summaryrefslogtreecommitdiffstats
path: root/sdnr/wt/oauth-provider
diff options
context:
space:
mode:
authorMichael Dürre <michael.duerre@highstreet-technologies.com>2024-03-14 11:54:26 +0100
committerMichael Dürre <michael.duerre@highstreet-technologies.com>2024-03-19 13:46:35 +0100
commit907af9b57aa0db3ace5dc8fdaef9fb84c1392ec9 (patch)
tree02399ced147b3af57091cdba1c125d979b4c1899 /sdnr/wt/oauth-provider
parent45b972d7cf03d4815db77c3af3d49ef01040f8a1 (diff)
fix oauth code
split oauth to realm and web functionality Issue-ID: CCSDK-3394 Change-Id: I245a30a9df4e9a5c40af5dfe3e0d5318bceed9dc Signed-off-by: Michael Dürre <michael.duerre@highstreet-technologies.com>
Diffstat (limited to 'sdnr/wt/oauth-provider')
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/pom.xml (renamed from sdnr/wt/oauth-provider/provider-jar/pom.xml)45
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java)4
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java67
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java44
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java)59
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java)57
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java)136
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java)2
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java)20
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java)53
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java)52
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java)8
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml77
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json (renamed from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json)0
-rw-r--r--sdnr/wt/oauth-provider/oauth-realm/pom.xml (renamed from sdnr/wt/oauth-provider/provider-osgi/pom.xml)22
-rw-r--r--sdnr/wt/oauth-provider/oauth-web/pom.xml155
-rw-r--r--sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml (renamed from sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml)30
-rwxr-xr-xsdnr/wt/oauth-provider/pom.xml7
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java66
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml353
65 files changed, 628 insertions, 629 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/oauth-core/pom.xml
index 6ad79ef8f..4fe9c6b10 100644
--- a/sdnr/wt/oauth-provider/provider-jar/pom.xml
+++ b/sdnr/wt/oauth-provider/oauth-core/pom.xml
@@ -22,6 +22,7 @@
~ ============LICENSE_END=======================================================
~
-->
+
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
@@ -33,8 +34,8 @@
</parent>
<groupId>org.onap.ccsdk.features.sdnr.wt</groupId>
- <artifactId>sdnr-wt-oauth-provider-jar</artifactId>
- <version>1.6.0-SNAPSHOT</version>
+ <artifactId>sdnr-wt-oauth-core</artifactId>
+ <version>1.6.3-SNAPSHOT</version>
<packaging>jar</packaging>
<name>ccsdk-features :: ${project.artifactId}</name>
@@ -133,8 +134,27 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>jakarta.servlet</groupId>
- <artifactId>jakarta.servlet-api</artifactId>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.dataformat</groupId>
+ <artifactId>jackson-dataformat-xml</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>sdnr-wt-yang-utils</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.cmpn</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
@@ -153,17 +173,6 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>com.fasterxml.jackson.dataformat</groupId>
- <artifactId>jackson-dataformat-xml</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>sdnr-wt-yang-utils</artifactId>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.opendaylight.mdsal.binding.model.ietf</groupId>
<artifactId>rfc6991-ietf-yang-types</artifactId>
<scope>test</scope>
@@ -178,11 +187,5 @@
<artifactId>org.osgi.core</artifactId>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>osgi.cmpn</artifactId>
- <version>7.0.0</version>
- <scope>compile</scope>
- </dependency>
</dependencies>
</project>
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java
index b9f3d6119..b9f3d6119 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
index 1caec63e0..6798026f3 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
@@ -242,14 +242,14 @@ public class Config {
boolean found = false;
if (isEnvExpression(key)) {
- LOG.debug("try to find env var(s) for {}", key);
+ LOG.info("try to find env var(s) for {}", key);
final Matcher matcher = pattern.matcher(key);
String tmp = new String(key);
while (matcher.find() && matcher.groupCount() > 0) {
final String mkey = matcher.group(1);
if (mkey != null) {
try {
- LOG.debug("match found for v={} and env key={}", key, mkey);
+ LOG.info("match found for v={} and env key={}", key, mkey);
String envvar = mkey.substring(2, mkey.length() - 1);
String env = System.getenv(envvar);
tmp = tmp.replace(mkey, env == null ? "" : env);
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java
index aa23d4dc1..aa23d4dc1 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java
index a0e97de74..a0e97de74 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java
index 67186baa7..67186baa7 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java
index c99ec0d71..c99ec0d71 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java
index d13be9602..d13be9602 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
index 4fb0d0069..4fb0d0069 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java
index 0e25b5b0f..0e25b5b0f 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java
index 0371f377d..0371f377d 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java
index 19eb4b68e..19eb4b68e 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java
diff --git a/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java
new file mode 100644
index 000000000..f5e067450
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java
@@ -0,0 +1,67 @@
+package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data;
+
+import java.util.List;
+
+public class OdlShiroConfiguration {
+
+ private List<MainItem> main;
+ private List<UrlItem> urls;
+
+
+
+ public List<MainItem> getMain() {
+ return main;
+ }
+
+ public void setMain(List<MainItem> main) {
+ this.main = main;
+ }
+ public List<UrlItem> getUrls() {
+ return urls;
+ }
+ public void setUrls(List<UrlItem> urls) {
+ this.urls = urls;
+ }
+ public OdlShiroConfiguration(){
+
+ }
+
+ public static class BaseItem{
+ private String pairKey;
+ private String pairValue;
+
+ public String getPairKey() {
+ return pairKey;
+ }
+
+ public void setPairKey(String pairKey) {
+ this.pairKey = pairKey;
+ }
+
+ public String getPairValue() {
+ return pairValue;
+ }
+
+ public void setPairValue(String pairValue) {
+ this.pairValue = pairValue;
+ }
+
+ public BaseItem(){
+
+ }
+
+ }
+
+ public static class MainItem extends BaseItem{
+ public MainItem(){
+ super();
+ }
+
+ }
+ public static class UrlItem extends BaseItem{
+ public UrlItem(){
+ super();
+ }
+ }
+
+}
diff --git a/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java
new file mode 100644
index 000000000..cbdc1d0d9
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java
@@ -0,0 +1,44 @@
+/*
+ * ============LICENSE_START=======================================================
+ * ONAP : ccsdk features
+ * ================================================================================
+ * Copyright (C) 2021 highstreet technologies GmbH Intellectual Property.
