diff options
author | Michael Dürre <michael.duerre@highstreet-technologies.com> | 2024-03-14 11:54:26 +0100 |
---|---|---|
committer | Michael Dürre <michael.duerre@highstreet-technologies.com> | 2024-03-19 13:46:35 +0100 |
commit | 907af9b57aa0db3ace5dc8fdaef9fb84c1392ec9 (patch) | |
tree | 02399ced147b3af57091cdba1c125d979b4c1899 /sdnr/wt/oauth-provider | |
parent | 45b972d7cf03d4815db77c3af3d49ef01040f8a1 (diff) |
fix oauth code
split oauth to realm and web functionality
Issue-ID: CCSDK-3394
Change-Id: I245a30a9df4e9a5c40af5dfe3e0d5318bceed9dc
Signed-off-by: Michael Dürre <michael.duerre@highstreet-technologies.com>
Diffstat (limited to 'sdnr/wt/oauth-provider')
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/pom.xml (renamed from sdnr/wt/oauth-provider/provider-jar/pom.xml) | 45 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java) | 4 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java | 67 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java | 44 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java) | 59 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java) | 57 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java) | 136 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java) | 2 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java) | 20 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java) | 53 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java) | 52 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java) | 8 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml | 77 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json) | 0 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-realm/pom.xml (renamed from sdnr/wt/oauth-provider/provider-osgi/pom.xml) | 22 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-web/pom.xml | 155 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml (renamed from sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml) | 30 | ||||
-rwxr-xr-x | sdnr/wt/oauth-provider/pom.xml | 7 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java | 66 | ||||
-rw-r--r-- | sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml | 353 |
65 files changed, 628 insertions, 629 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/oauth-core/pom.xml index 6ad79ef8f..4fe9c6b10 100644 --- a/sdnr/wt/oauth-provider/provider-jar/pom.xml +++ b/sdnr/wt/oauth-provider/oauth-core/pom.xml @@ -22,6 +22,7 @@ ~ ============LICENSE_END======================================================= ~ --> + <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> @@ -33,8 +34,8 @@ </parent> <groupId>org.onap.ccsdk.features.sdnr.wt</groupId> - <artifactId>sdnr-wt-oauth-provider-jar</artifactId> - <version>1.6.0-SNAPSHOT</version> + <artifactId>sdnr-wt-oauth-core</artifactId> + <version>1.6.3-SNAPSHOT</version> <packaging>jar</packaging> <name>ccsdk-features :: ${project.artifactId}</name> @@ -133,8 +134,27 @@ <scope>provided</scope> </dependency> <dependency> - <groupId>jakarta.servlet</groupId> - <artifactId>jakarta.servlet-api</artifactId> + <groupId>org.osgi</groupId> + <artifactId>org.osgi.core</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.dataformat</groupId> + <artifactId>jackson-dataformat-xml</artifactId> + </dependency> + <dependency> + <groupId>${project.groupId}</groupId> + <artifactId>sdnr-wt-yang-utils</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.osgi</groupId> + <artifactId>osgi.cmpn</artifactId> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> <scope>provided</scope> </dependency> <dependency> @@ -153,17 +173,6 @@ <scope>test</scope> </dependency> <dependency> - <groupId>com.fasterxml.jackson.dataformat</groupId> - <artifactId>jackson-dataformat-xml</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>${project.groupId}</groupId> - <artifactId>sdnr-wt-yang-utils</artifactId> - <version>${project.version}</version> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.opendaylight.mdsal.binding.model.ietf</groupId> <artifactId>rfc6991-ietf-yang-types</artifactId> <scope>test</scope> @@ -178,11 +187,5 @@ <artifactId>org.osgi.core</artifactId> <scope>test</scope> </dependency> - <dependency> - <groupId>org.osgi</groupId> - <artifactId>osgi.cmpn</artifactId> - <version>7.0.0</version> - <scope>compile</scope> - </dependency> </dependencies> </project> diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java index b9f3d6119..b9f3d6119 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java index 1caec63e0..6798026f3 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java @@ -242,14 +242,14 @@ public class Config { boolean found = false; if (isEnvExpression(key)) { - LOG.debug("try to find env var(s) for {}", key); + LOG.info("try to find env var(s) for {}", key); final Matcher matcher = pattern.matcher(key); String tmp = new String(key); while (matcher.find() && matcher.groupCount() > 0) { final String mkey = matcher.group(1); if (mkey != null) { try { - LOG.debug("match found for v={} and env key={}", key, mkey); + LOG.info("match found for v={} and env key={}", key, mkey); String envvar = mkey.substring(2, mkey.length() - 1); String env = System.getenv(envvar); tmp = tmp.replace(mkey, env == null ? "" : env); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java index aa23d4dc1..aa23d4dc1 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java index a0e97de74..a0e97de74 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java index 67186baa7..67186baa7 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java index c99ec0d71..c99ec0d71 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java index d13be9602..d13be9602 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java index 4fb0d0069..4fb0d0069 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java index 0e25b5b0f..0e25b5b0f 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java index 0371f377d..0371f377d 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java index 19eb4b68e..19eb4b68e 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java diff --git a/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java new file mode 100644 index 000000000..f5e067450 --- /dev/null +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java @@ -0,0 +1,67 @@ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data; + +import java.util.List; + +public class OdlShiroConfiguration { + + private List<MainItem> main; + private List<UrlItem> urls; + + + + public List<MainItem> getMain() { + return main; + } + + public void setMain(List<MainItem> main) { + this.main = main; + } + public List<UrlItem> getUrls() { + return urls; + } + public void setUrls(List<UrlItem> urls) { + this.urls = urls; + } + public OdlShiroConfiguration(){ + + } + + public static class BaseItem{ + private String pairKey; + private String pairValue; + + public String getPairKey() { + return pairKey; + } + + public void setPairKey(String pairKey) { + this.pairKey = pairKey; + } + + public String getPairValue() { + return pairValue; + } + + public void setPairValue(String pairValue) { + this.pairValue = pairValue; + } + + public BaseItem(){ + + } + + } + + public static class MainItem extends BaseItem{ + public MainItem(){ + super(); + } + + } + public static class UrlItem extends BaseItem{ + public UrlItem(){ + super(); + } + } + +} diff --git a/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java new file mode 100644 index 000000000..cbdc1d0d9 --- /dev/null +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java @@ -0,0 +1,44 @@ +/* + * ============LICENSE_START======================================================= + * ONAP : ccsdk features + * ================================================================================ + * Copyright (C) 2021 highstreet technologies GmbH Intellectual Property. + * All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + */ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data; + +import com.fasterxml.jackson.annotation.JsonInclude.Include; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.MapperFeature; +import com.fasterxml.jackson.databind.PropertyNamingStrategy; +import com.fasterxml.jackson.dataformat.xml.XmlMapper; +import org.onap.ccsdk.features.sdnr.wt.yang.mapper.mapperextensions.YangToolsBuilderAnnotationIntrospector; + +public class OdlXmlMapper extends XmlMapper { + + private static final long serialVersionUID = 1L; + + + public OdlXmlMapper() { + this.