diff options
Diffstat (limited to 'upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv')
8 files changed, 0 insertions, 765 deletions
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java deleted file mode 100644 index d4ac79af..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import java.util.Collection; - -import org.opendaylight.aaa.api.AuthenticationService; -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.Consumer; -import org.opendaylight.controller.sal.core.api.Provider; -import org.osgi.framework.BundleContext; - -/** - * Created by wdec on 26/08/2014. - */ -public class AuthzBrokerImpl implements Broker, AutoCloseable, Provider { - - private Broker broker; - private ProviderSession providerSession; - private AuthenticationService authenticationService; - - public void setBroker(Broker broker) { - this.broker = broker; - } - - @Override - public void close() throws Exception { - - } - - // Implements AuthzBroker handling of registering consumers or providers. - @Override - public ConsumerSession registerConsumer(Consumer consumer) { - - ConsumerSession realSession = broker.registerConsumer(new ConsumerWrapper(consumer)); - AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realSession, - this); - consumer.onSessionInitiated(authzConsumerContext); - return authzConsumerContext; - } - - @Override - public ConsumerSession registerConsumer(Consumer consumer, BundleContext bundleContext) { - - ConsumerSession realSession = broker.registerConsumer(new ConsumerWrapper(consumer), - bundleContext); - AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realSession, - this); - consumer.onSessionInitiated(authzConsumerContext); - return authzConsumerContext; - } - - @Override - public ProviderSession registerProvider(Provider provider) { - - ProviderSession realSession = broker.registerProvider(new ProviderWrapper(provider)); - AuthzProviderContextImpl authzProviderContext = new AuthzProviderContextImpl(realSession, - this); - provider.onSessionInitiated(authzProviderContext); - return authzProviderContext; - } - - @Override - public ProviderSession registerProvider(Provider provider, BundleContext bundleContext) { - - // Allow the real broker to do its thing, while providing a wrapped - // callback - ProviderSession realSession = broker.registerProvider(new ProviderWrapper(provider), - bundleContext); - - // Create Authz ProviderContext - AuthzProviderContextImpl authzProviderContext = new AuthzProviderContextImpl(realSession, - this); - - // Run onsessionInitiated on injected provider with the AuthZ provider - // context. - provider.onSessionInitiated(authzProviderContext); - return authzProviderContext; - - } - - // Handle the AuthZBroker registration with the real broker - @Override - public void onSessionInitiated(ProviderSession providerSession) { - - // Get now the real DOMDataBroker and register it with the - // AuthzDOMBroker together with the provider session - final DOMDataBroker domDataBroker = providerSession.getService(DOMDataBroker.class); - AuthzDomDataBroker.getInstance().setProviderSession(providerSession); - AuthzDomDataBroker.getInstance().setDomDataBroker(domDataBroker); - AuthzDomDataBroker.getInstance().setAuthService(this.authenticationService); - } - - @Override - public Collection<ProviderFunctionality> getProviderFunctionality() { - return null; - } - - public void setAuthenticationService(AuthenticationService authenticationService) { - this.authenticationService = authenticationService; - } - - // Wrapper for Provider - - public static class ProviderWrapper implements Provider { - private final Provider provider; - - public ProviderWrapper(Provider provider) { - this.provider = provider; - } - - @Override - public void onSessionInitiated(ProviderSession providerSession) { - // Do a Noop when the real broker calls back - } - - @Override - public Collection<ProviderFunctionality> getProviderFunctionality() { - // Allow the RestconfImpl to respond to this - return provider.getProviderFunctionality(); - } - } - - // Wrapper for Consumer - public static class ConsumerWrapper implements Consumer { - - private final Consumer consumer; - - public ConsumerWrapper(Consumer consumer) { - this.consumer = consumer; - } - - @Override - public void onSessionInitiated(ConsumerSession consumerSession) { - // Do a Noop when the real broker calls back - } - - @Override - public Collection<ConsumerFunctionality> getConsumerFunctionality() { - return consumer.getConsumerFunctionality(); - } - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java deleted file mode 100644 index 07ba51cd..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.Broker.ConsumerSession; -import org.opendaylight.controller.sal.core.api.BrokerService; -import org.opendaylight.controller.sal.core.spi.ForwardingConsumerSession; - -/** - * Created by wdec on 28/08/2014. - */ -public class AuthzConsumerContextImpl extends ForwardingConsumerSession { - - private final Broker.ConsumerSession realSession; - - public AuthzConsumerContextImpl(Broker.ConsumerSession realSession, AuthzBrokerImpl authzBroker) { - this.realSession = realSession; - } - - @Override - protected ConsumerSession delegate() { - return realSession; - } - - @Override - public <T extends BrokerService> T getService(Class<T> tClass) { - T t; - // Check for class and return Authz broker only for DOMBroker - if (tClass == DOMDataBroker.class) { - t = (T) AuthzDomDataBroker.getInstance(); - } else { - t = realSession.getService(tClass); - } - // AuthzDomDataBroker.getInstance().setDomDataBroker((DOMDataBroker)t); - return t; - } - -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java deleted file mode 100644 index 4cc232bc..