+ * All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ */
+package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data;
+
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.MapperFeature;
+import com.fasterxml.jackson.databind.PropertyNamingStrategy;
+import com.fasterxml.jackson.dataformat.xml.XmlMapper;
+import org.onap.ccsdk.features.sdnr.wt.yang.mapper.mapperextensions.YangToolsBuilderAnnotationIntrospector;
+
+public class OdlXmlMapper extends XmlMapper {
+
+ private static final long serialVersionUID = 1L;
+
+
+ public OdlXmlMapper() {
+ this.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+ this.setSerializationInclusion(Include.NON_NULL);
+ this.setPropertyNamingStrategy(PropertyNamingStrategy.KEBAB_CASE);
+ this.enable(MapperFeature.USE_GETTERS_AS_SETTERS);
+ YangToolsBuilderAnnotationIntrospector introspector = new YangToolsBuilderAnnotationIntrospector();
+ this.setAnnotationIntrospector(introspector);
+ }
+}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java
index d94631fe3..d94631fe3 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java
index b791a4040..b791a4040 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java
index f7731f0b8..f7731f0b8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java
index 0dc58efff..0dc58efff 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java
index 6fb41d799..51c064819 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java
@@ -21,17 +21,19 @@
*/
package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;
+import java.util.Locale;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.codec.Base64;
+import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
-import org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthenticationFilter{
+public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthenticationFilter {
// defined in lower-case for more efficient string comparison
private static final Logger LOG = LoggerFactory.getLogger(BearerAndBasicHttpAuthenticationFilter.class);
@@ -74,14 +76,16 @@ public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthentica
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
final HttpServletRequest httpRequest = WebUtils.toHttp(request);
final String httpMethod = httpRequest.getMethod();
+ //always allow options requests
if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) {
return true;
- } else {
- if (this.basicAuthFilter.isAccessAllowed(httpRequest, response, mappedValue)) {
- LOG.debug("isAccessAllowed succeeded on basicAuth");
- return true;
- }
}
+
+ if (this.basicAuthFilter.isAccessAllowed(httpRequest, response, mappedValue)) {
+ LOG.debug("isAccessAllowed succeeded on basicAuth");
+ return true;
+ }
+
return super.isAccessAllowed(request, response, mappedValue);
}
@@ -111,24 +115,47 @@ public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthentica
return createToken(username, password, request, response);
}
+ private static class ODLHttpAuthenticationHelperFilter extends BasicHttpAuthenticationFilter {
+
+ private static final Logger LOG = LoggerFactory.getLogger(ODLHttpAuthenticationHelperFilter.class);
- private static class ODLHttpAuthenticationHelperFilter extends ODLHttpAuthenticationFilter{
+ // defined in lower-case for more efficient string comparison
+ protected static final String BEARER_SCHEME = "bearer";
- ODLHttpAuthenticationHelperFilter(){
- super();
+ protected static final String OPTIONS_HEADER = "OPTIONS";
+
+ public ODLHttpAuthenticationHelperFilter() {
+ LOG.info("Creating the ODLHttpAuthenticationFilter");
}
@Override
- protected boolean isLoginAttempt(String authzHeader) {
- return super.isLoginAttempt(authzHeader);
+ protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
+ final String decoded = Base64.decodeToString(encoded);
+ // attempt to decode username/password; otherwise decode as token
+ if (decoded.contains(":")) {
+ return decoded.split(":");
+ }
+ return new String[]{encoded};
}
+
@Override
- protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
- return super.getPrincipalsAndCredentials(scheme, encoded);
+ protected boolean isLoginAttempt(String authzHeader) {
+ final String authzScheme = getAuthzScheme().toLowerCase(Locale.ROOT);
+ final String authzHeaderLowerCase = authzHeader.toLowerCase(Locale.ROOT);
+ return authzHeaderLowerCase.startsWith(authzScheme)
+ || authzHeaderLowerCase.startsWith(BEARER_SCHEME);
}
+
@Override
- protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
- return super.isAccessAllowed(request, response, mappedValue);
+ protected boolean isAccessAllowed(ServletRequest request, ServletResponse response,
+ Object mappedValue) {
+ final HttpServletRequest httpRequest = WebUtils.toHttp(request);
+ final String httpMethod = httpRequest.getMethod();
+ if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) {
+ return true;
+ } else {
+ return super.isAccessAllowed(httpRequest, response, mappedValue);
+ }
}
}
}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java
index 26cdbe773..27ca3b3f9 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java
@@ -1,11 +1,28 @@
package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;
+import static com.google.common.base.Preconditions.checkArgument;
+import static java.util.Objects.requireNonNull;
+
import com.google.common.collect.Iterables;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
+
+import java.io.IOException;
+import java.util.*;
+import java.util.concurrent.ExecutionException;
+import javax.servlet.Filter;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
-import org.opendaylight.mdsal.binding.api.*;
+import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
+import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
+import org.opendaylight.mdsal.binding.api.DataTreeModification;
+import org.opendaylight.mdsal.binding.api.ReadTransaction;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies;
@@ -15,18 +32,7 @@ import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.servlet.Filter;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.*;
-import java.util.concurrent.ExecutionException;
-
-import static com.google.common.base.Preconditions.checkArgument;
-import static java.util.Objects.requireNonNull;
-
+@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilter
implements ClusteredDataTreeChangeListener<HttpAuthorization> {
@@ -35,22 +41,24 @@ public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilt
private static final DataTreeIdentifier<HttpAuthorization> AUTHZ_CONTAINER = DataTreeIdentifier.create(
LogicalDatastoreType.CONFIGURATION, InstanceIdentifier.create(HttpAuthorization.class));
- private final DataBroker dataBroker;
+ private static DataBroker dataBroker;
+ public static void setDataBroker(DataBroker dataBroker2){
+ dataBroker = dataBroker2;
+ }
private ListenerRegistration<?> reg;
private volatile ListenableFuture<Optional<HttpAuthorization>> authContainer;
- private static final ThreadLocal<DataBroker> DATABROKER_TL = new ThreadLocal<>();
public CustomizedMDSALDynamicAuthorizationFilter() {
- dataBroker = requireNonNull(DATABROKER_TL.get());
+
}
@Override
public Filter processPathConfig(final String path, final String config) {
- try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) {
- authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier());
- }
- this.reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this);
+ /*if (dataBroker == null){
+ throw new RuntimeException("dataBroker is not initialized");
+ }*/
+
return super.processPathConfig(path, config);
}
@@ -73,6 +81,15 @@ public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilt
@Override
public boolean isAccessAllowed(final ServletRequest request, final ServletResponse response,
final Object mappedValue) {
+ if (dataBroker == null){
+ throw new RuntimeException("dataBroker is not initialized");
+ }
+ if(reg == null){
+ try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) {
+ authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier());
+ }
+ reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this);
+ }
checkArgument(request instanceof HttpServletRequest, "Expected HttpServletRequest, received {}", request);
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
index 338da179a..562fe5472 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
@@ -22,6 +22,7 @@
package org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;
import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
@@ -43,26 +44,23 @@ import org.apache.shiro.authc.BearerToken;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
