diff options
Diffstat (limited to 'odl-aaa-moon/aaa/aaa-authz')
20 files changed, 0 insertions, 1703 deletions
diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-config/pom.xml b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-config/pom.xml deleted file mode 100644 index 42237e41..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-config/pom.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.opendaylight.aaa</groupId> - <artifactId>aaa-parent</artifactId> - <version>0.3.2-Beryllium-SR2</version> - <relativePath>../../parent</relativePath> - </parent> - - <artifactId>authz-service-config</artifactId> - <description>AuthZ Service Configuration files </description> - <packaging>jar</packaging> - <build> - <plugins> - <plugin> - <groupId>org.codehaus.mojo</groupId> - <artifactId>build-helper-maven-plugin</artifactId> - <executions> - <execution> - <id>attach-artifacts</id> - <goals> - <goal>attach-artifact</goal> - </goals> - <phase>package</phase> - <configuration> - <artifacts> - <artifact> - <file>${project.build.directory}/classes/initial/${config.authz.service.configfile}</file> - <type>xml</type> - <classifier>config</classifier> - </artifact> - </artifacts> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> - -</project> diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-config/src/main/resources/initial/08-authz-config.xml b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-config/src/main/resources/initial/08-authz-config.xml deleted file mode 100644 index 5b59ca20..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-config/src/main/resources/initial/08-authz-config.xml +++ /dev/null @@ -1,60 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- vi: set et smarttab sw=4 tabstop=4: --> -<!-- - Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved. - - This program and the accompanying materials are made available under the - terms of the Eclipse Public License v1.0 which accompanies this distribution, - and is available at http://www.eclipse.org/legal/epl-v10.html ---> -<snapshot> - <configuration> - <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> - <modules xmlns="urn:opendaylight:params:xml:ns:yang:controller:config"> - - <!-- defines an implementation module --> - <module> - <type xmlns:authz="urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv">authz:aaa-authz-service</type> - <name>aaa-authz-service</name> - - <dom-broker> - <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type> - <name>dom-broker</name> - </dom-broker> - - <data-broker> - <type xmlns:binding="urn:opendaylight:params:xml:ns:yang:controller:md:sal:binding">binding:binding-data-broker</type> - <name>binding-data-broker</name> - </data-broker> - - <policies xmlns="urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv"> - <service xmlns="urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv">RestConfService</service> - <action xmlns="urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv">Any</action> - <resource xmlns="urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv">*</resource> - <role xmlns="urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv">admin</role> - </policies> - - </module> - </modules> - - <services xmlns="urn:opendaylight:params:xml:ns:yang:controller:config"> - <service> - <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type> - <instance> - <name>authz-connector-default</name> - <provider> - /modules/module[type='aaa-authz-service'][name='aaa-authz-service'] - </provider> - </instance> - </service> - </services> - - </data> - - - </configuration> - <required-capabilities> - <capability>urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv?module=aaa-authz-service-impl&revision=2014-07-01</capability> - </required-capabilities> - -</snapshot> diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/pom.xml b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/pom.xml deleted file mode 100644 index ee6108bd..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/pom.xml +++ /dev/null @@ -1,95 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - - <parent> - <groupId>org.opendaylight.aaa</groupId> - <artifactId>aaa-parent</artifactId> - <version>0.3.2-Beryllium-SR2</version> - <relativePath>../../parent</relativePath> - </parent> - - <artifactId>aaa-authz-model</artifactId> - <name>${project.artifactId}</name> - - <dependencies> - <dependency> - <groupId>org.opendaylight.mdsal</groupId> - <artifactId>yang-binding</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.mdsal.model</groupId> - <artifactId>ietf-inet-types</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.mdsal.model</groupId> - <artifactId>ietf-yang-types</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.mdsal.model</groupId> - <artifactId>yang-ext</artifactId> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - <extensions>true</extensions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-javadoc-plugin</artifactId> - <configuration> - <stylesheet>maven</stylesheet> - </configuration> - <executions> - <execution> - <goals> - <goal>aggregate</goal> - </goals> - <phase>site</phase> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.opendaylight.yangtools</groupId> - <artifactId>yang-maven-plugin</artifactId> - <version>${yangtools.version}</version> - <executions> - <execution> - <goals> - <goal>generate-sources</goal> - </goals> - <configuration> - <yangFilesRootDir>src/main/yang</yangFilesRootDir> - <codeGenerators> - <generator> - <codeGeneratorClass> - org.opendaylight.yangtools.maven.sal.api.gen.plugin.CodeGeneratorImpl - </codeGeneratorClass> - <outputBaseDir>${salGeneratorPath}</outputBaseDir> - </generator> - </codeGenerators> - <inspectDependencies>true</inspectDependencies> - </configuration> - </execution> - </executions> - - <dependencies> - <dependency> - <groupId>org.opendaylight.mdsal</groupId> - <artifactId>maven-sal-api-gen-plugin</artifactId> - <version>${yangtools.version}</version> - <type>jar</type> - </dependency> - </dependencies> - </plugin> - </plugins> - </build> - <packaging>bundle</packaging> - -</project> diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang deleted file mode 100644 index 2e0cf9cb..