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import com.google.common.base.Optional; -import com.google.common.util.concurrent.CheckedFuture; -import com.google.common.util.concurrent.Futures; -import com.google.common.util.concurrent.ListenableFuture; - -import org.opendaylight.controller.md.sal.common.api.TransactionStatus; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException; -import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException; -import org.opendaylight.controller.md.sal.dom.api.DOMDataReadWriteTransaction; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType; -import org.opendaylight.yangtools.yang.common.RpcResult; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; -import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode; - -/** - * Created by wdec on 26/08/2014. - */ -public class AuthzDataReadWriteTransaction implements DOMDataReadWriteTransaction { - - private final DOMDataReadWriteTransaction domDataReadWriteTransaction; - - public AuthzDataReadWriteTransaction(DOMDataReadWriteTransaction domDataReadWriteTransaction) { - this.domDataReadWriteTransaction = domDataReadWriteTransaction; - } - - @Override - public boolean cancel() { - if (AuthzServiceImpl.isAuthorized(ActionType.Cancel)) { - return domDataReadWriteTransaction.cancel(); - } - return false; - } - - @Override - public void delete(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Delete)) { - domDataReadWriteTransaction.delete(logicalDatastoreType, yangInstanceIdentifier); - } - } - - @Override - public CheckedFuture<Void, TransactionCommitFailedException> submit() { - if (AuthzServiceImpl.isAuthorized(ActionType.Submit)) { - return domDataReadWriteTransaction.submit(); - } - TransactionCommitFailedException e = new TransactionCommitFailedException( - "Unauthorized User"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Deprecated - @Override - public ListenableFuture<RpcResult<TransactionStatus>> commit() { - if (AuthzServiceImpl.isAuthorized(ActionType.Commit)) { - return domDataReadWriteTransaction.commit(); - } - TransactionCommitFailedException e = new TransactionCommitFailedException( - "Unauthorized User"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public CheckedFuture<Optional<NormalizedNode<?, ?>>, ReadFailedException> read( - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Read)) { - return domDataReadWriteTransaction.read(logicalDatastoreType, yangInstanceIdentifier); - } - ReadFailedException e = new ReadFailedException("Authorization Failed"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public CheckedFuture<Boolean, ReadFailedException> exists( - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Exists)) { - return domDataReadWriteTransaction.exists(logicalDatastoreType, yangInstanceIdentifier); - } - ReadFailedException e = new ReadFailedException("Authorization Failed"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public void put(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Put)) { - domDataReadWriteTransaction.put(logicalDatastoreType, yangInstanceIdentifier, - normalizedNode); - } - } - - @Override - public void merge(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Merge)) { - domDataReadWriteTransaction.merge(logicalDatastoreType, yangInstanceIdentifier, - normalizedNode); - } - } - - @Override - public Object getIdentifier() { - if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) { - return domDataReadWriteTransaction.getIdentifier(); - } - return null; - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java deleted file mode 100644 index 911f5a48..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import java.util.Map; -import org.opendaylight.aaa.api.AuthenticationService; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.TransactionChainListener; -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.md.sal.dom.api.DOMDataBrokerExtension; -import org.opendaylight.controller.md.sal.dom.api.DOMDataChangeListener; -import org.opendaylight.controller.md.sal.dom.api.DOMDataReadOnlyTransaction; -import org.opendaylight.controller.md.sal.dom.api.DOMDataReadWriteTransaction; -import org.opendaylight.controller.md.sal.dom.api.DOMDataWriteTransaction; -import org.opendaylight.controller.md.sal.dom.api.DOMTransactionChain; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.BrokerService; -import org.opendaylight.yangtools.concepts.ListenerRegistration; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; - -/** - * Created by wdec on 26/08/2014. - */ -public class AuthzDomDataBroker implements BrokerService, DOMDataBroker { - - private DOMDataBroker domDataBroker; - private Broker.ProviderSession providerSession; - - private volatile AuthenticationService authService; - - final static AuthzDomDataBroker INSTANCE = new AuthzDomDataBroker(); - - public static AuthzDomDataBroker getInstance() { - return