-import org.jolokia.osgi.security.Authenticator;
-import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.NoDefinitionFoundException;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthToken;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlShiroConfiguration.MainItem;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlShiroConfiguration.UrlItem;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.CustomizedMDSALDynamicAuthorizationFilter;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService.PublicOAuthProviderConfig;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.MdSalAuthorizationStore;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.OAuthProviderFactory;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
-import org.opendaylight.aaa.api.IdMService;
+import org.opendaylight.aaa.api.AuthenticationException;
+import org.opendaylight.aaa.api.Claim;
+import org.opendaylight.aaa.api.PasswordCredentialAuth;
+import org.opendaylight.aaa.api.PasswordCredentials;
+import org.opendaylight.aaa.tokenauthrealm.auth.PasswordCredentialBuilder;
import org.opendaylight.mdsal.binding.api.DataBroker;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.ini.Main;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.ini.Urls;
+import org.osgi.service.http.HttpService;
+import org.osgi.service.http.NamespaceException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -70,7 +68,7 @@ public class AuthHttpServlet extends HttpServlet {
private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName());
private static final long serialVersionUID = 1L;
- public static final String BASEURI = "/oauth";
+ private static final String BASEURI = "/oauth";
private static final String LOGINURI = BASEURI + "/login";
private static final String LOGOUTURI = BASEURI + "/logout";
private static final String PROVIDERSURI = BASEURI + "/providers";
@@ -93,20 +91,26 @@ public class AuthHttpServlet extends HttpServlet {
private static final String CLASSNAME_ODLMDSALAUTH =
"org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter";
public static final String LOGIN_REDIRECT_FORMAT = LOGINURI + "/%s";
+ private static final String URI_PRE = BASEURI;
+ private static final String CONFIGFILE ="/opt/opendaylight/etc/opendaylight/datastore/initial/config/aaa-app-config.xml";
private final ObjectMapper mapper;
/* state <=> AuthProviderService> */
private final Map<String, AuthService> providerStore;
private final TokenCreator tokenCreator;
private final Config config;
- private static Authenticator odlAuthenticator;
- private static IdMService odlIdentityService;
- private static ShiroConfiguration shiroConfiguration;
private static MdSalAuthorizationStore mdsalAuthStore;
+ private PasswordCredentialAuth passwordCredentialAuth;
+ private OdlShiroConfiguration shiroConfiguration;
public AuthHttpServlet() throws IllegalArgumentException, IOException, InvalidConfigurationException,
UnableToConfigureOAuthService {
+ this(CONFIGFILE);
+ }
+ public AuthHttpServlet(String shiroconfigfile) throws IllegalArgumentException, IOException, InvalidConfigurationException,
+ UnableToConfigureOAuthService {
this.config = Config.getInstance();
+ this.shiroConfiguration = loadShiroConfig(shiroconfigfile);
this.tokenCreator = TokenCreator.getInstance(this.config);
this.mapper = new ObjectMapper();
this.providerStore = new HashMap<>();
@@ -116,20 +120,33 @@ public class AuthHttpServlet extends HttpServlet {
}
}
- public void setOdlAuthenticator(Authenticator odlAuthenticator2) {
- odlAuthenticator = odlAuthenticator2;
+ public void setDataBroker(DataBroker dataBroker) {
+ CustomizedMDSALDynamicAuthorizationFilter.setDataBroker(dataBroker);
+ mdsalAuthStore = new MdSalAuthorizationStore(dataBroker);
}
- public void setOdlIdentityService(IdMService odlIdentityService2) {
- odlIdentityService = odlIdentityService2;
+ public void setPasswordCredentialAuth(PasswordCredentialAuth passwordCredentialAuth) {
+ this.passwordCredentialAuth = passwordCredentialAuth;
}
- public void setShiroConfiguration(ShiroConfiguration shiroConfiguration2) {
- shiroConfiguration = shiroConfiguration2;
+
+ public void onUnbindService(HttpService httpService) {
+ httpService.unregister(AuthHttpServlet.URI_PRE);
+
}
- public void setDataBroker(DataBroker dataBroker) {
- mdsalAuthStore = new MdSalAuthorizationStore(dataBroker);
+ public void onBindService(HttpService httpService)
+ throws ServletException, NamespaceException {
+ if (httpService == null) {
+ LOG.warn("Unable to inject HttpService into loader.");
+ } else {
+ httpService.registerServlet(AuthHttpServlet.URI_PRE, this, null, null);
+ LOG.info("oauth servlet registered.");
+ }
+ }
+ private static OdlShiroConfiguration loadShiroConfig(String filename) throws IOException {
+ OdlXmlMapper mapper = new OdlXmlMapper();
+ return mapper.readValue(new File(filename), OdlShiroConfiguration.class);
}
@Override
@@ -158,10 +175,6 @@ public class AuthHttpServlet extends HttpServlet {
if (redirectUrl == null) {
redirectUrl = this.config.getPublicUrl();
}
- // if nothing configured and nothing from request
- if(redirectUrl == null || redirectUrl.isBlank()){
- redirectUrl="/";
- }
UserTokenPayload userInfo = this.tokenCreator.decode(bearerToken);
if (bearerToken != null && userInfo != null && !userInfo.isInternal()) {
AuthService provider = this.providerStore.getOrDefault(userInfo.getProviderId(), null);
@@ -194,27 +207,26 @@ public class AuthHttpServlet extends HttpServlet {
/**
* find out what urls can be accessed by user and which are forbidden
- *
+ * <p>
* urlEntries: "anon" -> any access allowed "authcXXX" -> no grouping rule -> any access for user allowed "authcXXX,
* roles[abc] -> user needs to have role abc "authcXXX, roles["abc,def"] -> user needs to have roles abc AND def
* "authcXXX, anyroles[abc] -> user needs to have role abc "authcXXX, anyroles["abc,def"] -> user needs to have
* roles abc OR def
*
- *
* @param req
* @return
*/
private List<OdlPolicy> getPoliciesForUser(HttpServletRequest req) {
- List<Urls> urlRules = shiroConfiguration.getUrls();
- UserTokenPayload data = this.getUserInfo(req);
List<OdlPolicy> policies = new ArrayList<>();
+ List<UrlItem> urlRules = this.shiroConfiguration.getUrls();
+ UserTokenPayload data = this.getUserInfo(req);
if (urlRules != null) {
LOG.debug("try to find rules for user {} with roles {}",
data == null ? "null" : data.getPreferredUsername(), data == null ? "null" : data.getRoles());
final String regex = "^([^,]+)[,]?[\\ ]?([anyroles]+)?(\\[\"?([a-zA-Z,]+)\"?\\])?";
final Pattern pattern = Pattern.compile(regex);
Matcher matcher;
- for (Urls urlRule : urlRules) {
+ for (UrlItem urlRule : urlRules) {
matcher = pattern.matcher(urlRule.getPairValue());
if (matcher.find()) {
try {
@@ -223,7 +235,7 @@ public class AuthHttpServlet extends HttpServlet {
//anon access allowed
if (authClass == null) {
policy = Optional.of(OdlPolicy.allowAll(urlRule.getPairKey()));
- } else if (authClass.equals(CLASSNAME_ODLBASICAUTH)) {
+ } else if (authClass.equals(CLASSNAME_ODLBASICAUTH) || "authcBasic".equals(urlRule.getPairKey())) {
policy = isBasic(req) ? this.getTokenBasedPolicy(urlRule, matcher, data)
: Optional.of(OdlPolicy.denyAll(urlRule.getPairKey()));
} else if (authClass.equals(CLASSNAME_ODLBEARERANDBASICAUTH)) {
@@ -259,7 +271,7 @@ public class AuthHttpServlet extends HttpServlet {
* @param data
* @return
*/
- private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, UserTokenPayload data) {
+ private Optional<OdlPolicy> getMdSalBasedPolicy(UrlItem urlRule, UserTokenPayload data) {
if (mdsalAuthStore != null) {
return data != null ? mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles())
: Optional.of(OdlPolicy.denyAll(urlRule.getPairKey()));
@@ -275,7 +287,8 @@ public class AuthHttpServlet extends HttpServlet {
* @param data
* @return
*/
- private Optional<OdlPolicy> getTokenBasedPolicy(Urls urlRule, Matcher matcher, UserTokenPayload data) {
+ private Optional<OdlPolicy> getTokenBasedPolicy(UrlItem urlRule, Matcher matcher,
+ UserTokenPayload data) {
final String url = urlRule.getPairKey();
final String rule = urlRule.getPairValue();
if (!rule.contains(",")) {
@@ -312,8 +325,11 @@ public class AuthHttpServlet extends HttpServlet {
if ("anon".equals(key)) {
return null;
}
- List<Main> list = shiroConfiguration.getMain();
- Optional<Main> main =
+ if("authcBasic".equals(key)){
+ return CLASSNAME_ODLBASICAUTH;
+ }
+ List<MainItem> list = shiroConfiguration.getMain();
+ Optional<MainItem> main =
list == null ? Optional.empty() : list.stream().filter(e -> e.getPairKey().equals(key)).findFirst();