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang +++ /dev/null @@ -1,190 +0,0 @@ -module authorization-schema { - yang-version 1; - namespace "urn:aaa:yang:authz:ds"; - prefix "authz"; - organization "TBD"; - - contact "wdec@cisco.com"; - - revision 2014-07-22 { - description - "Initial revision."; - } - - //Main module begins - - //TODO: Refactor service type as URI - - //Define the servicetype; Service is used to identify the requestors' name, which would correspond to an ODL component eg Restconf. Possibly - //the naming will derive from the OSGi bundle name of the AuthZ requesting party. - - typedef service-type { - type string; - } - - //Resource denotes the actual resource that is the subject of the AuthZ request. - - typedef resource-type { - type string; - default "*"; - - //Examples of resources: - //Data : /operational/opendaylight-inventory:nodes/node/openflow:1/node-connector/openflow:1:1 - //Wildcarded data: /operational/opendaylight-inventory:nodes/node/*/node-connector/* - //RPC: /operations/example-ops:reboot - //Wildcarded RPC: /operations/example-ops:* - //Notification: /notifications/example-ops:startup - } - - //Role denotes the normalized role that is attributed to the AuthZ requestor, eg "admin" - - typedef role-type { - type string; - } - - //Domain denotes the customer domain that is the attributed of the AuthZ requestor, eg cisco.com - - typedef domain-type { - type string; - } - - //Action denotes the requested AuthZ action on the resource - //TODO: Refactor as identities to allow for augmentation. - - typedef action-type { - type enumeration { - enum put; - enum commit; - enum exists; - enum getIdentifier; - enum read; - enum cancel; - enum submit; - enum delete; - enum merge; - enum any; - } - default "any"; - } - - typedef authorization-response-type { - type enumeration { - enum not-authorized { value 0; } - enum authorized { value 1; } - } - } - - typedef authorization-duration-type { - type uint32; - } - - // Following grouping is the core AuthZ policy permissions data-structure, dual keyed by service and action. - // Permissions will be set-up per application. NOTE: Group and role can be equivalent. do we need both? - - grouping authorization-grp { - list policies { - key "service"; - leaf service { - type service-type; - } - leaf action { - type action-type; - } - leaf resource { - type resource-type; - mandatory true; - } - leaf role { - type role-type; - mandatory true; - } - leaf authorization { - type authorization-response-type; - } - } - } - - // Following container provides the simple, non-domain specific AuthZ policy data-structure, dual keyed by service and action. - - container simple-authorization { - uses authorization-grp; - } - - // Following container provides the domain AuthZ policy data-structure. Each Policy is extended with a authz-domain-chain, - // which contains a prioritized list of the leafrefs to additional domain policies that also apply to this domain. - // The construct allows the chaining of policies like foo.com -> customer.sp.com -> customer.carrier.com. - - - container domain-authorization { - list domains { - key "domain-name"; - leaf domain-name { - type domain-type; - } - uses authorization-grp; - list authz-domain-chain { - key "priority"; - leaf priority { - type uint32; - } - leaf domain-name { - type leafref { - path "/additional-domain-authz/domains/domain-name"; - } - } - } - } -} - -container additional-domain-authz { - list domains { - key "domain-name"; - leaf domain-name { - type domain-type; - } - uses authorization-grp; - } - } - - - - /* The following is the AuthZ RPC definition */ - - rpc req-authorization { - description - "Check Authorization for a given combination of action and role. - A not-authorized will be returned if unsuccessful."; - - input { - leaf domain-name { - type domain-type; - } - leaf service { - type service-type; - } - leaf action { - type action-type; - mandatory true; - } - - leaf resource { - type resource-type; - mandatory true; - } - leaf role { - type role-type; - mandatory true; - } - - } - - output { - - leaf authorization-response { - type authorization-response-type; - mandatory true; - } - - } - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-restconf-config/pom.xml b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-restconf-config/pom.xml deleted file mode 100644 index 6104be4b..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-restconf-config/pom.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.opendaylight.aaa</groupId> - <artifactId>aaa-parent</artifactId> - <version>0.3.2-Beryllium-SR2</version> - <relativePath>../../parent</relativePath> - </parent> - - <artifactId>authz-restconf-config</artifactId> - - <description>AuthZ Restconf Connector Configuration file </description> - <packaging>jar</packaging> - <build> - <plugins> - <plugin> - <groupId>org.codehaus.mojo</groupId> - <artifactId>build-helper-maven-plugin</artifactId> - <executions> - <execution> - <id>attach-artifacts</id> - <goals> - <goal>attach-artifact</goal> - </goals> - <phase>package</phase> - <configuration> - <artifacts> - <artifact> - <file>${project.build.directory}/classes/initial/${config.restconf.configfile}</file> - <type>xml</type> - <classifier>config</classifier> - </artifact> - </artifacts> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> -</project> diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-restconf-config/src/main/resources/initial/09-rest-connector.xml b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-restconf-config/src/main/resources/initial/09-rest-connector.xml deleted file mode 100644 index deba6558..