Java tutorial
// Licensed to the Apache Software Foundation (ASF) under one // or more contributor license agreements. See the NOTICE file // distributed with this work for additional information // regarding copyright ownership. The ASF licenses this file // to you under the Apache License, Version 2.0 (the // "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. package com.cloud.api.dispatch; import static org.apache.commons.lang.StringUtils.isNotBlank; import java.lang.reflect.Field; import java.text.DateFormat; import java.text.ParseException; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.StringTokenizer; import java.util.regex.Matcher; import java.text.SimpleDateFormat; import javax.inject.Inject; import com.google.common.base.Strings; import org.apache.log4j.Logger; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.InfrastructureEntity; import org.apache.cloudstack.acl.SecurityChecker; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCreateCmd; import org.apache.cloudstack.api.BaseCmd; import org.apache.cloudstack.api.BaseCmd.CommandType; import org.apache.cloudstack.api.EntityReference; import org.apache.cloudstack.api.InternalIdentity; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.ApiArgValidator; import org.apache.cloudstack.api.command.admin.resource.ArchiveAlertsCmd; import org.apache.cloudstack.api.command.admin.resource.DeleteAlertsCmd; import org.apache.cloudstack.api.command.admin.usage.GetUsageRecordsCmd; import org.apache.cloudstack.api.command.user.event.ArchiveEventsCmd; import org.apache.cloudstack.api.command.user.event.DeleteEventsCmd; import org.apache.cloudstack.api.command.user.event.ListEventsCmd; import org.apache.cloudstack.context.CallContext; import com.cloud.exception.InvalidParameterValueException; import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.utils.DateUtil; import com.cloud.utils.db.EntityManager; import com.cloud.utils.exception.CloudRuntimeException; public class ParamProcessWorker implements DispatchWorker { private static final Logger s_logger = Logger.getLogger(ParamProcessWorker.class.getName()); public final DateFormat inputFormat = new SimpleDateFormat("yyyy-MM-dd"); public final DateFormat newInputFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); @Inject protected AccountManager _accountMgr; @Inject protected EntityManager _entityMgr; List<SecurityChecker> _secChecker; public List<SecurityChecker> getSecChecker() { return _secChecker; } @Inject public void setSecChecker(List<SecurityChecker> secChecker) { _secChecker = secChecker; } @Override public void handle(final DispatchTask task) { processParameters(task.getCmd(), task.getParams()); } private void validateNonEmptyString(final Object param, final String argName) { if (param == null || Strings.isNullOrEmpty(param.toString())) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, String.format("Empty or null value provided for API arg: %s", argName)); } } private void validateNaturalNumber(final Object param, final String argName) { Long value = null; if (param != null && param instanceof Long) { value = (Long) param; } else if (param != null) { value = Long.valueOf(param.toString()); } if (value == null || value < 1L) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, String.format("Invalid value provided for API arg: %s", argName)); } } private void validateField(final Object paramObj, final Parameter annotation) throws ServerApiException { if (annotation == null) { return; } final String argName = annotation.name(); for (final ApiArgValidator validator : annotation.validations()) { if (validator == null) { continue; } switch (validator) { case NotNullOrEmpty: switch (annotation.type()) { case UUID: case STRING: validateNonEmptyString(paramObj, argName); break; } break; case PositiveNumber: switch (annotation.type()) { case SHORT: case INTEGER: case LONG: validateNaturalNumber(paramObj, argName); break; } break; } } } @SuppressWarnings({ "unchecked", "rawtypes" }) public void processParameters(final BaseCmd cmd, final Map params) { final Map<Object, AccessType> entitiesToAccess = new HashMap<Object, AccessType>(); final List<Field> cmdFields = cmd.getParamFields(); for (final Field field : cmdFields) { final Parameter parameterAnnotation = field.getAnnotation(Parameter.class); final Object paramObj = params.get(parameterAnnotation.name()); if (paramObj == null) { if (parameterAnnotation.required()) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unable to execute API command " + cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8) + " due to missing parameter " + parameterAnnotation.name()); } continue; } // marshall the parameter into the correct type and set the field value try { validateField(paramObj, parameterAnnotation); setFieldValue(field, cmd, paramObj, parameterAnnotation); } catch (final IllegalArgumentException argEx) { if (s_logger.isDebugEnabled()) { s_logger.debug("Unable to execute API command " + cmd.getCommandName() + " due to invalid value " + paramObj + " for parameter " + parameterAnnotation.name()); } throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unable to execute API command " + cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8) + " due to invalid value " + paramObj + " for parameter " + parameterAnnotation.name()); } catch (final ParseException parseEx) { if (s_logger.isDebugEnabled()) { s_logger.debug("Invalid date parameter " + paramObj + " passed to command " + cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8)); } throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unable to parse date " + paramObj + " for command " + cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8) + ", please pass dates in the format mentioned in the api documentation"); } catch (final InvalidParameterValueException invEx) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unable to execute API command " + cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8) + " due to invalid value. " + invEx.getMessage()); } catch (final CloudRuntimeException cloudEx) { s_logger.error("CloudRuntimeException", cloudEx); // FIXME: Better error message? This only happens if the API command is not executable, which typically //means // there was // and IllegalAccessException setting one of the parameters. throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Internal error executing API command " + cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8)); } //check access on the resource this field points to try { final ACL checkAccess = field.getAnnotation(ACL.class); final CommandType fieldType = parameterAnnotation.type(); if (checkAccess != null) { // Verify that caller can perform actions in behalf of vm // owner acumulate all Controlled Entities together. // parse the array of resource types and in case of map // check access on key or value or both as specified in @acl // implement external dao for classes that need findByName // for maps, specify access to be checkd on key or value. // Find the controlled entity DBid by uuid if (parameterAnnotation.entityType() != null && parameterAnnotation.entityType().length > 0 && parameterAnnotation.entityType()[0].getAnnotation(EntityReference.class) != null) { final Class<?>[] entityList = parameterAnnotation.entityType()[0] .getAnnotation(EntityReference.class).value(); // Check if the parameter type is a single // Id or list of id's/name's switch (fieldType) { case LIST: final CommandType listType = parameterAnnotation.collectionType(); switch (listType) { case LONG: case UUID: final List<Long> listParam = (List<Long>) field.get(cmd); for (final Long entityId : listParam) { for (final Class entity : entityList) { final Object entityObj = _entityMgr.findById(entity, entityId); if (entityObj != null) { entitiesToAccess.put(entityObj, checkAccess.accessType()); break; } } } break; /* * case STRING: List<String> listParam = new * ArrayList<String>(); listParam = * (List)field.get(cmd); for(String entityName: * listParam){ ControlledEntity entityObj = * (ControlledEntity )daoClassInstance(entityId); * entitiesToAccess.add(entityObj); } break; */ default: break; } break; case LONG: case UUID: for (final Class entity : entityList) { final Object entityObj = _entityMgr.findById(entity, (Long) field.get(cmd)); if (entityObj != null) { entitiesToAccess.put(entityObj, checkAccess.accessType()); break; } } break; default: break; } } } } catch (final IllegalArgumentException e) { s_logger.error("Error initializing command " + cmd.getCommandName() + ", field " + field.getName() + " is not accessible."); throw new CloudRuntimeException("Internal error initializing parameters for command " + cmd.getCommandName() + " [field " + field.getName() + " is not accessible]"); } catch (final IllegalAccessException e) { s_logger.error("Error