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + this.setSerializationInclusion(Include.NON_NULL); + this.setPropertyNamingStrategy(PropertyNamingStrategy.KEBAB_CASE); + this.enable(MapperFeature.USE_GETTERS_AS_SETTERS); + YangToolsBuilderAnnotationIntrospector introspector = new YangToolsBuilderAnnotationIntrospector(); + this.setAnnotationIntrospector(introspector); + } +} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java index d94631fe3..d94631fe3 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java index b791a4040..b791a4040 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java index f7731f0b8..f7731f0b8 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java index 0dc58efff..0dc58efff 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java index 6fb41d799..51c064819 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java @@ -21,17 +21,19 @@ */ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters; +import java.util.Locale; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.codec.Base64; +import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter; import org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter; import org.apache.shiro.web.util.WebUtils; -import org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthenticationFilter{ +public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthenticationFilter { // defined in lower-case for more efficient string comparison private static final Logger LOG = LoggerFactory.getLogger(BearerAndBasicHttpAuthenticationFilter.class); @@ -74,14 +76,16 @@ public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthentica protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { final HttpServletRequest httpRequest = WebUtils.toHttp(request); final String httpMethod = httpRequest.getMethod(); + //always allow options requests if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) { return true; - } else { - if (this.basicAuthFilter.isAccessAllowed(httpRequest, response, mappedValue)) { - LOG.debug("isAccessAllowed succeeded on basicAuth"); - return true; - } } + + if (this.basicAuthFilter.isAccessAllowed(httpRequest, response, mappedValue)) { + LOG.debug("isAccessAllowed succeeded on basicAuth"); + return true; + } + return super.isAccessAllowed(request, response, mappedValue); } @@ -111,24 +115,47 @@ public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthentica return createToken(username, password, request, response); } + private static class ODLHttpAuthenticationHelperFilter extends BasicHttpAuthenticationFilter { + + private static final Logger LOG = LoggerFactory.getLogger(ODLHttpAuthenticationHelperFilter.class); - private static class ODLHttpAuthenticationHelperFilter extends ODLHttpAuthenticationFilter{ + // defined in lower-case for more efficient string comparison + protected static final String BEARER_SCHEME = "bearer"; - ODLHttpAuthenticationHelperFilter(){ - super(); + protected static final String OPTIONS_HEADER = "OPTIONS"; + + public ODLHttpAuthenticationHelperFilter() { + LOG.info("Creating the ODLHttpAuthenticationFilter"); } @Override - protected boolean isLoginAttempt(String authzHeader) { - return super.isLoginAttempt(authzHeader); + protected String[] getPrincipalsAndCredentials(String scheme, String encoded) { + final String decoded = Base64.decodeToString(encoded); + // attempt to decode username/password; otherwise decode as token + if (decoded.contains(":")) { + return decoded.split(":"); + } + return new String[]{encoded}; } + @Override - protected String[] getPrincipalsAndCredentials(String scheme, String encoded) { - return super.getPrincipalsAndCredentials(scheme, encoded); + protected boolean isLoginAttempt(String authzHeader) { + final String authzScheme = getAuthzScheme().toLowerCase(Locale.ROOT); + final String authzHeaderLowerCase = authzHeader.toLowerCase(Locale.ROOT); + return authzHeaderLowerCase.startsWith(authzScheme) + || authzHeaderLowerCase.startsWith(BEARER_SCHEME); } + @Override - protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { - return super.isAccessAllowed(request, response, mappedValue); + protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, + Object mappedValue) { + final HttpServletRequest httpRequest = WebUtils.toHttp(request); + final String httpMethod = httpRequest.getMethod(); + if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) { + return true; + } else { + return super.isAccessAllowed(httpRequest, response, mappedValue); + } } } } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java index 26cdbe773..27ca3b3f9 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java @@ -1,11 +1,28 @@ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters; +import static com.google.common.base.Preconditions.checkArgument; +import static java.util.Objects.requireNonNull; + import com.google.common.collect.Iterables; import com.google.common.util.concurrent.Futures; import com.google.common.util.concurrent.ListenableFuture; + +import java.io.IOException; +import java.util.*; +import java.util.concurrent.ExecutionException; +import javax.servlet.Filter; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authz.AuthorizationFilter; -import org.opendaylight.mdsal.binding.api.*; +import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener; +import org.opendaylight.mdsal.binding.api.DataBroker; +import org.opendaylight.mdsal.binding.api.DataTreeIdentifier; +import org.opendaylight.mdsal.binding.api.DataTreeModification; +import org.opendaylight.mdsal.binding.api.ReadTransaction; import org.opendaylight.mdsal.common.api.LogicalDatastoreType; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies; @@ -15,18 +32,7 @@ import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.servlet.Filter; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.*; -import java.util.concurrent.ExecutionException; - -import static com.google.common.base.Preconditions.checkArgument; -import static java.util.Objects.requireNonNull; - +@SuppressWarnings("checkstyle:AbbreviationAsWordInName") public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilter implements ClusteredDataTreeChangeListener<HttpAuthorization> { @@ -35,22 +41,24 @@ public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilt private static final DataTreeIdentifier<HttpAuthorization> AUTHZ_CONTAINER = DataTreeIdentifier.create( LogicalDatastoreType.CONFIGURATION, InstanceIdentifier.create(HttpAuthorization.class)); - private final DataBroker dataBroker; + private static DataBroker dataBroker; + public static void setDataBroker(DataBroker dataBroker2){ + dataBroker = dataBroker2; + } private ListenerRegistration<?> reg; private volatile ListenableFuture<Optional<HttpAuthorization>> authContainer; - private static final ThreadLocal<DataBroker> DATABROKER_TL = new ThreadLocal<>(); public CustomizedMDSALDynamicAuthorizationFilter() { - dataBroker = requireNonNull(DATABROKER_TL.get()); + } @Override public Filter processPathConfig(final String path, final String config) { - try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) { - authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier()); - } - this.reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this); + /*if (dataBroker == null){ + throw new RuntimeException("dataBroker is not initialized"); + }*/ + return super.processPathConfig(path, config); } @@ -73,6 +81,15 @@ public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilt @Override public boolean isAccessAllowed(final ServletRequest request, final ServletResponse response, final Object mappedValue) { + if (dataBroker == null){ + throw new RuntimeException("dataBroker is not initialized"); + } + if(reg == null){ + try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) { + authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier()); + } + reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this); + } checkArgument(request instanceof HttpServletRequest, "Expected HttpServletRequest, received {}", request); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java index 338da179a..562fe5472 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java @@ -22,6 +22,7 @@ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.http; import com.fasterxml.jackson.databind.ObjectMapper; +import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; @@ -43,26 +44,23 @@ import org.apache.shiro.authc.BearerToken; import org.apache.shiro.codec.Base64; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; -import org.jolokia.osgi.security.Authenticator; -import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.NoDefinitionFoundException; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthToken; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlShiroConfiguration.MainItem; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlShiroConfiguration.UrlItem; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.CustomizedMDSALDynamicAuthorizationFilter; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService.PublicOAuthProviderConfig; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.MdSalAuthorizationStore; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.OAuthProviderFactory; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; -import