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-restconf-config/src/main/resources/initial/09-rest-connector.xml +++ /dev/null @@ -1,42 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - -This program and the accompanying materials are made available under the -terms of the Eclipse Public License v1.0 which accompanies this distribution, -and is available at http://www.eclipse.org/legal/epl-v10.html ---> -<snapshot> - <configuration> - <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> - <modules xmlns="urn:opendaylight:params:xml:ns:yang:controller:config"> - - <module> - <type xmlns:rest="urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector">rest:rest-connector-impl</type> - <name>rest-connector-default-impl</name> - <websocket-port>8185</websocket-port> - <dom-broker> - <type xmlns:dom="urn:opendaylight:params:xml:ns:yang:controller:md:sal:dom">dom:dom-broker-osgi-registry</type> - <name>authz-connector-default</name> - </dom-broker> - </module> - </modules> - - <services xmlns="urn:opendaylight:params:xml:ns:yang:controller:config"> - <service> - <type xmlns:rest="urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector">rest:rest-connector</type> - <instance> - <name>rest-connector-default</name> - <provider> - /modules/module[type='rest-connector-impl'][name='rest-connector-default-impl'] - </provider> - </instance> - </service> - </services> - - </data> - </configuration> - <required-capabilities> - <capability>urn:opendaylight:params:xml:ns:yang:controller:md:sal:rest:connector?module=opendaylight-rest-connector&revision=2014-07-24</capability> - </required-capabilities> -</snapshot> diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/pom.xml b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/pom.xml deleted file mode 100644 index 2c150ce7..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/pom.xml +++ /dev/null @@ -1,152 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- ~ Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - ~ ~ This program and the accompanying materials are made available under - the ~ terms of the Eclipse Public License v1.0 which accompanies this distribution, - ~ and is available at http://www.eclipse.org/legal/epl-v10.html --> - -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <parent> - <groupId>org.opendaylight.aaa</groupId> - <artifactId>aaa-parent</artifactId> - <version>0.3.2-Beryllium-SR2</version> - <relativePath>../../parent</relativePath> - </parent> - <modelVersion>4.0.0</modelVersion> - - <artifactId>aaa-authz-service</artifactId> - <packaging>bundle</packaging> - - <dependencies> - <dependency> - <groupId>org.opendaylight.controller</groupId> - <artifactId>sal-binding-util</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.controller</groupId> - <artifactId>sal-common-util</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.yangtools</groupId> - <artifactId>yang-data-api</artifactId> - </dependency> - <dependency> - <groupId>commons-codec</groupId> - <artifactId>commons-codec</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.controller</groupId> - <artifactId>sal-binding-api</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.controller</groupId> - <artifactId>config-api</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.controller</groupId> - <artifactId>sal-binding-config</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.aaa</groupId> - <artifactId>aaa-authz-model</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.aaa</groupId> - <artifactId>aaa-authn-api</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.controller</groupId> - <artifactId>sal-core-api</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.controller</groupId> - <artifactId>sal-core-spi</artifactId> - </dependency> - <dependency> - <groupId>org.jboss.resteasy</groupId> - <artifactId>jaxrs-api</artifactId> - <scope>provided</scope> - </dependency> - - <!-- Test dependencies --> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.mockito</groupId> - <artifactId>mockito-all</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-simple</artifactId> - <scope>test</scope> - </dependency> - - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - <extensions>true</extensions> - <configuration> - <instructions> - <!-- <Bundle-Activator>org.opendaylight.aaa.authz.srv.AuthzProvider</Bundle-Activator> --> - <Export-Package>org.opendaylight.aaa.config.yang.aaa_srv,</Export-Package> - </instructions> - </configuration> - <!-- <configuration> <Export-Package> </Export-Package> </configuration> --> - </plugin> - <plugin> - <groupId>org.opendaylight.yangtools</groupId> - <artifactId>yang-maven-plugin</artifactId> - <version>${yangtools.version}</version> - <executions> - <execution> - <id>config</id> - <goals> - <goal>generate-sources</goal> - </goals> - <configuration> - <codeGenerators> - <generator> - <codeGeneratorClass> - org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator - </codeGeneratorClass> - <outputBaseDir>${jmxGeneratorPath}</outputBaseDir> - <additionalConfiguration> - <namespaceToPackage1> - urn:opendaylight:params:xml:ns:yang:controller==org.opendaylight.controller.config.yang - </namespaceToPackage1> - </additionalConfiguration> - </generator> - <generator> - <codeGeneratorClass>org.opendaylight.yangtools.maven.sal.api.gen.plugin.CodeGeneratorImpl</codeGeneratorClass> - <outputBaseDir>${salGeneratorPath}</outputBaseDir> - </generator> - </codeGenerators> - <inspectDependencies>true</inspectDependencies> - </configuration> - </execution> - </executions> - <dependencies> - <dependency> - <groupId>org.opendaylight.controller</groupId> - <artifactId>yang-jmx-generator-plugin</artifactId> - <version>${config.version}</version> - </dependency> - <dependency> - <groupId>org.opendaylight.mdsal</groupId> - <artifactId>maven-sal-api-gen-plugin</artifactId> - <version>${yangtools.version}</version> - </dependency> - </dependencies> - </plugin> - </plugins> - </build> - -</project> diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java deleted file mode 100644 index d4ac79af..