diff options
Diffstat (limited to 'sdnr/wt')
| -rw-r--r-- | sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml | 262 |
1 files changed, 6 insertions, 256 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml index 017c7439d..682fa3728 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml @@ -4,7 +4,10 @@ This program and the accompanying materials are made available under the terms of the Eclipse Public License v1.0 which accompanies this distribution, - and is available at http://www.eclipse.org/legal/epl-v10.html + and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License, + Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0 + + SPDX-License-Identifier: EPL-1.0 OR Apache-2.0 --> <!-- @@ -14,243 +17,15 @@ /////////////////////////////////////////////////////////////////////////////////////// --> -<shiro-configuration xmlns="urn:opendaylight:aaa:app:config"> - - <!-- - /////////////////////////////////////////////////////////////////////////////////// - // shiro-configuration is the model based container that contains all shiro // - // related information used in ODL AAA configuration. It is the sole pain of // - // glass for shiro related configuration, and is how to configure shiro concepts // - // such as: // - // * realms // - // * urls // - // * security manager settings // - // // - // In general, you really shouldn't muck with the settings in this file. The // - // way an operator should configure AAA shiro settings is through one of ODL's // - // northbound interfaces (i.e., RESTCONF or NETCONF). These are just the // - // defaults if no values are specified in MD-SAL. The reason this file is so // - // verbose is for two reasons: // - // 1) to demonstrate payload examples for plausible configuration scenarios // - // 2) to allow bootstrap of the controller (first time start) since otherwise // - // configuration becomes a chicken and the egg problem. // - // // - /////////////////////////////////////////////////////////////////////////////////// - --> - - <!-- - =================================================================================== - = = - = = - = MAIN = - = = - = = - =================================================================================== - --> - - <!-- - =================================================================================== - ============================ ODLJndiLdapRealmAuthNOnly ============================ - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with an external LDAP = - = server for authentication only. For authorization support, refer = - = to ODLJndiLdapRealm. = - =================================================================================== - --> - <!-- Start ldapRealm commented out - <main> - <pair-key>ldapRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value> - </main> - <main> - <pair-key>ldapRealm.userDnTemplate</pair-key> - <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value> - </main> - <main> - <pair-key>ldapRealm.contextFactory.url</pair-key> - <pair-value>ldap://<URL>:389</pair-value> - </main> - <main> - <pair-key>ldapRealm.searchBase</pair-key> - <pair-value>dc=DOMAIN,dc=TLD</pair-value> - </main> - <main> - <pair-key>ldapRealm.groupRolesMap</pair-key> - <pair-value>"person":"admin", "organizationalPerson":"user"</pair-value> - </main> - <main> - <pair-key>ldapRealm.ldapAttributeForComparison</pair-key> - <pair-value>objectClass</pair-value> - </main> - End ldapRealm commented out--> - <!-- - =================================================================================== - ============================= ODLActiveDirectoryRealm ============================= - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with an external AD = - = IDP server. = - =================================================================================== - --> - <!-- Start adRealm commented out - <main> - <pair-key>adRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value> - </main> - <main> - <pair-key>adRealm.searchBase</pair-key> - <pair-value>"CN=Users,DC=example,DC=com"</pair-value> - </main> - <main> - <pair-key>adRealm.systemUsername</pair-key> - <pair-value>aduser@example.com</pair-value> - </main> - <main> - <pair-key>adRealm.systemPassword</pair-key> - <pair-value>adpassword</pair-value> - </main> - <main> - <pair-key>adRealm.url</pair-key> - <pair-value>ldaps://adserver:636</pair-value> - </main> - <main> - <pair-key>adRealm.groupRolesMap</pair-key> - <pair-value>"CN=sysadmin,CN=Users,DC=example,DC=com":"admin", "CN=unprivileged,CN=Users,DC=example,DC=com":"user"</pair-value> - </main> - End adRealm commented out--> +<shiro-configuration xmlns="urn:opendaylight:aaa:app:config"> - <!-- - =================================================================================== - ================================== ODLJdbcRealm =================================== - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with an external JDBC = - = DBMS. = - =================================================================================== - --> - <!