fix oauth startup issues

add boot feature into repo. fix oauth config

Issue-ID: SDNC-1838
Change-Id: I638a2de35d7725d6e4136bf9f10e00102764acc2
Signed-off-by: Michael Dürre <michael.duerre@highstreet-technologies.com>

5 files changed, 25 insertions, 18 deletions

diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt
index ba3e0ec0..097282b9 100644
--- a/docs/requirements-docs.txt
+++ b/docs/requirements-docs.txt
@@ -4,4 +4,5 @@ sphinxcontrib-blockdiag  # BSD
 sphinxcontrib-seqdiag # BSD
 sphinxcontrib-swaggerdoc
 sphinxcontrib-spelling
-sphinxcontrib-plantuml
\ No newline at end of file
+sphinxcontrib-plantuml
+six
diff --git a/docs/tox.ini b/docs/tox.ini
index 0465b384..5200df4f 100644
--- a/docs/tox.ini
+++ b/docs/tox.ini
@@ -7,7 +7,7 @@ skipsdist = true
 basepython = python3.8
 deps =
     -r{toxinidir}/requirements-docs.txt
-    -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+    -chttps://releases.openstack.org/constraints/upper/yoga
     -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
 commands =
     sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html
@@ -28,7 +28,7 @@ allowlist_externals = echo
 basepython = python3.8
 deps =
     -r{toxinidir}/requirements-docs.txt
-    -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+    -chttps://releases.openstack.org/constraints/upper/yoga
     -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master
 commands =
     sphinx-build -W -q -b spelling -d {envtmpdir}/doctrees {toxinidir} {toxinidir}/_build/spellcheck
diff --git a/installation/sdnc/pom.xml b/installation/sdnc/pom.xml
index 649f57dc..23fd0e66 100644
--- a/installation/sdnc/pom.xml
+++ b/installation/sdnc/pom.xml
@@ -40,7 +40,8 @@
             mvn:org.onap.ccsdk.features.sdnr.northbound/sdnr-northbound-all/${ccsdk.features.version}/xml/features,\
             mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator/${ccsdk.features.version}/xml/features,\
             mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager/${ccsdk.features.version}/xml/features,\
-            mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/${ccsdk.features.version}/xml/features
+            mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/${ccsdk.features.version}/xml/features,\
+            mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-oauth/${ccsdk.features.version}/xml/features
         </sdnr.features.repo>
 
         <!-- SDNC Features Boot -->
diff --git a/installation/sdnc/src/main/resources/oauth-aaa-app-config.xml b/installation/sdnc/src/main/resources/oauth-aaa-app-config.xml
index 643ed4de..65e34db7 100644
--- a/installation/sdnc/src/main/resources/oauth-aaa-app-config.xml
+++ b/installation/sdnc/src/main/resources/oauth-aaa-app-config.xml
@@ -26,6 +26,7 @@
 
     <main>
         <pair-key>tokenAuthRealm</pair-key>
+        <!--<pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value>-->
         <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
     </main>
 
@@ -35,16 +36,13 @@
     </main>
     <!-- Used to support OAuth2 use case. -->
     <main>
-        <pair-key>authcBasic</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
-    </main>
-    <main>
         <pair-key>anyroles</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value>
+        <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.AnyRoleHttpAuthenticationFilter</pair-value>
     </main>
     <main>
         <pair-key>authcBearer</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
+<!--        <pair-value>org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter</pair-value>-->
+        <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.BearerAndBasicHttpAuthenticationFilter</pair-value>
     </main>
 
     <!-- in order to track AAA challenge attempts -->
@@ -60,7 +58,7 @@
     <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
     <main>
         <pair-key>dynamicAuthorization</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
+        <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.CustomizedMDSALDynamicAuthorizationFilter</pair-value>
     </main>
 
 
@@ -70,11 +68,11 @@
     </urls>
     <urls>
         <pair-key>/**/v1/**</pair-key>
-        <pair-value>authcBearer, roles[admin]</pair-value>
+        <pair-value>authcBasic, roles[admin]</pair-value>
     </urls>
     <urls>
         <pair-key>/**/config/aaa*/**</pair-key>
-        <pair-value>authcBearer, roles[admin]</pair-value>
+        <pair-value>authcBasic, roles[admin]</pair-value>
     </urls>
      <urls>
         <pair-key>/oauth/**</pair-key>
@@ -94,7 +92,6 @@
     </urls>
     <urls>
         <pair-key>/**</pair-key>
-        <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
+        <pair-value>authcBearer, roles[admin]</pair-value>
     </urls>
 </shiro-configuration>
-
diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh
index 644ec50f..b731c350 100755
--- a/installation/sdnc/src/main/scripts/startODL.sh
+++ b/installation/sdnc/src/main/scripts/startODL.sh
@@ -90,11 +90,15 @@ initialize_sdnrdb() {
   printf "%s\n" "Execute: $INITCMD"
   n=0
   until [ $n -ge 5 ] ; do
-    $INITCMD && break
+    $INITCMD
+    ret=$?
+    if [ $ret -eq 0 ] ; then
+      break;
+    fi
     n=$((n+1))
     sleep 15
   done
-  return $?
+  return $ret
 }
 
 install_sdnrwt_features() {
@@ -344,6 +348,10 @@ if $SDNRINIT ; then
   init_result=$?
   printf "%s\n" "Result of init script: $init_result"
   if $SDNRWT ; then
+    if [ $init_result -ne 0 ]; then
+      echo "db not initialized. stopping container"
+      exit $init_result
+    fi
     printf "Proceed to initialize sdnr\n"
   else
     exit $init_result
@@ -397,7 +405,7 @@ then
   if $SDNRWT ; then install_sdnrwt_features ; fi
   if $ENABLE_OAUTH ; then
     cp $SDNC_HOME/data/oauth-aaa-app-config.xml $(find $ODL_HOME/system/org/opendaylight/aaa/ -name *aaa-app-config.xml)
-    echo -e "\norg.ops4j.pax.web.session.cookie = none" >> $ODL_HOME/etc/org.ops4j.pax.web.cfg
+    echo -e "\norg.ops4j.pax.web.session.cookie.comment = disable" >> $ODL_HOME/etc/org.ops4j.pax.web.cfg
     install_sdnr_oauth_features
   fi