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import java.util.Collection; - -import org.opendaylight.aaa.api.AuthenticationService; -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.Consumer; -import org.opendaylight.controller.sal.core.api.Provider; -import org.osgi.framework.BundleContext; - -/** - * Created by wdec on 26/08/2014. - */ -public class AuthzBrokerImpl implements Broker, AutoCloseable, Provider { - - private Broker broker; - private ProviderSession providerSession; - private AuthenticationService authenticationService; - - public void setBroker(Broker broker) { - this.broker = broker; - } - - @Override - public void close() throws Exception { - - } - - // Implements AuthzBroker handling of registering consumers or providers. - @Override - public ConsumerSession registerConsumer(Consumer consumer) { - - ConsumerSession realSession = broker.registerConsumer(new ConsumerWrapper(consumer)); - AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realSession, - this); - consumer.onSessionInitiated(authzConsumerContext); - return authzConsumerContext; - } - - @Override - public ConsumerSession registerConsumer(Consumer consumer, BundleContext bundleContext) { - - ConsumerSession realSession = broker.registerConsumer(new ConsumerWrapper(consumer), - bundleContext); - AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realSession, - this); - consumer.onSessionInitiated(authzConsumerContext); - return authzConsumerContext; - } - - @Override - public ProviderSession registerProvider(Provider provider) { - - ProviderSession realSession = broker.registerProvider(new ProviderWrapper(provider)); - AuthzProviderContextImpl authzProviderContext = new AuthzProviderContextImpl(realSession, - this); - provider.onSessionInitiated(authzProviderContext); - return authzProviderContext; - } - - @Override - public ProviderSession registerProvider(Provider provider, BundleContext bundleContext) { - - // Allow the real broker to do its thing, while providing a wrapped - // callback - ProviderSession realSession = broker.registerProvider(new ProviderWrapper(provider), - bundleContext); - - // Create Authz ProviderContext - AuthzProviderContextImpl authzProviderContext = new AuthzProviderContextImpl(realSession, - this); - - // Run onsessionInitiated on injected provider with the AuthZ provider - // context. - provider.onSessionInitiated(authzProviderContext); - return authzProviderContext; - - } - - // Handle the AuthZBroker registration with the real broker - @Override - public void onSessionInitiated(ProviderSession providerSession) { - - // Get now the real DOMDataBroker and register it with the - // AuthzDOMBroker together with the provider session - final DOMDataBroker domDataBroker = providerSession.getService(DOMDataBroker.class); - AuthzDomDataBroker.getInstance().setProviderSession(providerSession); - AuthzDomDataBroker.getInstance().setDomDataBroker(domDataBroker); - AuthzDomDataBroker.getInstance().setAuthService(this.authenticationService); - } - - @Override - public Collection<ProviderFunctionality> getProviderFunctionality() { - return null; - } - - public void setAuthenticationService(AuthenticationService authenticationService) { - this.authenticationService = authenticationService; - } - - // Wrapper for Provider - - public static class ProviderWrapper implements Provider { - private final Provider provider; - - public ProviderWrapper(Provider provider) { - this.provider = provider; - } - - @Override - public void onSessionInitiated(ProviderSession providerSession) { - // Do a Noop when the real broker calls back - } - - @Override - public Collection<ProviderFunctionality> getProviderFunctionality() { - // Allow the RestconfImpl to respond to this - return provider.getProviderFunctionality(); - } - } - - // Wrapper for Consumer - public static class ConsumerWrapper implements Consumer { - - private final Consumer consumer; - - public ConsumerWrapper(Consumer consumer) { - this.consumer = consumer; - } - - @Override - public void onSessionInitiated(ConsumerSession consumerSession) { - // Do a Noop when the real broker calls back - } - - @Override - public Collection<ConsumerFunctionality> getConsumerFunctionality() { - return consumer.getConsumerFunctionality(); - } - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java deleted file mode 100644 index 07ba51cd..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.Broker.ConsumerSession; -import org.opendaylight.controller.sal.core.api.BrokerService; -import org.opendaylight.controller.sal.core.spi.ForwardingConsumerSession; - -/** - * Created by wdec on 28/08/2014. - */ -public class AuthzConsumerContextImpl extends ForwardingConsumerSession { - - private final Broker.ConsumerSession realSession; - - public AuthzConsumerContextImpl(Broker.ConsumerSession realSession, AuthzBrokerImpl authzBroker) { - this.realSession = realSession; - } - - @Override - protected ConsumerSession delegate() { - return realSession; - } - - @Override - public <T extends BrokerService> T getService(Class<T> tClass) { - T t; - // Check for class and return Authz broker only for DOMBroker - if (tClass == DOMDataBroker.class) { - t = (T) AuthzDomDataBroker.getInstance(); - } else { - t = realSession.getService(tClass); - } - // AuthzDomDataBroker.getInstance().setDomDataBroker((DOMDataBroker)t); - return t; - } - -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java deleted file mode 100644 index 4cc232bc..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import com.google.common.base.Optional; -import com.google.common.util.concurrent.CheckedFuture; -import com.google.common.util.concurrent.Futures; -import com.google.common.util.concurrent.ListenableFuture; - -import org.opendaylight.controller.md.sal.common.api.TransactionStatus; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException; -import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException; -import org.opendaylight.controller.md.sal.dom.api.DOMDataReadWriteTransaction; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType; -import org.opendaylight.yangtools.yang.common.RpcResult; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; -import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode; - -/** - * Created by wdec on 26/08/2014. - */ -public class AuthzDataReadWriteTransaction implements DOMDataReadWriteTransaction { - - private final DOMDataReadWriteTransaction domDataReadWriteTransaction; - - public AuthzDataReadWriteTransaction(DOMDataReadWriteTransaction domDataReadWriteTransaction) { - this.domDataReadWriteTransaction = domDataReadWriteTransaction; - } - - @Override - public boolean cancel() { - if (AuthzServiceImpl.isAuthorized(ActionType.Cancel)) { - return domDataReadWriteTransaction.cancel(); - } - return false; - } - - @Override - public void delete(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Delete)) { - domDataReadWriteTransaction.delete(logicalDatastoreType, yangInstanceIdentifier); - } - } - - @Override - public CheckedFuture<Void, TransactionCommitFailedException> submit() { - if (AuthzServiceImpl.isAuthorized(ActionType.Submit)) { - return domDataReadWriteTransaction.submit(); - } - TransactionCommitFailedException e = new TransactionCommitFailedException( - "Unauthorized User"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Deprecated - @Override - public ListenableFuture<RpcResult<TransactionStatus>> commit() { - if (AuthzServiceImpl.isAuthorized(ActionType.Commit)) { - return domDataReadWriteTransaction.commit(); - } - TransactionCommitFailedException e = new TransactionCommitFailedException( - "Unauthorized User"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public CheckedFuture<Optional<NormalizedNode<?, ?