INSTANCE; - } - - public void setDomDataBroker(DOMDataBroker domDataBroker) { - this.domDataBroker = domDataBroker; - } - - public void setProviderSession(Broker.ProviderSession providerSession) { - this.providerSession = providerSession; - } - - public void setAuthService(AuthenticationService authService) { - this.authService = authService; - } - - public AuthenticationService getAuthService() { - return this.authService; - } - - @Override - public DOMDataReadOnlyTransaction newReadOnlyTransaction() { - // new Authz transaction + inject real DOM Transaction - DOMDataReadOnlyTransaction ro = domDataBroker.newReadOnlyTransaction(); - - // return domDataBroker.newReadOnlyTransaction(); //Return original - return new AuthzReadOnlyTransaction(ro); - } - - @Override - public Map<Class<? extends DOMDataBrokerExtension>, DOMDataBrokerExtension> getSupportedExtensions() { - return domDataBroker.getSupportedExtensions(); - } - - @Override - public DOMDataReadWriteTransaction newReadWriteTransaction() { - // return new Authz transaction + inject real DOM Transaction - DOMDataReadWriteTransaction rw = domDataBroker.newReadWriteTransaction(); - return new AuthzDataReadWriteTransaction(rw); - } - - @Override - public DOMDataWriteTransaction newWriteOnlyTransaction() { - DOMDataWriteTransaction wo = domDataBroker.newWriteOnlyTransaction(); - return new AuthzWriteOnlyTransaction(wo); - } - - @Override - public ListenerRegistration<DOMDataChangeListener> registerDataChangeListener( - LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, - DOMDataChangeListener domDataChangeListener, DataChangeScope dataChangeScope) { - return domDataBroker.registerDataChangeListener(logicalDatastoreType, - yangInstanceIdentifier, domDataChangeListener, dataChangeScope); - } - - @Override - public DOMTransactionChain createTransactionChain( - TransactionChainListener transactionChainListener) { - return domDataBroker.createTransactionChain(transactionChainListener); - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java deleted file mode 100644 index dbfea6ed..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker; -import org.opendaylight.controller.sal.core.api.Broker; -import org.opendaylight.controller.sal.core.api.Broker.ProviderSession; -import org.opendaylight.controller.sal.core.api.BrokerService; -import org.opendaylight.controller.sal.core.spi.ForwardingProviderSession; - -/** - * Created by wdec on 28/08/2014. - */ -public class AuthzProviderContextImpl extends ForwardingProviderSession { - - private final Broker.ProviderSession realSession; - - public AuthzProviderContextImpl(Broker.ProviderSession providerSession, - AuthzBrokerImpl authzBroker) { - this.realSession = providerSession; - } - - @Override - protected ProviderSession delegate() { - // TODO Auto-generated method stub - return realSession; - } - - @Override - public <T extends BrokerService> T getService(Class<T> tClass) { - T t; - // Check for class and return Authz broker only for DOMBroker - if (tClass == DOMDataBroker.class) { - t = (T) AuthzDomDataBroker.getInstance(); - } else { - t = realSession.getService(tClass); - } - // AuthzDomDataBroker.getInstance().setDomDataBroker((DOMDataBroker)t); - return t; - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java deleted file mode 100644 index c46ffe7c..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import com.google.common.base.Optional; -import com.google.common.util.concurrent.CheckedFuture; -import com.google.common.util.concurrent.Futures; - -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException; -import org.opendaylight.controller.md.sal.dom.api.DOMDataReadOnlyTransaction; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; -import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode; - -/** - * Created by wdec on 28/08/2014. - */ - -public class AuthzReadOnlyTransaction implements DOMDataReadOnlyTransaction { - - private final DOMDataReadOnlyTransaction ro; - - public AuthzReadOnlyTransaction(DOMDataReadOnlyTransaction ro) { - this.ro = ro; - } - - @Override - public void close() { - ro.close(); - } - - @Override - public CheckedFuture<Optional<NormalizedNode<?, ?>>, ReadFailedException> read( - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Read)) { - return ro.read(logicalDatastoreType, yangInstanceIdentifier); - } - ReadFailedException e = new ReadFailedException("Authorization Failed"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public CheckedFuture<Boolean, ReadFailedException> exists( - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(ActionType.Exists)) { - return ro.exists(logicalDatastoreType, yangInstanceIdentifier); - } - ReadFailedException e = new ReadFailedException("Authorization Failed"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public Object getIdentifier() { - if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) { - return ro.getIdentifier(); - } - return null; - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java deleted file mode 100644 index fb344812..