org.opendaylight.aaa.api.IdMService; +import org.opendaylight.aaa.api.AuthenticationException; +import org.opendaylight.aaa.api.Claim; +import org.opendaylight.aaa.api.PasswordCredentialAuth; +import org.opendaylight.aaa.api.PasswordCredentials; +import org.opendaylight.aaa.tokenauthrealm.auth.PasswordCredentialBuilder; import org.opendaylight.mdsal.binding.api.DataBroker; -import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration; -import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.ini.Main; -import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.ini.Urls; +import org.osgi.service.http.HttpService; +import org.osgi.service.http.NamespaceException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -70,7 +68,7 @@ public class AuthHttpServlet extends HttpServlet { private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName()); private static final long serialVersionUID = 1L; - public static final String BASEURI = "/oauth"; + private static final String BASEURI = "/oauth"; private static final String LOGINURI = BASEURI + "/login"; private static final String LOGOUTURI = BASEURI + "/logout"; private static final String PROVIDERSURI = BASEURI + "/providers"; @@ -93,20 +91,26 @@ public class AuthHttpServlet extends HttpServlet { private static final String CLASSNAME_ODLMDSALAUTH = "org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter"; public static final String LOGIN_REDIRECT_FORMAT = LOGINURI + "/%s"; + private static final String URI_PRE = BASEURI; + private static final String CONFIGFILE ="/opt/opendaylight/etc/opendaylight/datastore/initial/config/aaa-app-config.xml"; private final ObjectMapper mapper; /* state <=> AuthProviderService> */ private final Map<String, AuthService> providerStore; private final TokenCreator tokenCreator; private final Config config; - private static Authenticator odlAuthenticator; - private static IdMService odlIdentityService; - private static ShiroConfiguration shiroConfiguration; private static MdSalAuthorizationStore mdsalAuthStore; + private PasswordCredentialAuth passwordCredentialAuth; + private OdlShiroConfiguration shiroConfiguration; public AuthHttpServlet() throws IllegalArgumentException, IOException, InvalidConfigurationException, UnableToConfigureOAuthService { + this(CONFIGFILE); + } + public AuthHttpServlet(String shiroconfigfile) throws IllegalArgumentException, IOException, InvalidConfigurationException, + UnableToConfigureOAuthService { this.config = Config.getInstance(); + this.shiroConfiguration = loadShiroConfig(shiroconfigfile); this.tokenCreator = TokenCreator.getInstance(this.config); this.mapper = new ObjectMapper(); this.providerStore = new HashMap<>(); @@ -116,20 +120,33 @@ public class AuthHttpServlet extends HttpServlet { } } - public void setOdlAuthenticator(Authenticator odlAuthenticator2) { - odlAuthenticator = odlAuthenticator2; + public void setDataBroker(DataBroker dataBroker) { + CustomizedMDSALDynamicAuthorizationFilter.setDataBroker(dataBroker); + mdsalAuthStore = new MdSalAuthorizationStore(dataBroker); } - public void setOdlIdentityService(IdMService odlIdentityService2) { - odlIdentityService = odlIdentityService2; + public void setPasswordCredentialAuth(PasswordCredentialAuth passwordCredentialAuth) { + this.passwordCredentialAuth = passwordCredentialAuth; } - public void setShiroConfiguration(ShiroConfiguration shiroConfiguration2) { - shiroConfiguration = shiroConfiguration2; + + public void onUnbindService(HttpService httpService) { + httpService.unregister(AuthHttpServlet.URI_PRE); + } - public void setDataBroker(DataBroker dataBroker) { - mdsalAuthStore = new MdSalAuthorizationStore(dataBroker); + public void onBindService(HttpService httpService) + throws ServletException, NamespaceException { + if (httpService == null) { + LOG.warn("Unable to inject HttpService into loader."); + } else { + httpService.registerServlet(AuthHttpServlet.URI_PRE, this, null, null); + LOG.info("oauth servlet registered."); + } + } + private static OdlShiroConfiguration loadShiroConfig(String filename) throws IOException { + OdlXmlMapper mapper = new OdlXmlMapper(); + return mapper.readValue(new File(filename), OdlShiroConfiguration.class); } @Override @@ -158,10 +175,6 @@ public class AuthHttpServlet extends HttpServlet { if (redirectUrl == null) { redirectUrl = this.config.getPublicUrl(); } - // if nothing configured and nothing from request - if(redirectUrl == null || redirectUrl.isBlank()){ - redirectUrl="/"; - } UserTokenPayload userInfo = this.tokenCreator.decode(bearerToken); if (bearerToken != null && userInfo != null && !userInfo.isInternal()) { AuthService provider = this.providerStore.getOrDefault(userInfo.getProviderId(), null); @@ -194,27 +207,26 @@ public class AuthHttpServlet extends HttpServlet { /** * find out what urls can be accessed by user and which are forbidden - * + * <p> * urlEntries: "anon" -> any access allowed "authcXXX" -> no grouping rule -> any access for user allowed "authcXXX, * roles[abc] -> user needs to have role abc "authcXXX, roles["abc,def"] -> user needs to have roles abc AND def * "authcXXX, anyroles[abc] -> user needs to have role abc "authcXXX, anyroles["abc,def"] -> user needs to have * roles abc OR def * - * * @param req * @return */ private List<OdlPolicy> getPoliciesForUser(HttpServletRequest req) { - List<Urls> urlRules = shiroConfiguration.getUrls(); - UserTokenPayload data = this.getUserInfo(req); List<OdlPolicy> policies = new ArrayList<>(); + List<UrlItem> urlRules = this.shiroConfiguration.getUrls(); + UserTokenPayload data = this.getUserInfo(req); if (urlRules != null) { LOG.debug("try to find rules for user {} with roles {}", data == null ? "null" : data.getPreferredUsername(), data == null ? "null" : data.getRoles()); final String regex = "^([^,]+)[,]?[\\ ]?([anyroles]+)?(\\[\"?([a-zA-Z,]+)\"?\\])?"; final Pattern pattern = Pattern.compile(regex); Matcher matcher; - for (Urls urlRule : urlRules) { + for (UrlItem urlRule : urlRules) { matcher = pattern.matcher(urlRule.getPairValue()); if (matcher.find()) { try { @@ -223,7 +235,7 @@ public class AuthHttpServlet extends HttpServlet { //anon access allowed if (authClass == null) { policy = Optional.of(OdlPolicy.allowAll(urlRule.getPairKey())); - } else if (authClass.equals(CLASSNAME_ODLBASICAUTH)) { + } else if (authClass.equals(CLASSNAME_ODLBASICAUTH) || "authcBasic".equals(urlRule.getPairKey())) { policy = isBasic(req) ? this.getTokenBasedPolicy(urlRule, matcher, data) : Optional.of(OdlPolicy.denyAll(urlRule.getPairKey())); } else if (authClass.equals(CLASSNAME_ODLBEARERANDBASICAUTH)) { @@ -259,7 +271,7 @@ public class AuthHttpServlet extends HttpServlet { * @param data * @return */ - private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, UserTokenPayload data) { + private Optional<OdlPolicy> getMdSalBasedPolicy(UrlItem urlRule, UserTokenPayload data) { if (mdsalAuthStore != null) { return data != null ? mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles()) : Optional.of(OdlPolicy.denyAll(urlRule.getPairKey())); @@ -275,7 +287,8 @@ public class AuthHttpServlet extends HttpServlet { * @param data * @return */ - private Optional<OdlPolicy> getTokenBasedPolicy(Urls urlRule, Matcher matcher, UserTokenPayload data) { + private Optional<OdlPolicy> getTokenBasedPolicy(UrlItem urlRule, Matcher matcher, + UserTokenPayload data) { final String url = urlRule.getPairKey(); final String rule = urlRule.getPairValue(); if (!rule.contains(",")) { @@ -312,8 +325,11 @@ public class AuthHttpServlet extends HttpServlet { if ("anon".equals(key)) { return null; } - List<Main> list = shiroConfiguration.getMain(); - Optional<Main> main = + if("authcBasic".equals(key)){ + return CLASSNAME_ODLBASICAUTH; + } + List<MainItem> list = shiroConfiguration.getMain(); + Optional<MainItem> main = list == null ? Optional.empty() : list.stream().filter(e -> e.getPairKey().equals(key)).findFirst(); if (main.isPresent()) { return main.get().getPairValue(); @@ -334,7 +350,7 @@ public class AuthHttpServlet extends HttpServlet { if (!username.contains("@")) { username = String.format("%s@%s", username, domain); } - List<String> roles = odlIdentityService.listRoles(username, domain); + List<String> roles = List.of();// odlIdentityService.listRoles(username, domain); return