rafaelweingartner commented on issue #2894: api: don't throttle api discovery for listApis command URL: https://github.com/apache/cloudstack/pull/2894#issuecomment-429033087 @csquire, from your PR description I understood that we should not need/use the API rate limit service. Therefore, we only need to check if the user has access to the API method. Is that it? If that is the case, why don’t we do something different? At `org.apache.cloudstack.discovery.ApiDiscoveryServiceImpl.listApis(User, String)` method, instead of injecting all "APIChecker” implementations, we can only inject the `StaticRoleBasedAPIAccessChecker` and `DynamicRoleBasedAPIAccessChecker`. Then, you solve all of your problems with little or no coding at all. To change the beans that are injected you can change the XML file `spring-server-core-misc-context.xml`. There is a bean called `apiDiscoveryServiceImpl`; then, you need to check the property being configured `apiAccessCheckers`. I guess you can change the property injection from: `<property name="apiAccessCheckers" value="#{apiCheckersRegistry.registered}" />` To something like: ``` <property name="apiAccessCheckers"> <util:list list-class="org.apache.cloudstack.acl.APIChecker"> <ref bean="DynamicRoleBasedAPIAccessChecker" /> <ref bean="StaticRoleBasedAPIAccessChecker" /> </util:list> </property> ``` Of course, you need to import the “util” namespace in `spring-server-core-misc-context.xml`, but that is quite easy to do.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