>>, ReadFailedException> read( - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Read)) { - return domDataReadWriteTransaction.read(logicalDatastoreType, yangInstanceIdentifier); - } - ReadFailedException e = new ReadFailedException("Authorization Failed"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public CheckedFuture<Boolean, ReadFailedException> exists( - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Exists)) { - return domDataReadWriteTransaction.exists(logicalDatastoreType, yangInstanceIdentifier); - } - ReadFailedException e = new ReadFailedException("Authorization Failed"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public void put(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Put)) { - domDataReadWriteTransaction.put(logicalDatastoreType, yangInstanceIdentifier, - normalizedNode); - } - } - - @Override - public void merge(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Merge)) { - domDataReadWriteTransaction.merge(logicalDatastoreType, yangInstanceIdentifier, - normalizedNode); - } - } - - @Override - public Object getIdentifier() { - if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) { - return domDataReadWriteTransaction.getIdentifier(); - } - return null; - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java deleted file mode 100644 index 911f5a48..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import java.util.Map; -import org.opendaylight.aaa.api.AuthenticationService; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.TransactionChainListener; -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.md.sal.dom.api.DOMDataBrokerExtension; -import org.opendaylight.controller.md.sal.dom.api.DOMDataChangeListener; -import org.opendaylight.controller.md.sal.dom.api.DOMDataReadOnlyTransaction; -import org.opendaylight.controller.md.sal.dom.api.DOMDataReadWriteTransaction; -import org.opendaylight.controller.md.sal.dom.api.DOMDataWriteTransaction; -import org.opendaylight.controller.md.sal.dom.api.DOMTransactionChain; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.BrokerService; -import org.opendaylight.yangtools.concepts.ListenerRegistration; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; - -/** - * Created by wdec on 26/08/2014. - */ -public class AuthzDomDataBroker implements BrokerService, DOMDataBroker { - - private DOMDataBroker domDataBroker; - private Broker.ProviderSession providerSession; - - private volatile AuthenticationService authService; - - final static AuthzDomDataBroker INSTANCE = new AuthzDomDataBroker(); - - public static AuthzDomDataBroker getInstance() { - return INSTANCE; - } - - public void setDomDataBroker(DOMDataBroker domDataBroker) { - this.domDataBroker = domDataBroker; - } - - public void setProviderSession(Broker.ProviderSession providerSession) { - this.providerSession = providerSession; - } - - public void setAuthService(AuthenticationService authService) { - this.authService = authService; - } - - public AuthenticationService getAuthService() { - return this.authService; - } - - @Override - public DOMDataReadOnlyTransaction newReadOnlyTransaction() { - // new Authz transaction + inject real DOM Transaction - DOMDataReadOnlyTransaction ro = domDataBroker.newReadOnlyTransaction(); - - // return domDataBroker.newReadOnlyTransaction(); //Return original - return new AuthzReadOnlyTransaction(ro); - } - - @Override - public Map<Class<? extends DOMDataBrokerExtension>, DOMDataBrokerExtension> getSupportedExtensions() { - return domDataBroker.getSupportedExtensions(); - } - - @Override - public DOMDataReadWriteTransaction newReadWriteTransaction() { - // return new Authz transaction + inject real DOM Transaction - DOMDataReadWriteTransaction rw = domDataBroker.newReadWriteTransaction(); - return new AuthzDataReadWriteTransaction(rw); - } - - @Override - public DOMDataWriteTransaction newWriteOnlyTransaction() { - DOMDataWriteTransaction wo = domDataBroker.newWriteOnlyTransaction(); - return new AuthzWriteOnlyTransaction(wo); - } - - @Override - public ListenerRegistration<DOMDataChangeListener> registerDataChangeListener( - LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, - DOMDataChangeListener domDataChangeListener, DataChangeScope dataChangeScope) { - return domDataBroker.registerDataChangeListener(logicalDatastoreType, - yangInstanceIdentifier, domDataChangeListener, dataChangeScope); - } - - @Override - public DOMTransactionChain createTransactionChain( - TransactionChainListener transactionChainListener) { - return domDataBroker.createTransactionChain(transactionChainListener); - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java deleted file mode 100644 index dbfea6ed..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.Broker.ProviderSession; -import org.opendaylight.controller.sal.core.api.BrokerService; -import org.opendaylight.controller.sal.core.spi.ForwardingProviderSession; - -/** - * Created by wdec on 28/08/2014. - */ -public class AuthzProviderContextImpl extends ForwardingProviderSession { - - private final Broker.ProviderSession realSession; - - public AuthzProviderContextImpl(Broker.ProviderSession providerSession, - AuthzBrokerImpl authzBroker) { - this.realSession = providerSession; - } - - @Override - protected ProviderSession delegate() { - // TODO Auto-generated method stub - return realSession; - } - - @Override - public <T extends BrokerService> T getService(Class<T> tClass) { - T t; - // Check for class and return Authz broker only for DOMBroker - if (tClass == DOMDataBroker.class) { - t = (T) AuthzDomDataBroker.getInstance(); - } else { - t = realSession.getService(tClass); - } - // AuthzDomDataBroker.getInstance().setDomDataBroker((DOMDataBroker)t); - return t; - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java deleted file mode 100644 index c46ffe7c..