UserTokenPayload.createInternal(username, roles); } } @@ -361,12 +377,12 @@ public class AuthHttpServlet extends HttpServlet { private static boolean isBasic(HttpServletRequest req) { final String header = req.getHeader(HEAEDER_AUTHORIZATION); - return header == null ? false : header.startsWith("Basic"); + return header != null && header.startsWith("Basic"); } private static boolean isBearer(HttpServletRequest req) { final String header = req.getHeader(HEAEDER_AUTHORIZATION); - return header == null ? false : header.startsWith("Bearer"); + return header != null && header.startsWith("Bearer"); } private boolean rolesMatch(List<String> userRoles, List<String> policyRoles, boolean any) { @@ -399,7 +415,7 @@ public class AuthHttpServlet extends HttpServlet { hostUrl = matcher.group(1); } } - LOG.debug("host={}", hostUrl); + LOG.info("host={}", hostUrl); return hostUrl; } @@ -451,17 +467,21 @@ public class AuthHttpServlet extends HttpServlet { } } - resp.sendError(HttpServletResponse.SC_NOT_FOUND); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); } private BearerToken doLogin(String username, String password, String domain) { - if (!username.contains("@")) { - username = String.format("%s@%s", username, domain); + + PasswordCredentials pc = + (new PasswordCredentialBuilder()).setUserName(username).setPassword(password).setDomain(domain).build(); + Claim claim = null; + try { + claim = this.passwordCredentialAuth.authenticate(pc); + } catch (AuthenticationException e) { + LOG.warn("unable to authentication user {} for domain {}: ", username, domain, e); } - HttpServletRequest req = new HeadersOnlyHttpServletRequest( - Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue(username, password))); - if (odlAuthenticator.authenticate(req)) { - List<String> roles = odlIdentityService.listRoles(username, domain); + if (claim != null) { + List<String> roles = claim.roles().stream().toList();//odlIdentityService.listRoles(username, domain); UserTokenPayload data = new UserTokenPayload(); data.setPreferredUsername(username); data.setFamilyName(""); @@ -470,15 +490,16 @@ public class AuthHttpServlet extends HttpServlet { data.setExp(this.tokenCreator.getDefaultExp()); data.setRoles(roles); return this.tokenCreator.createNewJWT(data); - + } else { + LOG.info("unable to read auth from authservice"); } return null; } - private void sendResponse(HttpServletResponse resp, int code) throws IOException { +/* private void sendResponse(HttpServletResponse resp, int code) throws IOException { this.sendResponse(resp, code, null); - } + }*/ private void sendResponse(HttpServletResponse resp, int code, Object data) throws IOException { byte[] output = data != null ? mapper.writeValueAsString(data).getBytes() : new byte[0]; @@ -486,14 +507,13 @@ public class AuthHttpServlet extends HttpServlet { resp.setStatus(code); resp.setContentLength(output.length); resp.setContentType("application/json"); - ServletOutputStream os = null; - os = resp.getOutputStream(); + ServletOutputStream os = resp.getOutputStream(); os.write(output); } private void logout() { - final Subject subject = SecurityUtils.getSubject(); + /* final Subject subject = SecurityUtils.getSubject(); try { subject.logout(); Session session = subject.getSession(false); @@ -502,6 +522,6 @@ public class AuthHttpServlet extends HttpServlet { } } catch (ShiroException e) { LOG.debug("Couldn't log out {}", subject, e); - } + }*/ } } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java index 31b6d696f..31b6d696f 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java index 6b1a8eddd..6b1a8eddd 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java index ca455dc72..ca455dc72 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java index 2dc0b5746..2dc0b5746 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java index fc6869751..d271948c2 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java @@ -102,7 +102,7 @@ public class GitlabProviderService extends AuthService { @Override protected UserTokenPayload requestUserRoles(String access_token, long issued_at, long expires_at) { - LOG.debug("reqesting user roles with token={}", access_token); + LOG.info("reqesting user roles with token={}", access_token); Map<String, String> authHeaders = new HashMap<>(); authHeaders.put("Authorization", String.format("Bearer %s", access_token)); Optional<MappedBaseHttpResponse<GitlabUserInfo>> userInfo = diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java index bdbf9286a..bdbf9286a 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java index 4bf35e72d..4bf35e72d 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java index 73bae5d4c..73bae5d4c 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java index 152569930..152569930 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java index fac46f6b1..fac46f6b1 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java index 028dff9dd..028dff9dd 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java index 436d47827..d8720e823 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java @@ -157,18 +157,16 @@ public class TokenCreator { public String getBearerToken(HttpServletRequest req, boolean checkCookie) { final String authHeader = req.getHeader("Authorization"); if ((authHeader == null || !authHeader.startsWith("Bearer")) && checkCookie) { - if(req!=null) { - Cookie[] cookies = req.getCookies(); - Optional<Cookie> ocookie = Optional.empty(); - if (cookies != null) { - ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName())) - .findFirst(); - } - if (ocookie.isEmpty()) { - return null; - } - return ocookie.get().getValue(); + Cookie[] cookies = req.getCookies(); + Optional<Cookie> ocookie = Optional.empty(); + if (cookies != null) { + ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName())) + .findFirst(); } + if (ocookie.isEmpty()) { + return null; + } + return ocookie.get().getValue(); } return authHeader.substring(7); } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java index 7b4adefda..3e9205733 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java @@ -21,9 +21,11 @@ */ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.test; +import java.util.Set; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; +import org.junit.Ignore; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -45,6 +47,7 @@ import org.jolokia.osgi.security.Authenticator; import org.json.JSONArray; import org.junit.BeforeClass; import org.junit.Test; +import org.mockito.internal.matchers.Any; import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient; import org.onap.ccsdk.features.sdnr.wt.common.test.ServletOutputStreamToByteArrayOutputStream; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; @@ -57,8 +60,12 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.HeadersOnlyHttpServlet import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlJsonMapper; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlXmlMapper; +import org.opendaylight.aaa.api.Claim; import org.opendaylight.aaa.api.IdMService; import org.apache.shiro.authc.BearerToken; +import org.opendaylight.aaa.api.PasswordCredentialAuth; +import org.opendaylight.aaa.api.PasswordCredentials; +import org.opendaylight.aaa.shiro.web.env.AAAShiroWebEnvironment; import org.opendaylight.mdsal.binding.api.DataBroker; import org.opendaylight.mdsal.binding.api.ReadTransaction; import org.opendaylight.mdsal.common.api.LogicalDatastoreType; @@ -79,7 +86,7 @@ public class TestAuthHttpServlet { private static DataBroker dataBroker = loadDynamicMdsalAuthDataBroker(); private static Authenticator odlAuthenticator = mock(Authenticator.class); private static IdMService odlIdentityService = mock(IdMService.class); - private static ShiroConfiguration shiroConfiguration = null; + private static PasswordCredentialAuth passwordCredentialAuth; private static TokenCreator tokenCreator; // private static final HttpServletRequest authreq = new HeadersOnlyHttpServletRequest( // Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue("admin@sdn", "admin"))); @@ -91,14 +98,13 @@ public class TestAuthHttpServlet { Config config = createConfigFile(); tokenCreator = TokenCreator.getInstance(config); servlet = new TestServlet(); - shiroConfiguration = loadShiroConfig(TESTSHIROCONFIGFILE); } catch (IOException | InvalidConfigurationException e) { fail(e.getMessage()); } servlet.setDataBroker(dataBroker); - servlet.setOdlAuthenticator(odlAuthenticator); - servlet.setOdlIdentityService(odlIdentityService); - servlet.setShiroConfiguration(shiroConfiguration); + passwordCredentialAuth = mock(PasswordCredentialAuth.class); + + servlet.setPasswordCredentialAuth(passwordCredentialAuth); } private static DataBroker loadDynamicMdsalAuthDataBroker() { @@ -170,7 +176,33 @@ public class TestAuthHttpServlet { when(req.getRequestURI()).thenReturn("/oauth/login"); when(req.getParameter("username")).thenReturn("admin"); when(req.getParameter("password")).thenReturn("admin"); - when(odlAuthenticator.authenticate(any(HeadersOnlyHttpServletRequest.class))).thenReturn(true); + Claim claim = new Claim() { + @Override + public String clientId() { + return "admin"; + } + + @Override + public String userId() { + return "admin"; + } + + @Override + public String user() { + return null; + } + + @Override + public String domain() { + return "sdn"; + } + + @Override + public Set<String> roles() { + return Set.of("admin"); + } + }; + when(passwordCredentialAuth.authenticate(any(PasswordCredentials.class))).thenReturn(claim); HttpServletResponse resp = mock(HttpServletResponse.class); ServletOutputStreamToByteArrayOutputStream printOut = new ServletOutputStreamToByteArrayOutputStream(); try { @@ -207,6 +239,9 @@ public class TestAuthHttpServlet { } @Test +/* + @Ignore +*/ public void testPoliciesAnon() { HttpServletRequest req = mock(HttpServletRequest.class); @@ -267,13 +302,13 @@ public class TestAuthHttpServlet { assertEquals(9, anonPolicies.length); OdlPolicy pApidoc = find(anonPolicies, "/apidoc/**"); assertNotNull(pApidoc); - assertAllEquals(true, pApidoc); + assertAllEquals(false, pApidoc); OdlPolicy pOauth = find(anonPolicies, "/oauth/**"); assertNotNull(pOauth); assertAllEquals(true, pOauth); OdlPolicy pRestconf = find(anonPolicies, "/rests/**"); assertNotNull(pRestconf); - assertAllEquals(true, pRestconf); + assertAllEquals(false, pRestconf); } @Test @@ -353,7 +388,7 @@ public class TestAuthHttpServlet { private static final long serialVersionUID = 1L; public TestServlet() throws IllegalArgumentException, Exception { - super(); + super(TESTSHIROCONFIGFILE); } @Override diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java index 80ae8cf95..80ae8cf95 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java index 421b61919..421b61919 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java index 6c2390ea0..6c2390ea0 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java index acc7c6b36..acc7c6b36 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java index 31d72944c..31d72944c 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java index 2d03bab1d..2d03bab1d 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java index 84d8e0a96..84d8e0a96 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java index c1d3fd1ea..ebf01a1ba 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java @@ -31,8 +31,6 @@ import java.io.IOException; import java.util.Arrays; import java.util.HashSet; import java.util.List; -import java.util.function.Supplier; - import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; @@ -48,50 +46,44 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; import org.opendaylight.aaa.api.Authentication; -import org.opendaylight.aaa.api.AuthenticationService; import org.opendaylight.aaa.api.TokenStore; import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal; import org.opendaylight.aaa.shiro.realm.TokenAuthRealm; import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationManager; import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators; -import org.opendaylight.mdsal.binding.api.DataBroker; public class TestRealm { private static OAuth2RealmToTest realm; private static TokenCreator tokenCreator; - private static final AuthenticationManager authManager = new AuthenticationManager(); - private static final TokenAuthenticators tokenAuth = new TokenAuthenticators(); - - private static final TokenStore tokenStore = new TokenStore(){ - - @Override - public void put(String token, Authentication auth) { - - } - - @Override - public Authentication get(String token) { - return null; - } - - @Override - public boolean delete(String token) { - return false; - } - - @Override - public long tokenExpiration() { - return 0; - } - }; @BeforeClass public static void init() throws IllegalArgumentException, Exception { - TokenAuthRealm.prepareForLoad(authManager,tokenAuth,tokenStore); + try { Config config = Config.getInstance(TestConfig.TEST_CONFIG_FILENAME); tokenCreator = TokenCreator.getInstance(config); + TokenAuthRealm.prepareForLoad(new AuthenticationManager(), new TokenAuthenticators(), new TokenStore() { + @Override + public void put(String token, Authentication auth) { + + } + + @Override + public Authentication get(String token) { + return null; + } + + @Override + public boolean delete(String token) { + return false; + } + + @Override + public long tokenExpiration() { + return 0; + } + }); realm = new OAuth2RealmToTest(); } catch (IOException e) { fail(e.getMessage()); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java index b0cc0253b..7d51b2fe8 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java @@ -42,12 +42,12 @@ public class OdlJsonMapper extends ObjectMapper { this.enable(MapperFeature.USE_GETTERS_AS_SETTERS); YangToolsBuilderAnnotationIntrospector introspector = new YangToolsBuilderAnnotationIntrospector(); //introspector.addDeserializer(Main.class, ShiroMainBuilder.class.getName()); - introspector.addDeserializer(Permissions.class,PermissionsBuilder.class.getName()); + //introspector.addDeserializer(Permissions.class,PermissionsBuilder.class.getName()); this.setAnnotationIntrospector(introspector); this.registerModule(new YangToolsModule()); } - public static class PermissionsBuilder { + /* public static class PermissionsBuilder implements Builder<Permissions> { private Permissions _value; public PermissionsBuilder() { @@ -57,9 +57,9 @@ public class OdlJsonMapper extends ObjectMapper { this._value = value; } - + @Override public Permissions build() { return this._value; } - } + }*/ } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java index b965878e8..b965878e8 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java diff --git a/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml new file mode 100644 index 000000000..e46508d68 --- /dev/null +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml @@ -0,0 +1,77 @@ +<?xml version="1.0" ?> + + +<shiro-configuration xmlns="urn:opendaylight:aaa:app:config"> + + + <main> + <pair-key>tokenAuthRealm</pair-key> + <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value> + </main> + + <main> + <pair-key>securityManager.realms</pair-key> + <pair-value>$tokenAuthRealm</pair-value> + </main> + + <main> + <pair-key>anyroles</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value> + </main> + <main> + <pair-key>authcBearer</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value> + </main> + + <main> + <pair-key>accountingListener</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value> + </main> + <main> + <pair-key>securityManager.authenticator.authenticationListeners</pair-key> + <pair-value>$accountingListener</pair-value> + </main> + + <main> + <pair-key>dynamicAuthorization</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value> + </main> + + <urls> + <pair-key>/**/operations/cluster-admin**</pair-key> + <pair-value>dynamicAuthorization</pair-value> + </urls> + <urls> + <pair-key>/**/v1/**</pair-key> + <pair-value>authcBearer, roles[admin]</pair-value> + </urls> + <urls> + <pair-key>/**/config/aaa*/**</pair-key> + <pair-value>authcBearer, roles[admin]</pair-value> + </urls> + <urls> + <pair-key>/oauth/**</pair-key> + <pair-value>anon</pair-value> + </urls> + <urls> + <pair-key>/odlux/**</pair-key> + <pair-value>anon</pair-value> + </urls> + <urls> + <pair-key>/apidoc/**</pair-key> + <pair-value>authcBasic, roles[admin]</pair-value> + </urls> + <urls> + <pair-key>/test123/**</pair-key> + <pair-value>authcBasic</pair-value> + </urls> + <urls> + <pair-key>/rests/**</pair-key> + <pair-value>authcBearer, anyroles["admin,provision"]</pair-value> + </urls> + <urls> + <pair-key>/**</pair-key> + <pair-value>authcBearer, anyroles["admin,provision"]</pair-value> + </urls> +</shiro-configuration> + diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key index c0c15e014..c0c15e014 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub index add863aef..add863aef 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key index 6b4e8c7bc..6b4e8c7bc 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub index 7191c95f8..7191c95f8 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json index a1627682b..a1627682b 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json index 85fc37cc8..85fc37cc8 