
>         at com.cloud.api.ApiServlet.doPost(ApiServlet.java:82)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>         at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>         at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>         at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>         at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>         at 
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555)
>         at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>         at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
>         at 
> org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:889)
>         at 
> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:721)
>         at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2274)
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
>         at java.lang.Thread.run(Thread.java:722)
> 2014-04-07 10:47:28,020 DEBUG [c.c.a.ApiServlet] 
> (catalina-exec-3:ctx-845578ba) ===END===  10.215.3.0 -- POST



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to