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import com.google.common.base.Optional; -import com.google.common.util.concurrent.CheckedFuture; -import com.google.common.util.concurrent.Futures; - -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException; -import org.opendaylight.controller.md.sal.dom.api.DOMDataReadOnlyTransaction; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; -import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode; - -/** - * Created by wdec on 28/08/2014. - */ - -public class AuthzReadOnlyTransaction implements DOMDataReadOnlyTransaction { - - private final DOMDataReadOnlyTransaction ro; - - public AuthzReadOnlyTransaction(DOMDataReadOnlyTransaction ro) { - this.ro = ro; - } - - @Override - public void close() { - ro.close(); - } - - @Override - public CheckedFuture<Optional<NormalizedNode<?, ?>>, ReadFailedException> read( - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Read)) { - return ro.read(logicalDatastoreType, yangInstanceIdentifier); - } - ReadFailedException e = new ReadFailedException("Authorization Failed"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public CheckedFuture<Boolean, ReadFailedException> exists( - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(ActionType.Exists)) { - return ro.exists(logicalDatastoreType, yangInstanceIdentifier); - } - ReadFailedException e = new ReadFailedException("Authorization Failed"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public Object getIdentifier() { - if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) { - return ro.getIdentifier(); - } - return null; - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java deleted file mode 100644 index fb344812..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import java.util.List; -import org.opendaylight.aaa.api.Authentication; -import org.opendaylight.aaa.api.AuthenticationService; -import org.opendaylight.controller.config.yang.config.aaa_authz.srv.Policies; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.AuthorizationResponseType; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; - -/** - * @author lmukkama Date: 9/2/14 - */ -public class AuthzServiceImpl { - - private static List<Policies> listPolicies; - - private static final String WILDCARD_TOKEN = "*"; - - public static boolean isAuthorized(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, ActionType actionType) { - - AuthorizationResponseType authorizationResponseType = AuthzServiceImpl.reqAuthorization( - actionType, logicalDatastoreType, yangInstanceIdentifier); - return authorizationResponseType.equals(AuthorizationResponseType.Authorized); - } - - public static boolean isAuthorized(ActionType actionType) { - AuthorizationResponseType authorizationResponseType = AuthzServiceImpl - .reqAuthorization(actionType); - return authorizationResponseType.equals(AuthorizationResponseType.Authorized); - } - - public static void setPolicies(List<Policies> policies) { - - AuthzServiceImpl.listPolicies = policies; - } - - public static AuthorizationResponseType reqAuthorization(ActionType actionType) { - - AuthenticationService authenticationService = AuthzDomDataBroker.getInstance() - .getAuthService(); - if (authenticationService != null && AuthzServiceImpl.listPolicies != null - && AuthzServiceImpl.listPolicies.size() > 0) { - Authentication authentication = authenticationService.get(); - if (authentication != null && authentication.roles() != null - && authentication.roles().size() > 0) { - return checkAuthorization(actionType, authentication); - } - } - return AuthorizationResponseType.NotAuthorized; - } - - public static AuthorizationResponseType reqAuthorization(ActionType actionType, - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - AuthenticationService authenticationService = AuthzDomDataBroker.getInstance() - .getAuthService(); - - if (authenticationService != null && AuthzServiceImpl.listPolicies != null - && AuthzServiceImpl.listPolicies.size() > 0) { - // Authentication Service exists. Can do authorization checks - Authentication authentication = authenticationService.get(); - - if (authentication != null && authentication.roles() != null - && authentication.roles().size() > 0) { - // Authentication claim object exists with atleast one role - return checkAuthorization(actionType, authentication, logicalDatastoreType, - yangInstanceIdentifier); - } - } - - return AuthorizationResponseType.Authorized; - } - - private static AuthorizationResponseType checkAuthorization(ActionType actionType, - Authentication authentication, LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier) { - - for (Policies policy : AuthzServiceImpl.listPolicies) { - - // Action type is compared as string, since its type is string in - // the config yang. Comparison is case insensitive - if (authentication.roles().contains(policy.getRole().getValue()) - && (policy.getResource().getValue().equals(WILDCARD_TOKEN) || policy - .getResource().getValue().equals(yangInstanceIdentifier.toString())) - && (policy.getAction().toLowerCase() - .equals(ActionType.Any.name().toLowerCase()) || actionType.name() - .toLowerCase().equals(policy.getAction().toLowerCase()))) { - - return AuthorizationResponseType.Authorized; - } - - } - - // For helium release we unauthorize other requests. - return AuthorizationResponseType.NotAuthorized; - } - - private static AuthorizationResponseType checkAuthorization(ActionType actionType, - Authentication authentication) { - - for (Policies policy : AuthzServiceImpl.listPolicies) { - if (authentication.roles().contains(policy.getRole().getValue()) - && (policy.getAction().equalsIgnoreCase(ActionType.Any.name()) || policy - .getAction().equalsIgnoreCase(actionType.name()))) { - return AuthorizationResponseType.Authorized; - } - } - return AuthorizationResponseType.NotAuthorized; - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java deleted file mode 100644 index 1123b928..