initializing command " + cmd.getCommandName() + ", field " + field.getName() + " is not accessible."); throw new CloudRuntimeException("Internal error initializing parameters for command " + cmd.getCommandName() + " [field " + field.getName() + " is not accessible]"); } } doAccessChecks(cmd, entitiesToAccess); } private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) { Account caller = CallContext.current().getCallingAccount(); // due to deleteAccount design flaw CLOUDSTACK-6588, we should still include those removed account as well to clean up leftover resources from that account Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId()); if (cmd instanceof BaseAsyncCreateCmd) { // check that caller can access the owner account. _accountMgr.checkAccess(caller, null, false, owner); } if (!entitiesToAccess.isEmpty()) { // check that caller can access the owner account. _accountMgr.checkAccess(caller, null, false, owner); for (Map.Entry<Object, AccessType> entry : entitiesToAccess.entrySet()) { Object entity = entry.getKey(); if (entity instanceof ControlledEntity) { _accountMgr.checkAccess(caller, entry.getValue(), true, (ControlledEntity) entity); } else if (entity instanceof InfrastructureEntity) { // FIXME: Move this code in adapter, remove code from // Account manager } } } } @SuppressWarnings({ "unchecked", "rawtypes" }) private void setFieldValue(final Field field, final BaseCmd cmdObj, final Object paramObj, final Parameter annotation) throws IllegalArgumentException, ParseException { try { field.setAccessible(true); final CommandType fieldType = annotation.type(); switch (fieldType) { case BOOLEAN: field.set(cmdObj, Boolean.valueOf(paramObj.toString())); break; case DATE: // This piece of code is for maintaining backward compatibility // and support both the date formats(Bug 9724) if (cmdObj instanceof ListEventsCmd || cmdObj instanceof DeleteEventsCmd || cmdObj instanceof ArchiveEventsCmd || cmdObj instanceof ArchiveAlertsCmd || cmdObj instanceof DeleteAlertsCmd || cmdObj instanceof GetUsageRecordsCmd) { final boolean isObjInNewDateFormat = isObjInNewDateFormat(paramObj.toString()); if (isObjInNewDateFormat) { final DateFormat newFormat = newInputFormat; synchronized (newFormat) { field.set(cmdObj, newFormat.parse(paramObj.toString())); } } else { final DateFormat format = inputFormat; synchronized (format) { Date date = format.parse(paramObj.toString()); if (field.getName().equals("startDate")) { date = messageDate(date, 0, 0, 0); } else if (field.getName().equals("endDate")) { date = messageDate(date, 23, 59, 59); } field.set(cmdObj, date); } } } else { final DateFormat format = inputFormat; synchronized (format) { format.setLenient(false); field.set(cmdObj, format.parse(paramObj.toString())); } } break; case FLOAT: // Assuming that the parameters have been checked for required before now, // we ignore blank or null values and defer to the command to set a default // value for optional parameters ... if (paramObj != null && isNotBlank(paramObj.toString())) { field.set(cmdObj, Float.valueOf(paramObj.toString())); } break; case DOUBLE: // Assuming that the parameters have been checked for required before now, // we ignore blank or null values and defer to the command to set a default // value for optional parameters ... if (paramObj != null && isNotBlank(paramObj.toString())) { field.set(cmdObj, Double.valueOf(paramObj.toString())); } break; case INTEGER: // Assuming that the parameters have been checked for required before now, // we ignore blank or null values and defer to the command to set a default // value for optional parameters ... if (paramObj != null && isNotBlank(paramObj.toString())) { field.set(cmdObj, Integer.valueOf(paramObj.toString())); } break; case LIST: final List listParam = new ArrayList(); final StringTokenizer st = new StringTokenizer(paramObj.toString(), ","); while (st.hasMoreTokens()) { final String token = st.nextToken(); final CommandType listType = annotation.collectionType(); switch (listType) { case INTEGER: listParam.add(Integer.valueOf(token)); break; case UUID: if (token.isEmpty()) break; final Long internalId = translateUuidToInternalId(token, annotation); listParam.add(internalId); break; case LONG: { listParam.add(Long.valueOf(token)); } break; case SHORT: listParam.add(Short.valueOf(token)); break; case STRING: listParam.add(token); break; } } field.set(cmdObj, listParam); break; case