-- Start jdbcRealm commented out - <main> - <pair-key>ds</pair-key> - <pair-value>com.mysql.jdbc.Driver</pair-value> - </main> - <main> - <pair-key>ds.serverName</pair-key> - <pair-value>localhost</pair-value> - </main> - <main> - <pair-key>ds.user</pair-key> - <pair-value>user</pair-value> - </main> - <main> - <pair-key>ds.password</pair-key> - <pair-value>password</pair-value> - </main> - <main> - <pair-key>ds.databaseName</pair-key> - <pair-value>db_name</pair-value> - </main> - <main> - <pair-key>jdbcRealm</pair-key> - <pair-value>ODLJdbcRealm</pair-value> - </main> - <main> - <pair-key>jdbcRealm.dataSource</pair-key> - <pair-value>$ds</pair-value> - </main> - <main> - <pair-key>jdbcRealm.authenticationQuery</pair-key> - <pair-value>"SELECT password FROM users WHERE user_name = ?"</pair-value> - </main> - <main> - <pair-key>jdbcRealm.userRolesQuery</pair-key> - <pair-value>"SELECT role_name FROM user_rolesWHERE user_name = ?"</pair-value> - </main> - End jdbcRealm commented out--> - <!-- - =================================================================================== - ================================= TokenAuthRealm ================================== - =================================================================================== - = = - = Description: A Realm implementation utilizing a per node H2 database store. = - =================================================================================== - --> -<!-- <main> --> -<!-- <pair-key>tokenAuthRealm</pair-key> --> -<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> --> -<!-- </main> --> <main> <pair-key>tokenAuthRealm</pair-key> <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value> </main> - <!-- - =================================================================================== - =================================== MdsalRealm ==================================== - =================================================================================== - = = - = Description: A Realm implementation utilizing the aaa.yang model. = - =================================================================================== - --> - <!-- Start mdsalRealm commented out - <main> - <pair-key>mdsalRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value> - </main> - End mdsalRealm commented out--> - - <!-- - =================================================================================== - ================================= MoonAuthRealm =================================== - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with OPNFV Moon. = - =================================================================================== - --> - <!-- Start moonAuthRealm commented out - <main> - <pair-key>moonAuthRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value> - </main> - <main> - <pair-key>moonAuthRealm.moonServerURL</pair-key> - <pair-value>http://<host>:<port></pair-value> - </main> - End moonAuthRealm commented out--> - - <!-- - =================================================================================== - ================================= KeystoneAuthRealm == ============================ - =================================================================================== - = = - = Description: A Realm implementation aimed at federating with an OpenStack = - = Keystone. = - =================================================================================== - --> - <!-- Start keystoneAuthRealm commented out - <main> - <pair-key>keystoneAuthRealm</pair-key> - <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value> - </main> - <main> - <pair-key>keystoneAuthRealm.url</pair-key> - <pair-value>https://<host>:<port></pair-value> - </main> - <main> - <pair-key>keystoneAuthRealm.sslVerification</pair-key> - <pair-value>true</pair-value> - </main> - <main> - <pair-key>keystoneAuthRealm.defaultDomain</pair-key> - <pair-value>Default</pair-value> - </main> - --> - - <!-- - Add tokenAuthRealm as the only realm. To enable mdsalRealm, add it to the list to he right of tokenAuthRealm. - --> <main> <pair-key>securityManager.realms</pair-key> <pair-value>$tokenAuthRealm</pair-value> @@ -268,13 +43,6 @@ <pair-key>authcBearer</pair-key> <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value> </main> - - <!-- Start moonAuthRealm commented out - <main> - <pair-key>rest</pair-key> - <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value> - </main> - End moonAuthRealm commented out--> <!-- in order to track AAA challenge attempts --> <main> @@ -291,26 +59,8 @@ <pair-key>dynamicAuthorization</pair-key> <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value> </main> -<!-- <main> --> -<!-- <pair-key>securityManager.sessionManager.sessionIdCookieEnabled</pair-key> --> -<!-- <pair-value>false</pair-value> --> -<!-- </main> --> - <!-- - =================================================================================== - = = - = = - = URLS = - = = - = = - =================================================================================== - --> - <!-- Start moonAuthRealm commented out - <urls> - <pair-key>/token</pair-key> - <pair-value>rest</pair-value> - </urls> - End moonAuthRealm commented out--> + <urls> <pair-key>/**/operations/cluster-admin**</pair-key> <pair-value>dynamicAuthorization</pair-value> |