if (main.isPresent()) {
return main.get().getPairValue();
@@ -334,7 +350,7 @@ public class AuthHttpServlet extends HttpServlet {
if (!username.contains("@")) {
username = String.format("%s@%s", username, domain);
}
- List<String> roles = odlIdentityService.listRoles(username, domain);
+ List<String> roles = List.of();// odlIdentityService.listRoles(username, domain);
return UserTokenPayload.createInternal(username, roles);
}
}
@@ -361,12 +377,12 @@ public class AuthHttpServlet extends HttpServlet {
private static boolean isBasic(HttpServletRequest req) {
final String header = req.getHeader(HEAEDER_AUTHORIZATION);
- return header == null ? false : header.startsWith("Basic");
+ return header != null && header.startsWith("Basic");
}
private static boolean isBearer(HttpServletRequest req) {
final String header = req.getHeader(HEAEDER_AUTHORIZATION);
- return header == null ? false : header.startsWith("Bearer");
+ return header != null && header.startsWith("Bearer");
}
private boolean rolesMatch(List<String> userRoles, List<String> policyRoles, boolean any) {
@@ -399,7 +415,7 @@ public class AuthHttpServlet extends HttpServlet {
hostUrl = matcher.group(1);
}
}
- LOG.debug("host={}", hostUrl);
+ LOG.info("host={}", hostUrl);
return hostUrl;
}
@@ -451,17 +467,21 @@ public class AuthHttpServlet extends HttpServlet {
}
}
- resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
private BearerToken doLogin(String username, String password, String domain) {
- if (!username.contains("@")) {
- username = String.format("%s@%s", username, domain);
+
+ PasswordCredentials pc =
+ (new PasswordCredentialBuilder()).setUserName(username).setPassword(password).setDomain(domain).build();
+ Claim claim = null;
+ try {
+ claim = this.passwordCredentialAuth.authenticate(pc);
+ } catch (AuthenticationException e) {
+ LOG.warn("unable to authentication user {} for domain {}: ", username, domain, e);
}
- HttpServletRequest req = new HeadersOnlyHttpServletRequest(
- Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue(username, password)));
- if (odlAuthenticator.authenticate(req)) {
- List<String> roles = odlIdentityService.listRoles(username, domain);
+ if (claim != null) {
+ List<String> roles = claim.roles().stream().toList();//odlIdentityService.listRoles(username, domain);
UserTokenPayload data = new UserTokenPayload();
data.setPreferredUsername(username);
data.setFamilyName("");
@@ -470,15 +490,16 @@ public class AuthHttpServlet extends HttpServlet {
data.setExp(this.tokenCreator.getDefaultExp());
data.setRoles(roles);
return this.tokenCreator.createNewJWT(data);
-
+ } else {
+ LOG.info("unable to read auth from authservice");
}
return null;
}
- private void sendResponse(HttpServletResponse resp, int code) throws IOException {
+/* private void sendResponse(HttpServletResponse resp, int code) throws IOException {
this.sendResponse(resp, code, null);
- }
+ }*/
private void sendResponse(HttpServletResponse resp, int code, Object data) throws IOException {
byte[] output = data != null ? mapper.writeValueAsString(data).getBytes() : new byte[0];
@@ -486,14 +507,13 @@ public class AuthHttpServlet extends HttpServlet {
resp.setStatus(code);
resp.setContentLength(output.length);
resp.setContentType("application/json");
- ServletOutputStream os = null;
- os = resp.getOutputStream();
+ ServletOutputStream os = resp.getOutputStream();
os.write(output);
}
private void logout() {
- final Subject subject = SecurityUtils.getSubject();
+ /* final Subject subject = SecurityUtils.getSubject();
try {
subject.logout();
Session session = subject.getSession(false);
@@ -502,6 +522,6 @@ public class AuthHttpServlet extends HttpServlet {
}
} catch (ShiroException e) {
LOG.debug("Couldn't log out {}", subject, e);
- }
+ }*/
}
}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java
index 31b6d696f..31b6d696f 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java
index 6b1a8eddd..6b1a8eddd 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java
index ca455dc72..ca455dc72 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
index 2dc0b5746..2dc0b5746 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java
index fc6869751..d271948c2 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java
@@ -102,7 +102,7 @@ public class GitlabProviderService extends AuthService {
@Override
protected UserTokenPayload requestUserRoles(String access_token, long issued_at, long expires_at) {
- LOG.debug("reqesting user roles with token={}", access_token);
+ LOG.info("reqesting user roles with token={}", access_token);
Map<String, String> authHeaders = new HashMap<>();
authHeaders.put("Authorization", String.format("Bearer %s", access_token));
Optional<MappedBaseHttpResponse<GitlabUserInfo>> userInfo =
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
index bdbf9286a..bdbf9286a 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
index 4bf35e72d..4bf35e72d 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java
index 73bae5d4c..73bae5d4c 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java
index 152569930..152569930 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java
index fac46f6b1..fac46f6b1 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java
index 028dff9dd..028dff9dd 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
index 436d47827..d8720e823 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
@@ -157,18 +157,16 @@ public class TokenCreator {
public String getBearerToken(HttpServletRequest req, boolean checkCookie) {
final String authHeader = req.getHeader("Authorization");
if ((authHeader == null || !authHeader.startsWith("Bearer")) && checkCookie) {
- if(req!=null) {
- Cookie[] cookies = req.getCookies();
- Optional<Cookie> ocookie = Optional.empty();
- if (cookies != null) {
- ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName()))
- .findFirst();
- }
- if (ocookie.isEmpty()) {
- return null;
- }
- return ocookie.get().getValue();
+ Cookie[] cookies = req.getCookies();
+ Optional<Cookie> ocookie = Optional.empty();
+ if (cookies != null) {
+ ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName()))
+ .findFirst();
}
+ if (ocookie.isEmpty()) {
+ return null;
+ }
+ return ocookie.get().getValue();
}
return authHeader.substring(7);
}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java
index 7b4adefda..3e9205733 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java
@@ -21,9 +21,11 @@
*/
package org.onap.ccsdk.features.sdnr.wt.oauthprovider.test;
+import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
+import org.junit.Ignore;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@@ -45,6 +47,7 @@ import org.jolokia.osgi.security.Authenticator;
import org.json.JSONArray;
import org.junit.BeforeClass;
import org.junit.Test;
+import org.mockito.internal.matchers.Any;
import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
import org.onap.ccsdk.features.sdnr.wt.common.test.ServletOutputStreamToByteArrayOutputStream;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
@@ -57,8 +60,12 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.HeadersOnlyHttpServlet
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlJsonMapper;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlXmlMapper;
+import org.opendaylight.aaa.api.Claim;
import org.opendaylight.aaa.api.IdMService;
import org.apache.shiro.authc.BearerToken;
+import org.opendaylight.aaa.api.PasswordCredentialAuth;
+import org.opendaylight.aaa.api.PasswordCredentials;
+import org.opendaylight.aaa.shiro.web.env.AAAShiroWebEnvironment;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.mdsal.binding.api.ReadTransaction;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
@@ -79,7 +86,7 @@ public class TestAuthHttpServlet {
private static DataBroker dataBroker = loadDynamicMdsalAuthDataBroker();
private static Authenticator odlAuthenticator = mock(Authenticator.class);
private static IdMService odlIdentityService = mock(IdMService.class);
- private static ShiroConfiguration shiroConfiguration = null;
+ private static PasswordCredentialAuth passwordCredentialAuth;
private static TokenCreator tokenCreator;
// private static final HttpServletRequest authreq = new HeadersOnlyHttpServletRequest(
// Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue("admin@sdn", "admin")));
@@ -91,14 +98,13 @@ public class TestAuthHttpServlet {
Config config = createConfigFile();
tokenCreator = TokenCreator.getInstance(config);
servlet = new TestServlet();
- shiroConfiguration = loadShiroConfig(TESTSHIROCONFIGFILE);
} catch (IOException | InvalidConfigurationException e) {