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json index 0a6bd7231..0a6bd7231 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json index b08332b41..b08332b41 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json index c62ed9458..c62ed9458 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json index 4e5707fa1..4e5707fa1 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json index a55576b9e..a55576b9e 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json index 30b80c45a..30b80c45a 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json index 02a4e8f5f..02a4e8f5f 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json index eddc6c362..eddc6c362 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json diff --git a/sdnr/wt/oauth-provider/provider-osgi/pom.xml b/sdnr/wt/oauth-provider/oauth-realm/pom.xml index 99634cbeb..7cd840cbc 100644 --- a/sdnr/wt/oauth-provider/provider-osgi/pom.xml +++ b/sdnr/wt/oauth-provider/oauth-realm/pom.xml @@ -22,6 +22,7 @@ ~ ============LICENSE_END======================================================= ~ --> + <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> @@ -33,8 +34,8 @@ </parent> <groupId>org.onap.ccsdk.features.sdnr.wt</groupId> - <artifactId>sdnr-wt-oauth-provider</artifactId> - <version>1.6.0-SNAPSHOT</version> + <artifactId>sdnr-wt-oauth-realm</artifactId> + <version>1.6.3-SNAPSHOT</version> <packaging>bundle</packaging> <name>ccsdk-features :: ${project.artifactId}</name> @@ -53,7 +54,7 @@ <dependencies> <dependency> <groupId>${project.groupId}</groupId> - <artifactId>sdnr-wt-oauth-provider-jar</artifactId> + <artifactId>sdnr-wt-oauth-core</artifactId> <version>${project.version}</version> <exclusions> <exclusion> @@ -88,8 +89,6 @@ <Export-Package> org.onap.ccsdk.features.sdnr.wt.oauthprovider;version=${project.version}, org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;version=${project.version}, - org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;version=${project.version}, - org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client;version=${project.version}, org.onap.ccsdk.features.sdnr.wt.oauthprovider.data;version=${project.version}, org.onap.ccsdk.features.sdnr.wt.oauthprovider.services;version=${project.version} </Export-Package> @@ -108,22 +107,22 @@ javax.xml.parsers, javax.xml.namespace, javax.xml.transform.stream, + org.apache.commons.codec.binary, + org.apache.shiro, org.apache.shiro.authc, org.apache.shiro.authz, org.apache.shiro.realm, org.apache.shiro.subject, + org.apache.shiro.web.filter.authc, org.apache.shiro.web.filter.authz, + org.apache.shiro.web.util, org.jolokia.osgi.security, org.onap.ccsdk.features.sdnr.wt.common.http, org.opendaylight.aaa.api, org.opendaylight.aaa.api.shiro.principal, org.opendaylight.aaa.shiro.realm, - org.opendaylight.aaa.shiro.filters, - org.opendaylight.aaa.shiro.web.env, org.opendaylight.mdsal.binding.api, org.opendaylight.mdsal.common.api, - org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619, - org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration, org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214, org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization, org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies, @@ -131,7 +130,7 @@ org.opendaylight.yangtools.concepts, org.opendaylight.yangtools.yang.binding, org.opendaylight.yangtools.yang.common, - org.osgi.service.http, + org.slf4j, com.fasterxml.jackson.databind, com.fasterxml.jackson.databind.deser.std, com.fasterxml.jackson.databind.ser.std, @@ -139,7 +138,6 @@ com.fasterxml.jackson.annotation, com.fasterxml.jackson.core.type, com.fasterxml.jackson.core, - org.apache.commons.codec.binary, com.google.common.base, com.google.common.collect, com.google.common.util.concurrent @@ -147,7 +145,7 @@ <Embed-Dependency>*;scope=compile|runtime;inline=false</Embed-Dependency> <Embed-Dependency>*;scope=compile|runtime;artifactId=!shiro-core;inline=false</Embed-Dependency> <Embed-Transitive>true</Embed-Transitive> - <Fragment-Host>org.opendaylight.aaa.repackaged-shiro</Fragment-Host> + <Fragment-Host>org.opendaylight.aaa.shiro</Fragment-Host> </instructions> </configuration> </plugin> diff --git a/sdnr/wt/oauth-provider/oauth-web/pom.xml b/sdnr/wt/oauth-provider/oauth-web/pom.xml new file mode 100644 index 000000000..668f92fd8 --- /dev/null +++ b/sdnr/wt/oauth-provider/oauth-web/pom.xml @@ -0,0 +1,155 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ ============LICENSE_START======================================================= + ~ ONAP : ccsdk features + ~ ================================================================================ + ~ Copyright (C) 2019 highstreet technologies GmbH Intellectual Property. + ~ All rights reserved. + ~ ================================================================================ + ~ Update Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. + ~ ================================================================================ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + ~ ============LICENSE_END======================================================= + ~ + --> + +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.onap.ccsdk.parent</groupId> + <artifactId>binding-parent</artifactId> + <version>2.6.1</version> + <relativePath/> + </parent> + + <groupId>org.onap.ccsdk.features.sdnr.wt</groupId> + <artifactId>sdnr-wt-oauth-web</artifactId> + <version>1.6.3-SNAPSHOT</version> + <packaging>bundle</packaging> + + <name>ccsdk-features :: ${project.artifactId}</name> + <licenses> + <license> + <name>Apache License, Version 2.0</name> + <url>http://www.apache.org/licenses/LICENSE-2.0</url> + </license> + </licenses> + + <properties> + <maven.javadoc.skip>true</maven.javadoc.skip> + <checkstyle.skip>true</checkstyle.skip> + </properties> + <dependencies> + <dependency> + <groupId>${project.groupId}</groupId> + <artifactId>sdnr-wt-oauth-core</artifactId> + <version>${project.version}</version> + <exclusions> + <exclusion> + <groupId>org.opendaylight.aaa</groupId> + <artifactId>aaa-shiro</artifactId> + </exclusion> + <exclusion> + <groupId>org.opendaylight.aaa</groupId> + <artifactId>aaa-shiro</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.shiro</groupId> + <artifactId>shiro-web</artifactId> + </exclusion> + <exclusion> + <groupId>${project.groupId}</groupId> + <artifactId>sdnr-wt-common</artifactId> + </exclusion> + </exclusions> + </dependency> + </dependencies> + <build> + <plugins> + <plugin> + <groupId>org.apache.felix</groupId> + <artifactId>maven-bundle-plugin</artifactId> + <extensions>true</extensions> + <configuration> + <instructions> + <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName> + <Bundle-Version>${project.version}</Bundle-Version> + <Export-Package> + org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;version=${project.version}, + org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client;version=${project.version} + </Export-Package> + <Import-Package> + javax.servlet, + javax.servlet.http, + javax.net.ssl, + javax.crypto, + javax.crypto.spec, + javax.xml.transform, + javax.xml.datatype, + javax.management, + javax.security.auth, + javax.security.auth.login, + javax.security.auth.callback, + javax.xml.parsers, + javax.xml.namespace, + javax.xml.transform.stream, + org.apache.commons.codec.binary, + org.apache.shiro, + org.apache.shiro.authc, + org.apache.shiro.authz, + org.apache.shiro.config, + org.apache.shiro.realm, + org.apache.shiro.subject, + org.apache.shiro.web.env, + org.apache.shiro.web.filter.authz, + org.jolokia.osgi.security, + org.onap.ccsdk.features.sdnr.wt.common.http, + org.onap.ccsdk.features.sdnr.wt.yang.mapper.mapperextensions, + org.opendaylight.aaa.api, + org.opendaylight.aaa.api.shiro.principal, + org.opendaylight.aaa.shiro.realm, + org.opendaylight.aaa.shiro.web.env, + org.opendaylight.aaa.tokenauthrealm.auth, + org.opendaylight.mdsal.binding.api, + org.opendaylight.mdsal.common.api, + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214, + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization, + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies, + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.permission, + org.opendaylight.yangtools.concepts, + org.opendaylight.yangtools.yang.binding, + org.opendaylight.yangtools.yang.common, + org.osgi.service.http, + org.slf4j, + com.fasterxml.jackson.databind, + com.fasterxml.jackson.databind.deser.std, + com.fasterxml.jackson.databind.ser.std, + com.fasterxml.jackson.databind.module, + com.fasterxml.jackson.dataformat.xml, + com.fasterxml.jackson.annotation, + com.fasterxml.jackson.core.type, + com.fasterxml.jackson.core, + com.google.common.base, + com.google.common.collect, + com.google.common.util.concurrent + </Import-Package> + <!