aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa-shiro/src/main/resources
diff options
context:
space:
mode:
Diffstat (limited to 'odl-aaa-moon/aaa-shiro/src/main/resources')
-rw-r--r--odl-aaa-moon/aaa-shiro/src/main/resources/WEB-INF/web.xml48
-rw-r--r--odl-aaa-moon/aaa-shiro/src/main/resources/shiro.ini95
2 files changed, 0 insertions, 143 deletions
diff --git a/odl-aaa-moon/aaa-shiro/src/main/resources/WEB-INF/web.xml b/odl-aaa-moon/aaa-shiro/src/main/resources/WEB-INF/web.xml
deleted file mode 100644
index 63288c23..00000000
--- a/odl-aaa-moon/aaa-shiro/src/main/resources/WEB-INF/web.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0">
-
- <servlet>
- <servlet-name>MOON</servlet-name>
- <servlet-class>org.opendaylight.aaa.shiro.moon.MoonTokenEndpoint</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>MOON</servlet-name>
- <url-pattern>/token</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>MOON</servlet-name>
- <url-pattern>/revoke</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>MOON</servlet-name>
- <url-pattern>/validate</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>MOON</servlet-name>
- <url-pattern>/*</url-pattern>
- </servlet-mapping>
-
- <!-- Shiro Filter -->
- <context-param>
- <param-name>shiroEnvironmentClass</param-name>
- <param-value>org.opendaylight.aaa.shiro.web.env.KarafIniWebEnvironment</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
- </listener>
-
- <filter>
- <filter-name>ShiroFilter</filter-name>
- <filter-class>org.opendaylight.aaa.shiro.filters.AAAFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>ShiroFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-</web-app> \ No newline at end of file
diff --git a/odl-aaa-moon/aaa-shiro/src/main/resources/shiro.ini b/odl-aaa-moon/aaa-shiro/src/main/resources/shiro.ini
deleted file mode 100644
index d84f9fa0..00000000
--- a/odl-aaa-moon/aaa-shiro/src/main/resources/shiro.ini
+++ /dev/null
@@ -1,95 +0,0 @@
-#
-# Copyright (c) 2015 Brocade Communications Systems, Inc. and others. All rights reserved.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Eclipse Public License v1.0 which accompanies this distribution,
-# and is available at http://www.eclipse.org/legal/epl-v10.html
-#
-
-###############################################################################
-# shiro.ini #
-# #
-# Configuration of OpenDaylight's aaa-shiro feature. Provided Realm #
-# implementations include: #
-# - TokenAuthRealm (enabled by default) #
-# - ODLJndiLdapRealm (disabled by default) #
-# - ODLJndiLdapRealmAuthNOnly (disabled by default) #
-# Basic user configuration through shiro.ini is disabled for security #
-# purposes. #
-###############################################################################
-
-
-
-[main]
-###############################################################################
-# realms #
-# #
-# This section is dedicated to setting up realms for OpenDaylight. Realms #
-# are essentially different methods for providing AAA. ODL strives to provide#
-# highly-configurable AAA by providing pluggable infrastructure. By deafult, #
-# TokenAuthRealm is enabled out of the box (which bridges to the existing AAA #
-# mechanisms). More than one realm can be enabled, and the realms are #
-# tried Round-Robin until: #
-# 1) a realm successfully authenticates the incoming request #
-# 2) all realms are exhausted, and 401 is returned #
-###############################################################################
-
-# ODL provides a few LDAP implementations, which are disabled out of the box.
-# ODLJndiLdapRealm includes authorization functionality based on LDAP elements
-# extracted through and LDAP search. This requires a bit of knowledge about
-# how your LDAP system is setup. An example is provided below:
-#ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm
-#ldapRealm.userDnTemplate = uid={0},ou=People,dc=DOMAIN,dc=TLD
-#ldapRealm.contextFactory.url = ldap://<URL>:389
-#ldapRealm.searchBase = dc=DOMAIN,dc=TLD
-#ldapRealm.ldapAttributeForComparison = objectClass
-
-# ODL also provides ODLJndiLdapRealmAuthNOnly. Essentially, this allows
-# access through AAAFilter to any user that can authenticate against the
-# provided LDAP server.
-#ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly
-#ldapRealm.userDnTemplate = uid={0},ou=People,dc=DOMAIN,dc=TLD
-#ldapRealm.contextFactory.url = ldap://<URL>:389
-
-# Bridge to existing h2/idmlight/mdsal authentication/authorization mechanisms.
-# This realm is enabled by default, and utilizes h2-store by default.
-tokenAuthRealm = org.opendaylight.aaa.shiro.realm.TokenAuthRealm
-moonAuthRealm = org.opendaylight.aaa.shiro.realm.MoonRealm
-
-# The CSV list of enabled realms. In order to enable a realm, add it to the
-# list below:
-securityManager.realms = $moonAuthRealm
-
-
-# adds a custom AuthenticationFilter to support OAuth2 for backwards
-# compatibility. To disable OAuth2 access, just comment out the next line
-# and authcBasic will default to BasicHttpAuthenticationFilter, a
-# Shiro-provided class.
-authcBasic = org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter
-# OAuth2 Filer for moon token AuthN
-rest = org.opendaylight.aaa.shiro.filters.MoonOAuthFilter
-
-
-
-[urls]
-###############################################################################
-# url authorization section #
-# #
-# This section is dedicated to defining url-based authorization according to: #
-# http://shiro.apache.org/web.html #
-###############################################################################
-#Filtering REST requests with AAAFilter
-/v1/users** = authcBasic
-/v1/domains** = authcBasic
-/v1/roles** = authcBasic
-
-#Filter OAuth2 request$
-/token = rest
-
-# General access through AAAFilter requires valid credentials (AuthN only).
-/** = authcBasic
-
-# Access to the credential store is limited to the valid users who have the
-# admin role. The following line is only needed if the mdsal store is enabled
-#(the mdsal store is disabled by default).
-/config/aaa-authn-model** = authcBasic,roles[admin]