fail(e.getMessage());
}
servlet.setDataBroker(dataBroker);
- servlet.setOdlAuthenticator(odlAuthenticator);
- servlet.setOdlIdentityService(odlIdentityService);
- servlet.setShiroConfiguration(shiroConfiguration);
+ passwordCredentialAuth = mock(PasswordCredentialAuth.class);
+
+ servlet.setPasswordCredentialAuth(passwordCredentialAuth);
}
private static DataBroker loadDynamicMdsalAuthDataBroker() {
@@ -170,7 +176,33 @@ public class TestAuthHttpServlet {
when(req.getRequestURI()).thenReturn("/oauth/login");
when(req.getParameter("username")).thenReturn("admin");
when(req.getParameter("password")).thenReturn("admin");
- when(odlAuthenticator.authenticate(any(HeadersOnlyHttpServletRequest.class))).thenReturn(true);
+ Claim claim = new Claim() {
+ @Override
+ public String clientId() {
+ return "admin";
+ }
+
+ @Override
+ public String userId() {
+ return "admin";
+ }
+
+ @Override
+ public String user() {
+ return null;
+ }
+
+ @Override
+ public String domain() {
+ return "sdn";
+ }
+
+ @Override
+ public Set<String> roles() {
+ return Set.of("admin");
+ }
+ };
+ when(passwordCredentialAuth.authenticate(any(PasswordCredentials.class))).thenReturn(claim);
HttpServletResponse resp = mock(HttpServletResponse.class);
ServletOutputStreamToByteArrayOutputStream printOut = new ServletOutputStreamToByteArrayOutputStream();
try {
@@ -207,6 +239,9 @@ public class TestAuthHttpServlet {
}
@Test
+/*
+ @Ignore
+*/
public void testPoliciesAnon() {
HttpServletRequest req = mock(HttpServletRequest.class);
@@ -267,13 +302,13 @@ public class TestAuthHttpServlet {
assertEquals(9, anonPolicies.length);
OdlPolicy pApidoc = find(anonPolicies, "/apidoc/**");
assertNotNull(pApidoc);
- assertAllEquals(true, pApidoc);
+ assertAllEquals(false, pApidoc);
OdlPolicy pOauth = find(anonPolicies, "/oauth/**");
assertNotNull(pOauth);
assertAllEquals(true, pOauth);
OdlPolicy pRestconf = find(anonPolicies, "/rests/**");
assertNotNull(pRestconf);
- assertAllEquals(true, pRestconf);
+ assertAllEquals(false, pRestconf);
}
@Test
@@ -353,7 +388,7 @@ public class TestAuthHttpServlet {
private static final long serialVersionUID = 1L;
public TestServlet() throws IllegalArgumentException, Exception {
- super();
+ super(TESTSHIROCONFIGFILE);
}
@Override
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java
index 80ae8cf95..80ae8cf95 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java
index 421b61919..421b61919 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
index 6c2390ea0..6c2390ea0 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
index acc7c6b36..acc7c6b36 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java
index 31d72944c..31d72944c 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java
index 2d03bab1d..2d03bab1d 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java
index 84d8e0a96..84d8e0a96 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java
index c1d3fd1ea..ebf01a1ba 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java
@@ -31,8 +31,6 @@ import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
-import java.util.function.Supplier;
-
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
@@ -48,50 +46,44 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
import org.opendaylight.aaa.api.Authentication;
-import org.opendaylight.aaa.api.AuthenticationService;
import org.opendaylight.aaa.api.TokenStore;
import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal;
import org.opendaylight.aaa.shiro.realm.TokenAuthRealm;
import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationManager;
import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
-import org.opendaylight.mdsal.binding.api.DataBroker;
public class TestRealm {
private static OAuth2RealmToTest realm;
private static TokenCreator tokenCreator;
- private static final AuthenticationManager authManager = new AuthenticationManager();
- private static final TokenAuthenticators tokenAuth = new TokenAuthenticators();
-
- private static final TokenStore tokenStore = new TokenStore(){
-
- @Override
- public void put(String token, Authentication auth) {
-
- }
-
- @Override
- public Authentication get(String token) {
- return null;
- }
-
- @Override
- public boolean delete(String token) {
- return false;
- }
-
- @Override
- public long tokenExpiration() {
- return 0;
- }
- };
@BeforeClass
public static void init() throws IllegalArgumentException, Exception {
- TokenAuthRealm.prepareForLoad(authManager,tokenAuth,tokenStore);
+
try {
Config config = Config.getInstance(TestConfig.TEST_CONFIG_FILENAME);
tokenCreator = TokenCreator.getInstance(config);
+ TokenAuthRealm.prepareForLoad(new AuthenticationManager(), new TokenAuthenticators(), new TokenStore() {
+ @Override
+ public void put(String token, Authentication auth) {
+
+ }
+
+ @Override
+ public Authentication get(String token) {
+ return null;
+ }
+
+ @Override
+ public boolean delete(String token) {
+ return false;
+ }
+
+ @Override
+ public long tokenExpiration() {
+ return 0;
+ }
+ });
realm = new OAuth2RealmToTest();
} catch (IOException e) {
fail(e.getMessage());
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java
index b0cc0253b..7d51b2fe8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java
@@ -42,12 +42,12 @@ public class OdlJsonMapper extends ObjectMapper {
this.enable(MapperFeature.USE_GETTERS_AS_SETTERS);
YangToolsBuilderAnnotationIntrospector introspector = new YangToolsBuilderAnnotationIntrospector();
//introspector.addDeserializer(Main.class, ShiroMainBuilder.class.getName());
- introspector.addDeserializer(Permissions.class,PermissionsBuilder.class.getName());
+ //introspector.addDeserializer(Permissions.class,PermissionsBuilder.class.getName());
this.setAnnotationIntrospector(introspector);
this.registerModule(new YangToolsModule());
}
- public static class PermissionsBuilder {
+ /* public static class PermissionsBuilder implements Builder<Permissions> {
private Permissions _value;
public PermissionsBuilder() {
@@ -57,9 +57,9 @@ public class OdlJsonMapper extends ObjectMapper {
this._value = value;
}
-
+ @Override
public Permissions build() {
return this._value;
}
- }
+ }*/
}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java
index b965878e8..b965878e8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java
diff --git a/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml
new file mode 100644
index 000000000..e46508d68
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" ?>
+
+
+<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+
+
+ <main>
+ <pair-key>tokenAuthRealm</pair-key>
+ <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
+ </main>
+
+ <main>
+ <pair-key>securityManager.realms</pair-key>
+ <pair-value>$tokenAuthRealm</pair-value>
+ </main>
+
+ <main>
+ <pair-key>anyroles</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value>
+ </main>
+ <main>
+ <pair-key>authcBearer</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
+ </main>
+
+ <main>
+ <pair-key>accountingListener</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
+ </main>
+ <main>
+ <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
+ <pair-value>$accountingListener</pair-value>
+ </main>
+
+ <main>
+ <pair-key>dynamicAuthorization</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
+ </main>
+
+ <urls>
+ <pair-key>/**/operations/cluster-admin**</pair-key>
+ <pair-value>dynamicAuthorization</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/**/v1/**</pair-key>
+ <pair-value>authcBearer, roles[admin]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/**/config/aaa*/**</pair-key>
+ <pair-value>authcBearer, roles[admin]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/oauth/**</pair-key>
+ <pair-value>anon</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/odlux/**</pair-key>
+ <pair-value>anon</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/apidoc/**</pair-key>
+ <pair-value>authcBasic, roles[admin]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/test123/**</pair-key>
+ <pair-value>authcBasic</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/rests/**</pair-key>
+ <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
+ </urls>
+ <urls>
+ <pair-key>/**</pair-key>
+ <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
+ </urls>
+</shiro-configuration>
+
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key
index c0c15e014..c0c15e014 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub
index add863aef..add863aef 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key
index 6b4e8c7bc..6b4e8c7bc 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub
index 7191c95f8..7191c95f8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json
index a1627682b..a1627682b 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json
index 85fc37cc8..85fc37cc8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json
index 0a6bd7231..0a6bd7231 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json
index b08332b41..b08332b41 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json
index c62ed9458..c62ed9458 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json
index 4e5707fa1..4e5707fa1 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json
index a55576b9e..a55576b9e 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json
index 30b80c45a..30b80c45a 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json
index 02a4e8f5f..02a4e8f5f 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json
index eddc6c362..eddc6c362 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json
diff --git a/sdnr/wt/oauth-provider/provider-osgi/pom.xml b/sdnr/wt/oauth-provider/oauth-realm/pom.xml
index 99634cbeb..7cd840cbc 100644
--- a/sdnr/wt/oauth-provider/provider-osgi/pom.xml
+++ b/sdnr/wt/oauth-provider/oauth-realm/pom.xml
@@ -22,6 +22,7 @@
~ ============LICENSE_END=======================================================
~
-->
+
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
@@ -33,8 +34,8 @@
</parent>
<groupId>org.onap.ccsdk.features.sdnr.wt</groupId>
- <artifactId>sdnr-wt-oauth-provider</artifactId>
- <version>1.6.0-SNAPSHOT</version>
+ <artifactId>sdnr-wt-oauth-realm</artifactId>
+ <version>1.6.3-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>ccsdk-features :: ${project.artifactId}</name>
@@ -53,7 +54,7 @@
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
- <artifactId>sdnr-wt-oauth-provider-jar</artifactId>
+ <artifactId>sdnr-wt-oauth-core</artifactId>
<version>${project.version}</version>
<exclusions>
<exclusion>
@@ -88,8 +89,6 @@
<Export-Package>
org.onap.ccsdk.features.sdnr.wt.oauthprovider;version=${project.version},
org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;version=${project.version},
- org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;version=${project.version},
- org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client;version=${project.version},
org.onap.ccsdk.features.sdnr.wt.oauthprovider.data;version=${project.version},
org.onap.ccsdk.features.sdnr.wt.oauthprovider.services;version=${project.version}
</Export-Package>
@@ -108,22 +107,22 @@
javax.xml.parsers,
javax.xml.namespace,
javax.xml.transform.stream,
+ org.apache.commons.codec.binary,
+ org.apache.shiro,
org.apache.shiro.authc,
org.apache.shiro.authz,
org.apache.shiro.realm,
org.apache.shiro.subject,
+ org.apache.shiro.web.filter.authc,
org.apache.shiro.web.filter.authz,
+ org.apache.shiro.web.util,
org.jolokia.osgi.security,
org.onap.ccsdk.features.sdnr.wt.common.http,
org.opendaylight.aaa.api,
org.opendaylight.aaa.api.shiro.principal,
org.opendaylight.aaa.shiro.realm,
- org.opendaylight.aaa.shiro.filters,
- org.opendaylight.aaa.shiro.web.env,
org.opendaylight.mdsal.binding.api,
org.opendaylight.mdsal.common.api,
- org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619,
- org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration,
org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214,
org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization,
org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies,
@@ -131,7 +130,7 @@
org.opendaylight.yangtools.concepts,
org.opendaylight.yangtools.yang.binding,
org.opendaylight.yangtools.yang.common,
- org.osgi.service.http,
+ org.slf4j,
com.fasterxml.jackson.databind,
com.fasterxml.jackson.databind.deser.std,
com.fasterxml.jackson.databind.ser.std,
@@ -139,7 +138,6 @@
com.fasterxml.jackson.annotation,
com.fasterxml.jackson.core.type,
com.fasterxml.jackson.core,
- org.apache.commons.codec.binary,
com.google.common.base,
com.google.common.collect,
com.google.common.util.concurrent
@@ -147,7 +145,7 @@
<Embed-Dependency>*;scope=compile|runtime;inline=false</Embed-Dependency>
<Embed-Dependency>*;scope=compile|runtime;artifactId=!shiro-core;inline=false</Embed-Dependency>
<Embed-Transitive>true</Embed-Transitive>
- <Fragment-Host>org.opendaylight.aaa.repackaged-shiro</Fragment-Host>
+ <Fragment-Host>org.opendaylight.aaa.shiro</Fragment-Host>
</instructions>
</configuration>
</plugin>
diff --git a/sdnr/wt/oauth-provider/oauth-web/pom.xml b/sdnr/wt/oauth-provider/oauth-web/pom.xml
new file mode 100644
index 000000000..668f92fd8
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-web/pom.xml
@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ ============LICENSE_START=======================================================
+ ~ ONAP : ccsdk features
+ ~ ================================================================================
+ ~ Copyright (C) 2019 highstreet technologies GmbH Intellectual Property.
+ ~ All rights reserved.
+ ~ ================================================================================
+ ~ Update Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ ~ ================================================================================
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ ~ ============LICENSE_END=======================================================
+ ~
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.onap.ccsdk.parent</groupId>
+ <artifactId>binding-parent</artifactId>
+ <version>2.6.1</version>
+ <relativePath/>
+ </parent>
+
+ <groupId>org.onap.ccsdk.features.sdnr.wt</groupId>
+ <artifactId>sdnr-wt-oauth-web</artifactId>
+ <version>1.6.3-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+
+ <name>ccsdk-features :: ${project.artifactId}</name>
+ <licenses>
+ <license>
+ <name>Apache License, Version 2.0</name>
+ <url>http://www.apache.org/licenses/LICENSE-2.0</url>
+ </license>
+ </licenses>
+
+ <properties>
+ <maven.javadoc.skip>true</maven.javadoc.skip>
+ <checkstyle.skip>true</checkstyle.skip>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>sdnr-wt-oauth-core</artifactId>
+ <version>${project.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>aaa-shiro</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>aaa-shiro</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-web</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>sdnr-wt-common</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
+ <Bundle-Version>${project.version}</Bundle-Version>
+ <Export-Package>
+ org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;version=${project.version},
+ org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client;version=${project.version}
+ </Export-Package>
+ <Import-Package>
+ javax.servlet,
+ javax.servlet.http,
+ javax.net.ssl,
+ javax.crypto,
+ javax.crypto.spec,
+ javax.xml.transform,
+ javax.xml.datatype,
+ javax.management,
+ javax.security.auth,
+ javax.security.auth.login,
+ javax.security.auth.callback,
+ javax.xml.parsers,
+ javax.xml.namespace,
+ javax.xml.transform.stream,
+ org.apache.commons.codec.binary,
+ org.apache.shiro,
+ org.apache.shiro.authc,
+ org.apache.shiro.authz,
+ org.apache.shiro.config,
+ org.apache.shiro.realm,
+ org.apache.shiro.subject,
+ org.apache.shiro.web.env,
+ org.apache.shiro.web.filter.authz,
+ org.jolokia.osgi.security,
+ org.onap.ccsdk.features.sdnr.wt.common.http,
+ org.onap.ccsdk.features.sdnr.wt.yang.mapper.mapperextensions,
+ org.opendaylight.aaa.api,
+ org.opendaylight.aaa.api.shiro.principal,
+ org.opendaylight.aaa.shiro.realm,
+ org.opendaylight.aaa.shiro.web.env,
+ org.opendaylight.aaa.tokenauthrealm.auth,
+ org.opendaylight.mdsal.binding.api,
+ org.opendaylight.mdsal.common.api,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.permission,
+ org.opendaylight.yangtools.concepts,
+ org.opendaylight.yangtools.yang.binding,
+ org.opendaylight.yangtools.yang.common,
+ org.osgi.service.http,
+ org.slf4j,
+ com.fasterxml.jackson.databind,
+ com.fasterxml.jackson.databind.deser.std,
+ com.fasterxml.jackson.databind.ser.std,
+ com.fasterxml.jackson.databind.module,
+ com.fasterxml.jackson.dataformat.xml,
+ com.fasterxml.jackson.annotation,
+ com.fasterxml.jackson.core.type,
+ com.fasterxml.jackson.core,
+ com.google.common.base,
+ com.google.common.collect,
+ com.google.common.util.concurrent
+ </Import-Package>
+ <!-- <Embed-Dependency>*;scope=compile|runtime;inline=false</Embed-Dependency>-->
+ <Embed-Dependency>*;scope=compile|runtime;artifactId=sdnr-wt-oauth-core,java-jwt,bcprov-jdk15on,aaa-shiro;inline=false</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml b/sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml
index a8258dc8b..c782e3ee1 100644
--- a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml
+++ b/sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml
@@ -26,32 +26,16 @@
<blueprint xmlns:odl="http://opendaylight.org/xmlns/blueprint/v1.0.0"
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" odl:use-default-for-reference-types="true">
- <reference id="odlAuthenticator" interface="org.jolokia.osgi.security.Authenticator" />
-
- <reference id="odlIdentityService" interface="org.opendaylight.aaa.api.IdMService" />
-
- <reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker" />
-
- <bean id="provider" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.Helper" init-method="init" destroy-method="close">
- <property ref="odlAuthenticator" name="odlAuthenticator" />
- <property ref="odlIdentityService" name="odlIdentityService" />
- <property ref="shiroConfiguration" name="shiroConfiguration" />
- <property ref="dataBroker" name="dataBroker" />
- </bean>
-
+ <reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker"/>
+ <reference id="passwordCredentialAuth" interface="org.opendaylight.aaa.api.PasswordCredentialAuth"/>
<reference id="onBindService" availability="mandatory" activation="eager" interface="org.osgi.service.http.HttpService">
- <reference-listener ref="provider" bind-method="onBindService" unbind-method="onUnbindService"/>
+ <reference-listener ref="authServlet" bind-method="onBindService" unbind-method="onUnbindService"/>
</reference>
- <odl:clustered-app-config
- binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration"
- id="shiroConfiguration" default-config-file-name="aaa-app-config.xml" />
-
- <bean id="authServlet" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet">
- <property ref="odlAuthenticator" name="odlAuthenticator" />
- <property ref="odlIdentityService" name="odlIdentityService" />
- <property ref="shiroConfiguration" name="shiroConfiguration" />
- <property ref="dataBroker" name="dataBroker" />
+ <bean id="authServlet"
+ class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet">
+ <property ref="dataBroker" name="dataBroker" />
+ <property ref="passwordCredentialAuth" name="passwordCredentialAuth" />
</bean>
</blueprint>
diff --git a/sdnr/wt/oauth-provider/pom.xml b/sdnr/wt/oauth-provider/pom.xml
index 587d9679f..764c50c8d 100755
--- a/sdnr/wt/oauth-provider/pom.xml
+++ b/sdnr/wt/oauth-provider/pom.xml
@@ -34,14 +34,15 @@
<groupId>org.onap.ccsdk.features.sdnr.wt</groupId>
<artifactId>sdnr-wt-oauth-provider-top</artifactId>
- <version>1.6.0-SNAPSHOT</version>
+ <version>1.6.3-SNAPSHOT</version>
<packaging>pom</packaging>
<name>ccsdk-features :: ${project.artifactId}</name>
<modules>
- <module>provider-jar</module>
- <module>provider-osgi</module>
+ <module>oauth-core</module>
+ <module>oauth-realm</module>
+ <module>oauth-web</module>
</modules>
<properties>
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java
deleted file mode 100644
index 38947a124..000000000
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.onap.ccsdk.features.sdnr.wt.oauthprovider;
-
-import org.jolokia.osgi.security.Authenticator;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet;
-import org.opendaylight.aaa.api.IdMService;
-import org.opendaylight.mdsal.binding.api.DataBroker;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
-import org.osgi.service.http.HttpService;
-import org.osgi.service.http.NamespaceException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.ServletException;
-import java.io.IOException;
-
-public class Helper {
-
- private static final Logger LOG = LoggerFactory.getLogger(Helper.class);
- private AuthHttpServlet authServlet;
-
- public Helper() throws UnableToConfigureOAuthService, IOException, InvalidConfigurationException {
- this.authServlet = new AuthHttpServlet();
-
- }
-
- public void onUnbindService(HttpService httpService) {
- httpService.unregister(AuthHttpServlet.BASEURI);
- this.authServlet = null;
- }
-
- public void onBindService(HttpService httpService)
- throws ServletException, NamespaceException {
- if (httpService == null) {
- LOG.warn("Unable to inject HttpService into loader.");
- } else {
- httpService.registerServlet(AuthHttpServlet.BASEURI, authServlet, null, null);
- LOG.info("auth servlet registered.");
- }
- }
-
- public void setOdlAuthenticator(Authenticator odlAuthenticator) {
- authServlet.setOdlAuthenticator(odlAuthenticator);
- }
-
- public void setOdlIdentityService(IdMService odlIdentityService) {
- this.authServlet.setOdlIdentityService(odlIdentityService);
- }
-
- public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) {
- this.authServlet.setShiroConfiguration(shiroConfiguration);
- }
-
- public void setDataBroker(DataBroker dataBroker) {
- this.authServlet.setDataBroker(dataBroker);
- }
-
- public void init() {
-
- }
-
- public void close() {
-
- }
-}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml
deleted file mode 100644
index 1929fde8e..000000000
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml
+++ /dev/null
@@ -1,353 +0,0 @@
-<?xml version="1.0" ?>
-<!--
- Copyright (c) 2017 Inocybe Technologies and others. All rights reserved.
-
- This program and the accompanying materials are made available under the
- terms of the Eclipse Public License v1.0 which accompanies this distribution,
- and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License,
- Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0
- SPDX-License-Identifier: EPL-1.0 OR Apache-2.0
--->
-
-<!--
- ///////////////////////////////////////////////////////////////////////////////////////
- // clustered-app-config instance responsible for AAA configuration. In the future, //
- // this will contain all AAA related configuration. //
- ///////////////////////////////////////////////////////////////////////////////////////
--->
-
-<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
-
- <!--
- ///////////////////////////////////////////////////////////////////////////////////
- // shiro-configuration is the model based container that contains all shiro //
- // related information used in ODL AAA configuration. It is the sole pain of //
- // glass for shiro related configuration, and is how to configure shiro concepts //
- // such as: //
- // * realms //
- // * urls //
- // * security manager settings //
- // //
- // In general, you really shouldn't muck with the settings in this file. The //
- // way an operator should configure AAA shiro settings is through one of ODL's //
- // northbound interfaces (i.e., RESTCONF or NETCONF). These are just the //
- // defaults if no values are specified in MD-SAL. The reason this file is so //
- // verbose is for two reasons: //
- // 1) to demonstrate payload examples for plausible configuration scenarios //
- // 2) to allow bootstrap of the controller (first time start) since otherwise //
- // configuration becomes a chicken and the egg problem. //
- // //
- ///////////////////////////////////////////////////////////////////////////////////
- -->
-
- <!--
- ===================================================================================
- = =
- = =
- = MAIN =
- = =
- = =
- ===================================================================================
- -->
-
- <!--
- ===================================================================================
- ============================ ODLJndiLdapRealmAuthNOnly ============================
- ===================================================================================
- = =
- = Description: A Realm implementation aimed at federating with an external LDAP =
- = server for authentication only. For authorization support, refer =
- = to ODLJndiLdapRealm. =
- ===================================================================================
- -->
- <!-- Start ldapRealm commented out
- <main>
- <pair-key>ldapRealm</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value>
- </main>
- <main>
- <pair-key>ldapRealm.userDnTemplate</pair-key>
- <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value>
- </main>
- <main>
- <pair-key>ldapRealm.contextFactory.url</pair-key>
- <pair-value>ldap://&lt;URL&gt;:389</pair-value>
- </main>
- <main>
- <pair-key>ldapRealm.searchBase</pair-key>
- <pair-value>dc=DOMAIN,dc=TLD</pair-value>
- </main>
- <main>
- <pair-key>ldapRealm.groupRolesMap</pair-key>
- <pair-value>&quot;person&quot;:&quot;admin&quot;, &quot;organizationalPerson&quot;:&quot;user&quot;</pair-value>
- </main>
- <main>
- <pair-key>ldapRealm.ldapAttributeForComparison</pair-key>
