diff options
Diffstat (limited to 'odl-aaa-moon/aaa-shiro/src/main/resources')
-rw-r--r-- | odl-aaa-moon/aaa-shiro/src/main/resources/WEB-INF/web.xml | 48 | ||||
-rw-r--r-- | odl-aaa-moon/aaa-shiro/src/main/resources/shiro.ini | 95 |
2 files changed, 0 insertions, 143 deletions
diff --git a/odl-aaa-moon/aaa-shiro/src/main/resources/WEB-INF/web.xml b/odl-aaa-moon/aaa-shiro/src/main/resources/WEB-INF/web.xml deleted file mode 100644 index 63288c23..00000000 --- a/odl-aaa-moon/aaa-shiro/src/main/resources/WEB-INF/web.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" - version="3.0"> - - <servlet> - <servlet-name>MOON</servlet-name> - <servlet-class>org.opendaylight.aaa.shiro.moon.MoonTokenEndpoint</servlet-class> - <load-on-startup>1</load-on-startup> - </servlet> - - <servlet-mapping> - <servlet-name>MOON</servlet-name> - <url-pattern>/token</url-pattern> - </servlet-mapping> - <servlet-mapping> - <servlet-name>MOON</servlet-name> - <url-pattern>/revoke</url-pattern> - </servlet-mapping> - <servlet-mapping> - <servlet-name>MOON</servlet-name> - <url-pattern>/validate</url-pattern> - </servlet-mapping> - <servlet-mapping> - <servlet-name>MOON</servlet-name> - <url-pattern>/*</url-pattern> - </servlet-mapping> - - <!-- Shiro Filter --> - <context-param> - <param-name>shiroEnvironmentClass</param-name> - <param-value>org.opendaylight.aaa.shiro.web.env.KarafIniWebEnvironment</param-value> - </context-param> - - <listener> - <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> - </listener> - - <filter> - <filter-name>ShiroFilter</filter-name> - <filter-class>org.opendaylight.aaa.shiro.filters.AAAFilter</filter-class> - </filter> - - <filter-mapping> - <filter-name>ShiroFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> -</web-app>
\ No newline at end of file diff --git a/odl-aaa-moon/aaa-shiro/src/main/resources/shiro.ini b/odl-aaa-moon/aaa-shiro/src/main/resources/shiro.ini deleted file mode 100644 index d84f9fa0..00000000 --- a/odl-aaa-moon/aaa-shiro/src/main/resources/shiro.ini +++ /dev/null @@ -1,95 +0,0 @@ -# -# Copyright (c) 2015 Brocade Communications Systems, Inc. and others. All rights reserved. -# -# This program and the accompanying materials are made available under the -# terms of the Eclipse Public License v1.0 which accompanies this distribution, -# and is available at http://www.eclipse.org/legal/epl-v10.html -# - -############################################################################### -# shiro.ini # -# # -# Configuration of OpenDaylight's aaa-shiro feature. Provided Realm # -# implementations include: # -# - TokenAuthRealm (enabled by default) # -# - ODLJndiLdapRealm (disabled by default) # -# - ODLJndiLdapRealmAuthNOnly (disabled by default) # -# Basic user configuration through shiro.ini is disabled for security # -# purposes. # -############################################################################### - - - -[main] -############################################################################### -# realms # -# # -# This section is dedicated to setting up realms for OpenDaylight. Realms # -# are essentially different methods for providing AAA. ODL strives to provide# -# highly-configurable AAA by providing pluggable infrastructure. By deafult, # -# TokenAuthRealm is enabled out of the box (which bridges to the existing AAA # -# mechanisms). More than one realm can be enabled, and the realms are # -# tried Round-Robin until: # -# 1) a realm successfully authenticates the incoming request # -# 2) all realms are exhausted, and 401 is returned # -############################################################################### - -# ODL provides a few LDAP implementations, which are disabled out of the box. -# ODLJndiLdapRealm includes authorization functionality based on LDAP elements -# extracted through and LDAP search. This requires a bit of knowledge about -# how your LDAP system is setup. An example is provided below: -#ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm -#ldapRealm.userDnTemplate = uid={0},ou=People,dc=DOMAIN,dc=TLD -#ldapRealm.contextFactory.url = ldap://<URL>:389 -#ldapRealm.searchBase = dc=DOMAIN,dc=TLD -#ldapRealm.ldapAttributeForComparison = objectClass - -# ODL also provides ODLJndiLdapRealmAuthNOnly. Essentially, this allows -# access through AAAFilter to any user that can authenticate against the -# provided LDAP server. -#ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly -#ldapRealm.userDnTemplate = uid={0},ou=People,dc=DOMAIN,dc=TLD -#ldapRealm.contextFactory.url = ldap://<URL>:389 - -# Bridge to existing h2/idmlight/mdsal authentication/authorization mechanisms. -# This realm is enabled by default, and utilizes h2-store by default. -tokenAuthRealm = org.opendaylight.aaa.shiro.realm.TokenAuthRealm -moonAuthRealm = org.opendaylight.aaa.shiro.realm.MoonRealm - -# The CSV list of enabled realms. In order to enable a realm, add it to the -# list below: -securityManager.realms = $moonAuthRealm - - -# adds a custom AuthenticationFilter to support OAuth2 for backwards -# compatibility. To disable OAuth2 access, just comment out the next line -# and authcBasic will default to BasicHttpAuthenticationFilter, a -# Shiro-provided class. -authcBasic = org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter -# OAuth2 Filer for moon token AuthN -rest = org.opendaylight.aaa.shiro.filters.MoonOAuthFilter - - - -[urls] -############################################################################### -# url authorization section # -# # -# This section is dedicated to defining url-based authorization according to: # -# http://shiro.apache.org/web.html # -############################################################################### -#Filtering REST requests with AAAFilter -/v1/users** = authcBasic -/v1/domains** = authcBasic -/v1/roles** = authcBasic - -#Filter OAuth2 request$ -/token = rest - -# General access through AAAFilter requires valid credentials (AuthN only). -/** = authcBasic - -# Access to the credential store is limited to the valid users who have the -# admin role. The following line is only needed if the mdsal store is enabled -#(the mdsal store is disabled by default). -/config/aaa-authn-model** = authcBasic,roles[admin] |