[jira] [Commented] (CLOUDSTACK-8505) Don't allow non-POST http requests on default login request

ASF subversion and git services (JIRA) Fri, 22 May 2015 03:45:59 -0700

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-8505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14555960#comment-14555960
 ]


ASF subversion and git services commented on CLOUDSTACK-8505:
-------------------------------------------------------------

Commit 1c81b241e7914b24b06c3b7b3ee98bc0d3b4f68b in cloudstack's branch 
refs/heads/master from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=1c81b24 ]

CLOUDSTACK-8505: Don't allow non-POST requests for default login API

We add a new contract to pass Http request to authentication plugin system. In
the default login API, we disallow non-POST requests.

Signed-off-by: Rohit Yadav <[email protected]>
(cherry picked from commit 9e9b231672e934292f9940d1363039a553fc7ad9)
Signed-off-by: Rohit Yadav <[email protected]>

Conflicts:
        api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
        
plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
        
plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
        
plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
        
plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
        
plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
        
plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
        server/src/com/cloud/api/ApiServlet.java
        server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
        server/src/com/cloud/api/auth/DefaultLogoutAPIAuthenticatorCmd.java
        server/test/com/cloud/api/ApiServletTest.java


> Don't allow non-POST http requests on default login request
> -----------------------------------------------------------
>
>                 Key: CLOUDSTACK-8505
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8505
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: 4.6.0, 4.5.2
>
>
> Disallow requests that are not POST requests.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CLOUDSTACK-8505) Don't allow non-POST http requests on default login request

Reply via email to