- <pair-value>objectClass</pair-value>
- </main>
- End ldapRealm commented out-->
-
- <!--
- ===================================================================================
- ============================= ODLActiveDirectoryRealm =============================
- ===================================================================================
- = =
- = Description: A Realm implementation aimed at federating with an external AD =
- = IDP server. =
- ===================================================================================
- -->
- <!-- Start adRealm commented out
- <main>
- <pair-key>adRealm</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value>
- </main>
- <main>
- <pair-key>adRealm.searchBase</pair-key>
- <pair-value>&quot;CN=Users,DC=example,DC=com&quot;</pair-value>
- </main>
- <main>
- <pair-key>adRealm.systemUsername</pair-key>
- <pair-value>aduser@example.com</pair-value>
- </main>
- <main>
- <pair-key>adRealm.systemPassword</pair-key>
- <pair-value>adpassword</pair-value>
- </main>
- <main>
- <pair-key>adRealm.url</pair-key>
- <pair-value>ldaps://adserver:636</pair-value>
- </main>
- <main>
- <pair-key>adRealm.groupRolesMap</pair-key>
- <pair-value>&quot;CN=sysadmin,CN=Users,DC=example,DC=com&quot;:&quot;admin&quot;, &quot;CN=unprivileged,CN=Users,DC=example,DC=com&quot;:&quot;user&quot;</pair-value>
- </main>
- End adRealm commented out-->
-
- <!--
- ===================================================================================
- ================================== ODLJdbcRealm ===================================
- ===================================================================================
- = =
- = Description: A Realm implementation aimed at federating with an external JDBC =
- = DBMS. =
- ===================================================================================
- -->
- <!-- Start jdbcRealm commented out
- <main>
- <pair-key>ds</pair-key>
- <pair-value>com.mysql.jdbc.Driver</pair-value>
- </main>
- <main>
- <pair-key>ds.serverName</pair-key>
- <pair-value>localhost</pair-value>
- </main>
- <main>
- <pair-key>ds.user</pair-key>
- <pair-value>user</pair-value>
- </main>
- <main>
- <pair-key>ds.password</pair-key>
- <pair-value>password</pair-value>
- </main>
- <main>
- <pair-key>ds.databaseName</pair-key>
- <pair-value>db_name</pair-value>
- </main>
- <main>
- <pair-key>jdbcRealm</pair-key>
- <pair-value>ODLJdbcRealm</pair-value>
- </main>
- <main>
- <pair-key>jdbcRealm.dataSource</pair-key>
- <pair-value>$ds</pair-value>
- </main>
- <main>
- <pair-key>jdbcRealm.authenticationQuery</pair-key>
- <pair-value>&quot;SELECT password FROM users WHERE user_name = ?&quot;</pair-value>
- </main>
- <main>
- <pair-key>jdbcRealm.userRolesQuery</pair-key>
- <pair-value>&quot;SELECT role_name FROM user_rolesWHERE user_name = ?&quot;</pair-value>
- </main>
- End jdbcRealm commented out-->
-
- <!--
- ===================================================================================
- ================================= TokenAuthRealm ==================================
- ===================================================================================
- = =
- = Description: A Realm implementation utilizing a per node H2 database store. =
- ===================================================================================
- -->
-<!-- <main> -->
-<!-- <pair-key>tokenAuthRealm</pair-key> -->
-<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
-<!-- </main> -->
- <main>
- <pair-key>tokenAuthRealm</pair-key>
- <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
- </main>
-
- <!--
- ===================================================================================
- =================================== MdsalRealm ====================================
- ===================================================================================
- = =
- = Description: A Realm implementation utilizing the aaa.yang model. =
- ===================================================================================
- -->
- <!-- Start mdsalRealm commented out
- <main>
- <pair-key>mdsalRealm</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value>
- </main>
- End mdsalRealm commented out-->
-
- <!--
- ===================================================================================
- ================================= MoonAuthRealm ===================================
- ===================================================================================
- = =
- = Description: A Realm implementation aimed at federating with OPNFV Moon. =
- ===================================================================================
- -->
- <!-- Start moonAuthRealm commented out
- <main>
- <pair-key>moonAuthRealm</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value>
- </main>
- <main>
- <pair-key>moonAuthRealm.moonServerURL</pair-key>
- <pair-value>http://&lt;host&gt;:&lt;port&gt;</pair-value>
- </main>
- End moonAuthRealm commented out-->
-
- <!--
- ===================================================================================
- ================================= KeystoneAuthRealm == ============================
- ===================================================================================
- = =
- = Description: A Realm implementation aimed at federating with an OpenStack =
- = Keystone. =
- ===================================================================================
- -->
- <!-- Start keystoneAuthRealm commented out
- <main>
- <pair-key>keystoneAuthRealm</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value>
- </main>
- <main>
- <pair-key>keystoneAuthRealm.url</pair-key>
- <pair-value>https://&lt;host&gt;:&lt;port&gt;</pair-value>
- </main>
- <main>
- <pair-key>keystoneAuthRealm.sslVerification</pair-key>
- <pair-value>true</pair-value>
- </main>
- <main>
- <pair-key>keystoneAuthRealm.defaultDomain</pair-key>
- <pair-value>Default</pair-value>
- </main>
- -->
-
- <!--
- Add tokenAuthRealm as the only realm. To enable mdsalRealm, add it to the list to he right of tokenAuthRealm.
- -->
- <main>
- <pair-key>securityManager.realms</pair-key>
- <pair-value>$tokenAuthRealm</pair-value>
- </main>
- <!-- Used to support OAuth2 use case. -->
- <main>
- <pair-key>authcBasic</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
- </main>
- <main>
- <pair-key>anyroles</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value>
- </main>
- <main>
- <pair-key>authcBearer</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
- </main>
-
- <!-- Start moonAuthRealm commented out
- <main>
- <pair-key>rest</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value>
- </main>
- End moonAuthRealm commented out-->
-
- <!-- in order to track AAA challenge attempts -->
- <main>
- <pair-key>accountingListener</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
- </main>
- <main>
- <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
- <pair-value>$accountingListener</pair-value>
- </main>
-
- <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
- <main>
- <pair-key>dynamicAuthorization</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
- </main>
-<!-- <main> -->
-<!-- <pair-key>securityManager.sessionManager.sessionIdCookieEnabled</pair-key> -->
-<!-- <pair-value>false</pair-value> -->
-<!-- </main> -->
-
- <!--
- ===================================================================================
- = =
- = =
- = URLS =
- = =
- = =
- ===================================================================================
- -->
- <!-- Start moonAuthRealm commented out
- <urls>
- <pair-key>/token</pair-key>
- <pair-value>rest</pair-value>
- </urls>
- End moonAuthRealm commented out-->
- <urls>
- <pair-key>/**/operations/cluster-admin**</pair-key>
- <pair-value>dynamicAuthorization</pair-value>
- </urls>
- <urls>
- <pair-key>/**/v1/**</pair-key>
- <pair-value>authcBearer, roles[admin]</pair-value>
- </urls>
- <urls>
- <pair-key>/**/config/aaa*/**</pair-key>
- <pair-value>authcBearer, roles[admin]</pair-value>
- </urls>
- <urls>
- <pair-key>/oauth/**</pair-key>
- <pair-value>anon</pair-value>
- </urls>
- <urls>
- <pair-key>/odlux/**</pair-key>
- <pair-value>anon</pair-value>
- </urls>
- <urls>
- <pair-key>/apidoc/**</pair-key>
- <pair-value>authcBasic, roles[admin]</pair-value>
- </urls>
- <urls>
- <pair-key>/test123/**</pair-key>
- <pair-value>authcBasic</pair-value>
- </urls>
- <urls>
- <pair-key>/rests/**</pair-key>
- <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
- </urls>
- <urls>
- <pair-key>/**</pair-key>
- <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
- </urls>
-</shiro-configuration>
-