diff options
Diffstat (limited to 'odl-aaa-moon/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/authorization/DefaultRBACRules.java')
-rw-r--r-- | odl-aaa-moon/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/authorization/DefaultRBACRules.java | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/odl-aaa-moon/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/authorization/DefaultRBACRules.java b/odl-aaa-moon/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/authorization/DefaultRBACRules.java deleted file mode 100644 index 9e84c988..00000000 --- a/odl-aaa-moon/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/authorization/DefaultRBACRules.java +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 2015 Brocade Communications Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ -package org.opendaylight.aaa.shiro.authorization; - -import com.google.common.collect.Sets; -import java.util.Collection; -import java.util.HashSet; - -/** - * A singleton container of default authorization rules that are installed as - * part of Shiro initialization. This class defines an immutable set of rules - * that are needed to provide system-wide security. These include protecting - * certain MD-SAL leaf nodes that contain AAA data from random access. This is - * not a place to define your custom rule set; additional RBAC rules are - * configured through the shiro initialization file: - * <code>$KARAF_HOME/shiro.ini</code> - * - * An important distinction to consider is that Shiro URL rules work to protect - * the system at the Web layer, and <code>AuthzDomDataBroker</code> works to - * protect the system down further at the DOM layer. - * - * @author Ryan Goulding (ryandgoulding@gmail.com) - * - */ -public class DefaultRBACRules { - - private static DefaultRBACRules instance; - - /** - * a collection of the default security rules - */ - private Collection<RBACRule> rbacRules = new HashSet<RBACRule>(); - - /** - * protects the AAA MD-SAL store by preventing access to the leaf nodes to - * non-admin users. - */ - private static final RBACRule PROTECT_AAA_MDSAL = RBACRule.createAuthorizationRule( - "*/authorization/*", Sets.newHashSet("admin")); - - /* - * private for singleton pattern - */ - private DefaultRBACRules() { - // rbacRules.add(PROTECT_AAA_MDSAL); - } - - /** - * - * @return the container instance for the default RBAC Rules - */ - public static final DefaultRBACRules getInstance() { - if (null == instance) { - instance = new DefaultRBACRules(); - } - return instance; - } - - /** - * - * @return a copy of the default rules, so any modifications to the returned - * reference do not affect the <code>DefaultRBACRules</code>. - */ - public final Collection<RBACRule> getRBACRules() { - // Returns a copy of the rbacRules set such that the original set keeps - // its contract of remaining immutable. Calls to rbacRules.add() are - // encapsulated solely in <code>DefaultRBACRules</code>. - // - // Since this method is only called at shiro initialiation time, - // memory consumption of creating a new set is a non-issue. - return Sets.newHashSet(rbacRules); - } -} |