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import com.google.common.util.concurrent.CheckedFuture; -import com.google.common.util.concurrent.Futures; -import com.google.common.util.concurrent.ListenableFuture; - -import org.opendaylight.controller.md.sal.common.api.TransactionStatus; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException; -import org.opendaylight.controller.md.sal.dom.api.DOMDataWriteTransaction; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType; -import org.opendaylight.yangtools.yang.common.RpcResult; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; -import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode; - -/** - * Created by wdec on 02/09/2014. - */ -public class AuthzWriteOnlyTransaction implements DOMDataWriteTransaction { - - private final DOMDataWriteTransaction domDataWriteTransaction; - - public AuthzWriteOnlyTransaction(DOMDataWriteTransaction wo) { - this.domDataWriteTransaction = wo; - } - - @Override - public void put(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Put)) { - domDataWriteTransaction.put(logicalDatastoreType, yangInstanceIdentifier, - normalizedNode); - } - } - - @Override - public void merge(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Merge)) { - domDataWriteTransaction.merge(logicalDatastoreType, yangInstanceIdentifier, - normalizedNode); - } - } - - @Override - public boolean cancel() { - if (AuthzServiceImpl.isAuthorized(ActionType.Cancel)) { - return domDataWriteTransaction.cancel(); - } - return false; - } - - @Override - public void delete(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Delete)) { - domDataWriteTransaction.delete(logicalDatastoreType, yangInstanceIdentifier); - } - } - - @Override - public CheckedFuture<Void, TransactionCommitFailedException> submit() { - if (AuthzServiceImpl.isAuthorized(ActionType.Submit)) { - return domDataWriteTransaction.submit(); - } - TransactionCommitFailedException e = new TransactionCommitFailedException( - "Unauthorized User"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Deprecated - @Override - public ListenableFuture<RpcResult<TransactionStatus>> commit() { - if (AuthzServiceImpl.isAuthorized(ActionType.Commit)) { - return domDataWriteTransaction.commit(); - } - TransactionCommitFailedException e = new TransactionCommitFailedException( - "Unauthorized User"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public Object getIdentifier() { - if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) { - return domDataWriteTransaction.getIdentifier(); - } - return null; - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModule.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModule.java deleted file mode 100644 index a590b982..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModule.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.controller.config.yang.config.aaa_authz.srv; - -import org.opendaylight.aaa.api.AuthenticationService; -import org.opendaylight.aaa.authz.srv.AuthzBrokerImpl; -import org.opendaylight.aaa.authz.srv.AuthzServiceImpl; -import org.osgi.framework.BundleContext; -import org.osgi.framework.ServiceReference; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class AuthzSrvModule extends - org.opendaylight.controller.config.yang.config.aaa_authz.srv.AbstractAuthzSrvModule { - private static final Logger LOG = LoggerFactory.getLogger(AuthzSrvModule.class); - private static boolean simple_config_switch; - private BundleContext bundleContext; - - public AuthzSrvModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier, - org.opendaylight.controller.config.api.DependencyResolver dependencyResolver) { - super(identifier, dependencyResolver); - } - - public AuthzSrvModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier, - org.opendaylight.controller.config.api.DependencyResolver dependencyResolver, - org.opendaylight.controller.config.yang.config.aaa_authz.srv.AuthzSrvModule oldModule, - java.lang.AutoCloseable oldInstance) { - super(identifier, dependencyResolver, oldModule, oldInstance); - } - - @Override - public void customValidation() { - // checkNotNull(getDomBroker(), domBrokerJmxAttribute); - } - - @Override - public java.lang.AutoCloseable createInstance() { - - // Get new AuthZ Broker - final AuthzBrokerImpl authzBrokerImpl = new AuthzBrokerImpl(); - - // Provide real broker to the new Authz broker - authzBrokerImpl.setBroker(getDomBrokerDependency()); - - // Get AuthN service reference and register it with the authzBroker - ServiceReference<AuthenticationService> authServiceReference = bundleContext - .getServiceReference(AuthenticationService.class); - AuthenticationService as = bundleContext.getService(authServiceReference); - authzBrokerImpl.setAuthenticationService(as); - - // Set the policies list to authz serviceimpl - AuthzServiceImpl.setPolicies(getPolicies()); - - // Register AuthZ broker with the real Broker as a provider; triggers - // "onSessionInitiated" in AuthzBrokerImpl - getDomBrokerDependency().registerProvider(authzBrokerImpl); - // TODO ActionType is of type string, not ENUM due to improper - // serialization of ENUMs by config/netconf subsystem. This needs to be - // fixed as soon as config/netconf fixes the problem. - getAction(); - - LOG.info("AuthZ Service Initialized from Config subsystem"); - return authzBrokerImpl; - - } - - public void setBundleContext(BundleContext bundleContext) { - this.bundleContext = bundleContext; - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModuleFactory.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModuleFactory.java deleted file mode 100644 index 3ff67f54..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModuleFactory.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -/* - * Generated file - * - * Generated from: yang module name: aaa-authz-service-impl yang module local name: aaa-authz-service - * Generated by: org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator - * Generated at: Thu Jul 24 11:19:40 CEST 2014 - * - * Do not modify this file unless it is present under src/main directory - */ -package org.opendaylight.controller.config.yang.config.aaa_authz.srv; - -import org.opendaylight.controller.config.api.DependencyResolver; -import org.opendaylight.controller.config.api.DynamicMBeanWithInstance; -import org.opendaylight.controller.config.spi.Module; -import org.osgi.framework.BundleContext; - -public class AuthzSrvModuleFactory extends - org.opendaylight.controller.config.yang.config.aaa_authz.srv.AbstractAuthzSrvModuleFactory { - - @Override - public org.opendaylight.controller.config.spi.Module createModule(String instanceName, - org.opendaylight.controller.config.api.DependencyResolver dependencyResolver, - org.osgi.framework.BundleContext bundleContext) { - - final AuthzSrvModule module = (AuthzSrvModule) super.createModule(instanceName, - dependencyResolver, bundleContext); - - module.setBundleContext(bundleContext); - - return module; - - } - - @Override - public Module createModule(final String instanceName, - final DependencyResolver dependencyResolver, final DynamicMBeanWithInstance old, - final BundleContext bundleContext) throws Exception { - final AuthzSrvModule module = (AuthzSrvModule) super.createModule(instanceName, - dependencyResolver, old, bundleContext); - - module.setBundleContext(bundleContext); - - return module; - } -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang deleted file mode 100644 index 954d0480..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang +++ /dev/null @@ -1,115 +0,0 @@ -module aaa-authz-service-impl { - - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv"; - prefix "aaa-authz-srv-impl"; - - import config { prefix config; revision-date 2013-04-05; } - import rpc-context { prefix rpcx; revision-date 2013-06-17; } - import opendaylight-md-sal-binding { prefix mdsal; revision-date 2013-10-28; } - import opendaylight-md-sal-dom {prefix dom;} - import authorization-schema { prefix authzs; revision-date 2014-07-22; } - import ietf-inet-types {prefix inet; revision-date 2010-09-24;} - - description - "This module contains the base YANG definitions for - AuthZ implementation."; - - revision "2014-07-01" { - description - "Initial revision."; - } - - - // This is the definition of the service implementation as a module identity. - identity aaa-authz-service { - base config:module-type; - // Specifies the prefix for generated java classes. - config:java-name-prefix AuthzSrv; - config:provided-service dom:dom-broker-osgi-registry; - } - - // Augments the 'configuration' choice node under modules/module. - - augment "/config:modules/config:module/config:configuration" { - case aaa-authz-service { - when "/config:modules/config:module/config:type = 'aaa-authz-service'"; - -//Defines reference to the intended broker under the AuthZ broker - - container dom-broker { - uses config:service-ref { - refine type { - mandatory true; - config:required-identity dom:dom-broker-osgi-registry; - } - } - } - - container data-broker { - uses config:service-ref { - refine type { - mandatory true; - config:required-identity mdsal:binding-data-broker; - - } - } - } - -//Simple Authz data leafs: - - leaf authz-role { - type string; - } - leaf service { - type authzs:service-type; - } - - // ENUMs cannot be used right now (config subsystem + netconf cannot properly serialize enums), using strings instead - // In the generated module use Enum.valueOf from that string. - // Expected values are following strnigs: create, read, update, delete, execute, subscribe, any; - leaf action { - type string; - description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any"; - //type authzs:action-type; - - } - leaf resource { - type authzs:resource-type; - - } - leaf role { - type authzs:role-type; - } - - - - //TODO: Check why uses below doesn't make the outer list be part of the source name-space in yang code generator. - //uses authzs:authorization-grp; - list policies { - key "service"; - leaf service { - type authzs:service-type; - } - // Grouping uses ENUMs and enums are not correctly serialized in Config + Netconf - // Same as with action one level ip - leaf action { - type string; - description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any"; - //type authzs:action-type; - } - leaf resource { - type authzs:resource-type; - - } - leaf role { - type authzs:role-type; - - } - } - - - } - } - -} diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/test/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImplTest.java b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/test/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImplTest.java deleted file mode 100644 index fb033341..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/test/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImplTest.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import org.junit.Assert; -import org.junit.Before; -import org.mockito.Mockito; -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.Provider; - -public class AuthzConsumerContextImplTest { - - private Broker.ConsumerSession realconsumercontext; - private Provider realprovidercontext; - private AuthzBrokerImpl authzBroker; - private Broker realbroker; - - @Before - public void beforeTest() { - realconsumercontext = Mockito.mock(Broker.ConsumerSession.class); - realprovidercontext = Mockito.mock(Provider.class); - realbroker = Mockito.mock(Broker.class); - realbroker.registerProvider(realprovidercontext); - authzBroker = Mockito.mock(AuthzBrokerImpl.class); - } - - @org.junit.Test - public void testGetService() throws Exception { - AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl( - realconsumercontext, authzBroker); - - Assert.assertEquals("Expected Authz session context", - authzConsumerContext.getService(DOMDataBroker.class).getClass(), - AuthzDomDataBroker.class); - // Assert.assertEquals("Expected Authz session context", - // authzConsumerContext.getService(SchemaService.class).getClass(), - // SchemaService.class); - } -}
\ No newline at end of file diff --git a/odl-aaa-moon/aaa/aaa-authz/pom.xml b/odl-aaa-moon/aaa/aaa-authz/pom.xml deleted file mode 100644 index a5e37680..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/pom.xml +++ /dev/null @@ -1,23 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.opendaylight.aaa</groupId> - <artifactId>aaa-parent</artifactId> - <version>0.3.2-Beryllium-SR2</version> - <relativePath>../parent</relativePath> - </parent> - - <artifactId>aaa-authz</artifactId> - <name>${project.artifactId}</name> - <packaging>pom</packaging> - - <modules> - <module>aaa-authz-model</module> - <module>aaa-authz-service</module> - <module>aaa-authz-config</module> - <module>aaa-authz-restconf-config</module> - </modules> -</project> |