UUID: final Long internalId = translateUuidToInternalId(paramObj.toString(), annotation); field.set(cmdObj, internalId); break; case LONG: field.set(cmdObj, Long.valueOf(paramObj.toString())); break; case SHORT: field.set(cmdObj, Short.valueOf(paramObj.toString())); break; case STRING: if ((paramObj != null)) { if (paramObj.toString().length() > annotation.length()) { s_logger.error("Value greater than max allowed length " + annotation.length() + " for param: " + field.getName()); throw new InvalidParameterValueException("Value greater than max allowed length " + annotation.length() + " for param: " + field.getName()); } else { field.set(cmdObj, paramObj.toString()); } } break; case TZDATE: field.set(cmdObj, DateUtil.parseTZDateString(paramObj.toString())); break; case MAP: default: field.set(cmdObj, paramObj); break; } } catch (final IllegalAccessException ex) { s_logger.error("Error initializing command " + cmdObj.getCommandName() + ", field " + field.getName() + " is not accessible."); throw new CloudRuntimeException("Internal error initializing parameters for command " + cmdObj.getCommandName() + " [field " + field.getName() + " is not accessible]"); } } private boolean isObjInNewDateFormat(final String string) { final Matcher matcher = BaseCmd.newInputDateFormat.matcher(string); return matcher.matches(); } private Date messageDate(final Date date, final int hourOfDay, final int minute, final int second) { final Calendar cal = Calendar.getInstance(); cal.setTime(date); cal.set(Calendar.HOUR_OF_DAY, hourOfDay); cal.set(Calendar.MINUTE, minute); cal.set(Calendar.SECOND, second); return cal.getTime(); } private Long translateUuidToInternalId(final String uuid, final Parameter annotation) { if (uuid.equals("-1")) { // FIXME: This is to handle a lot of hardcoded special cases where -1 is sent // APITODO: Find and get rid of all hardcoded params in API Cmds and service layer return -1L; } Long internalId = null; // If annotation's empty, the cmd existed before 3.x try conversion to long final boolean isPre3x = annotation.since().isEmpty(); // Match against Java's UUID regex to check if input is uuid string final boolean isUuid = uuid.matches("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"); // Enforce that it's uuid for newly added apis from version 3.x if (!isPre3x && !isUuid) return null; // There may be multiple entities defined on the @EntityReference of a Response.class // UUID CommandType would expect only one entityType, so use the first entityType final Class<?>[] entities = annotation.entityType()[0].getAnnotation(EntityReference.class).value(); // Allow both uuid and internal id for pre3x apis if (isPre3x && !isUuid) { try { internalId = Long.parseLong(uuid); } catch (final NumberFormatException e) { internalId = null; } if (internalId != null) { // Populate CallContext for each of the entity. for (final Class<?> entity : entities) { CallContext.current().putContextParameter(entity, internalId); } validateNaturalNumber(internalId, annotation.name()); return internalId; } } // Go through each entity which is an interface to a VO class and get a VO object // Try to getId() for the object using reflection, break on first non-null value for (final Class<?> entity : entities) { // For backward compatibility, we search within removed entities and let service layer deal // with removed ones, return empty response or error final Object objVO = _entityMgr.findByUuidIncludingRemoved(entity, uuid); if (objVO == null) { continue; } // Invoke the getId method, get the internal long ID // If that fails hide exceptions as the uuid may not exist s try { internalId = ((InternalIdentity) objVO).getId(); } catch (final IllegalArgumentException e) { } catch (final NullPointerException e) { } // Return on first non-null Id for the uuid entity if (internalId != null) { CallContext.current().putContextParameter(entity, uuid); break; } } if (internalId == null) { if (s_logger.isDebugEnabled()) s_logger.debug("Object entity uuid = " + uuid + " does not exist in the database."); throw new InvalidParameterValueException("Invalid parameter " + annotation.name() + " value=" + uuid + " due to incorrect long value format, or entity does not exist or due to incorrect parameter annotation for the field in api cmd class."); } validateNaturalNumber(internalId, annotation.name()); return internalId; } }