-- <Embed-Dependency>*;scope=compile|runtime;inline=false</Embed-Dependency>--> + <Embed-Dependency>*;scope=compile|runtime;artifactId=sdnr-wt-oauth-core,java-jwt,bcprov-jdk15on,aaa-shiro;inline=false</Embed-Dependency> + <Embed-Transitive>true</Embed-Transitive> + </instructions> + </configuration> + </plugin> + </plugins> + </build> +</project> diff --git a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml b/sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml index a8258dc8b..c782e3ee1 100644 --- a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml +++ b/sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml @@ -26,32 +26,16 @@ <blueprint xmlns:odl="http://opendaylight.org/xmlns/blueprint/v1.0.0" xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" odl:use-default-for-reference-types="true"> - <reference id="odlAuthenticator" interface="org.jolokia.osgi.security.Authenticator" /> - - <reference id="odlIdentityService" interface="org.opendaylight.aaa.api.IdMService" /> - - <reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker" /> - - <bean id="provider" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.Helper" init-method="init" destroy-method="close"> - <property ref="odlAuthenticator" name="odlAuthenticator" /> - <property ref="odlIdentityService" name="odlIdentityService" /> - <property ref="shiroConfiguration" name="shiroConfiguration" /> - <property ref="dataBroker" name="dataBroker" /> - </bean> - + <reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker"/> + <reference id="passwordCredentialAuth" interface="org.opendaylight.aaa.api.PasswordCredentialAuth"/> <reference id="onBindService" availability="mandatory" activation="eager" interface="org.osgi.service.http.HttpService"> - <reference-listener ref="provider" bind-method="onBindService" unbind-method="onUnbindService"/> + <reference-listener ref="authServlet" bind-method="onBindService" unbind-method="onUnbindService"/> </reference> - <odl:clustered-app-config - binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration" - id="shiroConfiguration" default-config-file-name="aaa-app-config.xml" /> - - <bean id="authServlet" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet"> - <property ref="odlAuthenticator" name="odlAuthenticator" /> - <property ref="odlIdentityService" name="odlIdentityService" /> - <property ref="shiroConfiguration" name="shiroConfiguration" /> - <property ref="dataBroker" name="dataBroker" /> + <bean id="authServlet" + class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet"> + <property ref="dataBroker" name="dataBroker" /> + <property ref="passwordCredentialAuth" name="passwordCredentialAuth" /> </bean> </blueprint> diff --git a/sdnr/wt/oauth-provider/pom.xml b/sdnr/wt/oauth-provider/pom.xml index 587d9679f..764c50c8d 100755 --- a/sdnr/wt/oauth-provider/pom.xml +++ b/sdnr/wt/oauth-provider/pom.xml @@ -34,14 +34,15 @@ <groupId>org.onap.ccsdk.features.sdnr.wt</groupId> <artifactId>sdnr-wt-oauth-provider-top</artifactId> - <version>1.6.0-SNAPSHOT</version> + <version>1.6.3-SNAPSHOT</version> <packaging>pom</packaging> <name>ccsdk-features :: ${project.artifactId}</name> <modules> - <module>provider-jar</module> - <module>provider-osgi</module> + <module>oauth-core</module> + <module>oauth-realm</module> + <module>oauth-web</module> </modules> <properties> diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java deleted file mode 100644 index 38947a124..000000000 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.onap.ccsdk.features.sdnr.wt.oauthprovider; - -import org.jolokia.osgi.security.Authenticator; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet; -import org.opendaylight.aaa.api.IdMService; -import org.opendaylight.mdsal.binding.api.DataBroker; -import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration; -import org.osgi.service.http.HttpService; -import org.osgi.service.http.NamespaceException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.servlet.ServletException; -import java.io.IOException; - -public class Helper { - - private static final Logger LOG = LoggerFactory.getLogger(Helper.class); - private AuthHttpServlet authServlet; - - public Helper() throws UnableToConfigureOAuthService, IOException, InvalidConfigurationException { - this.authServlet = new AuthHttpServlet(); - - } - - public void onUnbindService(HttpService httpService) { - httpService.unregister(AuthHttpServlet.BASEURI); - this.authServlet = null; - } - - public void onBindService(HttpService httpService) - throws ServletException, NamespaceException { - if (httpService == null) { - LOG.warn("Unable to inject HttpService into loader."); - } else { - httpService.registerServlet(AuthHttpServlet.BASEURI, authServlet, null, null); - LOG.info("auth servlet registered."); - } - } - - public void setOdlAuthenticator(Authenticator odlAuthenticator) { - authServlet.setOdlAuthenticator(odlAuthenticator); - } - - public void setOdlIdentityService(IdMService odlIdentityService) { - this.authServlet.setOdlIdentityService(odlIdentityService); - } - - public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) { - this.authServlet.setShiroConfiguration(shiroConfiguration); - } - - public void setDataBroker(DataBroker dataBroker) { - this.authServlet.setDataBroker(dataBroker); - } - - public void init() { - - } - - public void close() { - - } -} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml deleted file mode 100644 index 1929fde8e..000000000 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml +++ /dev/null @@ -1,353 +0,0 @@ -<?xml version="1.0" ?> -<!-- - Copyright (c) 2017 Inocybe Technologies and others. All rights reserved. - - This program and the accompanying materials are made available under the - terms of the Eclipse Public License v1.0 which accompanies this distribution, - and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License, - Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0 - SPDX-License-Identifier: EPL-1.0 OR Apache-2.0 ---> - -<!-- - /////////////////////////////////////////////////////////////////////////////////////// - // clustered-app-config instance responsible for AAA configuration. In the future, // - // this will contain all AAA related configuration. // - /////////////////////////////////////////////////////////////////////////////////////// ---> - -<shiro-configuration xmlns="urn:opendaylight:aaa:app:config"> - - <!-- - /////////////////////////////////////////////////////////////////////////////////// - // shiro-configuration is the model based container that contains all shiro // - // related information used in ODL AAA configuration. It is the sole pain of // - // glass for shiro related configuration, and is how to configure shiro concepts // - // such as: // - // * realms // - // * urls // - // * security manager settings // - // // - // In general, you really shouldn't muck with the settings in this file. The // - // way an operator should configure AAA shiro settings is through one of ODL's // - // northbound interfaces (i.e., RESTCONF or NETCONF). These are just the // - // defaults if no values are specified in MD-SAL. The reason this file is so // - // verbose is for two reasons: // - // 1) to demonstrate payload examples for plausible configuration scenarios // - // 2) to allow bootstrap of the controller (first time start) since otherwise // - // configuration becomes a chicken and the egg problem. // - // // - /////////////////////////////////////////////////////////////////////////////////// - --> - - <!-- - =================================================================================== - = = - = = - = MAIN = - = = - = = - =================================================================================== - --> - - <!-- - =================================================================================== - ============================ ODLJndiLdapRealmAuthNOnly ============================ - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with an external LDAP = - = server for authentication only. For authorization support, refer = - = to ODLJndiLdapRealm. = - =================================================================================== - --> - <!-- Start ldapRealm commented out - <main> - <pair-key>ldapRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value> - </main> - <main> - <pair-key>ldapRealm.userDnTemplate</pair-key> - <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value> - </main> - <main> - <pair-key>ldapRealm.contextFactory.url</pair-key> - <pair-value>ldap://<URL>:389</pair-value> - </main> - <main> - <pair-key>ldapRealm.searchBase</pair-key> - <pair-value>dc=DOMAIN,dc=TLD</pair-value> - </main> - <main> - <pair-key>ldapRealm.groupRolesMap</pair-key> - <pair-value>"person":"admin", "organizationalPerson":"user"</pair-value> - </main> - <main> - <pair-key>ldapRealm.ldapAttributeForComparison</pair-key> - <pair-value>objectClass</pair-value> - </main> - End ldapRealm commented out--> - - <!-- - =================================================================================== - ============================= ODLActiveDirectoryRealm ============================= - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with an external AD = - = IDP server. = - =================================================================================== - --> - <!-- Start adRealm commented out - <main> - <pair-key>adRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value> - </main> - <main> - <pair-key>adRealm.searchBase</pair-key> - <pair-value>"CN=Users,DC=example,DC=com"</pair-value> - </main> - <main> - <pair-key>adRealm.systemUsername</pair-key> - <pair-value>aduser@example.com</pair-value> - </main> - <main> - <pair-key>adRealm.systemPassword</pair-key> - <pair-value>adpassword</pair-value> - </main> - <main> - <pair-key>adRealm.url</pair-key> - <pair-value>ldaps://adserver:636</pair-value> - </main> - <main> - <pair-key>adRealm.groupRolesMap</pair-key> - <pair-value>"CN=sysadmin,CN=Users,DC=example,DC=com":"admin", "CN=unprivileged,CN=Users,DC=example,DC=com":"user"</pair-value> - </main> - End adRealm commented out--> - - <!-- - =================================================================================== - ================================== ODLJdbcRealm =================================== - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with an external JDBC = - = DBMS. = - =================================================================================== - --> - <!-- Start jdbcRealm commented out - <main> - <pair-key>ds</pair-key> - <pair-value>com.mysql.jdbc.Driver</pair-value> - </main> - <main> - <pair-key>ds.serverName</pair-key> - <pair-value>localhost</pair-value> - </main> - <main> - <pair-key>ds.user</pair-key> - <pair-value>user</pair-value> - </main> - <main> - <pair-key>ds.password</pair-key> - <pair-value>password</pair-value> - </main> - <main> - <pair-key>ds.databaseName</pair-key> - <pair-value>db_name</pair-value> - </main> - <main> - <pair-key>jdbcRealm</pair-key> - <pair-value>ODLJdbcRealm</pair-value> - </main> - <main> - <pair-key>jdbcRealm.dataSource</pair-key> - <pair-value>$ds</pair-value> - </main> - <main> - <pair-key>jdbcRealm.authenticationQuery</pair-key> - <pair-value>"SELECT password FROM users WHERE user_name = ?"</pair-value> - </main> - <main> - <pair-key>jdbcRealm.userRolesQuery</pair-key> - <pair-value>"SELECT role_name FROM user_rolesWHERE user_name = ?"</pair-value> - </main> - End jdbcRealm commented out--> - - <!-- - =================================================================================== - ================================= TokenAuthRealm ================================== - =================================================================================== - = = - = Description: A Realm implementation utilizing a per node H2 database store. = - =================================================================================== - --> -<!-- <main> --> -<!-- <pair-key>tokenAuthRealm</pair-key> --> -<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> --> -<!-- </main> --> - <main> - <pair-key>tokenAuthRealm</pair-key> - <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value> - </main> - - <!-- - =================================================================================== - =================================== MdsalRealm ==================================== - =================================================================================== - = = - = Description: A Realm implementation utilizing the aaa.yang model. = - =================================================================================== - --> - <!-- Start mdsalRealm commented out - <main> - <pair-key>mdsalRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value> - </main> - End mdsalRealm commented out--> - - <!-- - =================================================================================== - ================================= MoonAuthRealm =================================== - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with OPNFV Moon. = - =================================================================================== - --> - <!-- Start moonAuthRealm commented out - <main> - <pair-key>moonAuthRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value> - </main> - <main> - <pair-key>moonAuthRealm.moonServerURL</pair-key> - <pair-value>http://<host>:<port></pair-value> - </main> - End moonAuthRealm commented out--> - - <!-- - =================================================================================== - ================================= KeystoneAuthRealm == ============================ - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with an OpenStack = - = Keystone. = - =================================================================================== - --> - <!-- Start keystoneAuthRealm commented out - <main> - <pair-key>keystoneAuthRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value> - </main> - <main> - <pair-key>keystoneAuthRealm.url</pair-key> - <pair-value>https://<host>:<port></pair-value> - </main> - <main> - <pair-key>keystoneAuthRealm.sslVerification</pair-key> - <pair-value>true</pair-value> - </main> - <main> - <pair-key>keystoneAuthRealm.defaultDomain</pair-key> - <pair-value>Default</pair-value> - </main> - --> - - <!-- - Add tokenAuthRealm as the only realm. To enable mdsalRealm, add it to the list to he right of tokenAuthRealm. - --> - <main> - <pair-key>securityManager.realms</pair-key> - <pair-value>$tokenAuthRealm</pair-value> - </main> - <!-- Used to support OAuth2 use case. --> - <main> - <pair-key>authcBasic</pair-key> - <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value> - </main> - <main> - <pair-key>anyroles</pair-key> - <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value> - </main> - <main> - <pair-key>authcBearer</pair-key> - <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value> - </main> - - <!-- Start moonAuthRealm commented out - <main> - <pair-key>rest</pair-key> - <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value> - </main> - End moonAuthRealm commented out--> - - <!-- in order to track AAA challenge attempts --> - <main> - <pair-key>accountingListener</pair-key> - <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value> - </main> - <main> - <pair-key>securityManager.authenticator.authenticationListeners</pair-key> - <pair-value>$accountingListener</pair-value> - </main> - - <!-- Model based authorization scheme supporting RBAC for REST endpoints --> - <main> - <pair-key>dynamicAuthorization</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value> - </main> -<!-- <main> --> -<!-- <pair-key>securityManager.sessionManager.sessionIdCookieEnabled</pair-key> --> -<!-- <pair-value>false</pair-value> --> -<!-- </main> --> - - <!-- - =================================================================================== - = = - = = - = URLS = - = = - = = - =================================================================================== - --> - <!-- Start moonAuthRealm commented out - <urls> - <pair-key>/token</pair-key> - <pair-value>rest</pair-value> - </urls> - End moonAuthRealm commented out--> - <urls> - <pair-key>/**/operations/cluster-admin**</pair-key> - <pair-value>dynamicAuthorization</pair-value> - </urls> - <urls> - <pair-key>/**/v1/**</pair-key> - <pair-value>authcBearer, roles[admin]</pair-value> - </urls> - <urls> - <pair-key>/**/config/aaa*/**</pair-key> - <pair-value>authcBearer, roles[admin]</pair-value> - </urls> - <urls> - <pair-key>/oauth/**</pair-key> - <pair-value>anon</pair-value> - </urls> - <urls> - <pair-key>/odlux/**</pair-key> - <pair-value>anon</pair-value> - </urls> - <urls> - <pair-key>/apidoc/**</pair-key> - <pair-value>authcBasic, roles[admin]</pair-value> - </urls> - <urls> - <pair-key>/test123/**</pair-key> - <pair-value>authcBasic</pair-value> - </urls> - <urls> - <pair-key>/rests/**</pair-key> - <pair-value>authcBearer, anyroles["admin,provision"]</pair-value> - </urls> - <urls> - <pair-key>/**</pair-key> - <pair-value>authcBearer, anyroles["admin,provision"]</pair-value> - </urls> -</shiro-configuration> - |