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import java.util.List; -import org.opendaylight.aaa.api.Authentication; -import org.opendaylight.aaa.api.AuthenticationService; -import org.opendaylight.controller.config.yang.config.aaa_authz.srv.Policies; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.AuthorizationResponseType; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; - -/** - * @author lmukkama Date: 9/2/14 - */ -public class AuthzServiceImpl { - - private static List<Policies> listPolicies; - - private static final String WILDCARD_TOKEN = "*"; - - public static boolean isAuthorized(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, ActionType actionType) { - - AuthorizationResponseType authorizationResponseType = AuthzServiceImpl.reqAuthorization( - actionType, logicalDatastoreType, yangInstanceIdentifier); - return authorizationResponseType.equals(AuthorizationResponseType.Authorized); - } - - public static boolean isAuthorized(ActionType actionType) { - AuthorizationResponseType authorizationResponseType = AuthzServiceImpl - .reqAuthorization(actionType); - return authorizationResponseType.equals(AuthorizationResponseType.Authorized); - } - - public static void setPolicies(List<Policies> policies) { - - AuthzServiceImpl.listPolicies = policies; - } - - public static AuthorizationResponseType reqAuthorization(ActionType actionType) { - - AuthenticationService authenticationService = AuthzDomDataBroker.getInstance() - .getAuthService(); - if (authenticationService != null && AuthzServiceImpl.listPolicies != null - && AuthzServiceImpl.listPolicies.size() > 0) { - Authentication authentication = authenticationService.get(); - if (authentication != null && authentication.roles() != null - && authentication.roles().size() > 0) { - return checkAuthorization(actionType, authentication); - } - } - return AuthorizationResponseType.NotAuthorized; - } - - public static AuthorizationResponseType reqAuthorization(ActionType actionType, - LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) { - - AuthenticationService authenticationService = AuthzDomDataBroker.getInstance() - .getAuthService(); - - if (authenticationService != null && AuthzServiceImpl.listPolicies != null - && AuthzServiceImpl.listPolicies.size() > 0) { - // Authentication Service exists. Can do authorization checks - Authentication authentication = authenticationService.get(); - - if (authentication != null && authentication.roles() != null - && authentication.roles().size() > 0) { - // Authentication claim object exists with atleast one role - return checkAuthorization(actionType, authentication, logicalDatastoreType, - yangInstanceIdentifier); - } - } - - return AuthorizationResponseType.Authorized; - } - - private static AuthorizationResponseType checkAuthorization(ActionType actionType, - Authentication authentication, LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier) { - - for (Policies policy : AuthzServiceImpl.listPolicies) { - - // Action type is compared as string, since its type is string in - // the config yang. Comparison is case insensitive - if (authentication.roles().contains(policy.getRole().getValue()) - && (policy.getResource().getValue().equals(WILDCARD_TOKEN) || policy - .getResource().getValue().equals(yangInstanceIdentifier.toString())) - && (policy.getAction().toLowerCase() - .equals(ActionType.Any.name().toLowerCase()) || actionType.name() - .toLowerCase().equals(policy.getAction().toLowerCase()))) { - - return AuthorizationResponseType.Authorized; - } - - } - - // For helium release we unauthorize other requests. - return AuthorizationResponseType.NotAuthorized; - } - - private static AuthorizationResponseType checkAuthorization(ActionType actionType, - Authentication authentication) { - - for (Policies policy : AuthzServiceImpl.listPolicies) { - if (authentication.roles().contains(policy.getRole().getValue()) - && (policy.getAction().equalsIgnoreCase(ActionType.Any.name()) || policy - .getAction().equalsIgnoreCase(actionType.name()))) { - return AuthorizationResponseType.Authorized; - } - } - return AuthorizationResponseType.NotAuthorized; - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java deleted file mode 100644 index 1123b928..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.authz.srv; - -import com.google.common.util.concurrent.CheckedFuture; -import com.google.common.util.concurrent.Futures; -import com.google.common.util.concurrent.ListenableFuture; - -import org.opendaylight.controller.md.sal.common.api.TransactionStatus; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException; -import org.opendaylight.controller.md.sal.dom.api.DOMDataWriteTransaction; -import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType; -import org.opendaylight.yangtools.yang.common.RpcResult; -import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier; -import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode; - -/** - * Created by wdec on 02/09/2014. - */ -public class AuthzWriteOnlyTransaction implements DOMDataWriteTransaction { - - private final DOMDataWriteTransaction domDataWriteTransaction; - - public AuthzWriteOnlyTransaction(DOMDataWriteTransaction wo) { - this.domDataWriteTransaction = wo; - } - - @Override - public void put(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Put)) { - domDataWriteTransaction.put(logicalDatastoreType, yangInstanceIdentifier, - normalizedNode); - } - } - - @Override - public void merge(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Merge)) { - domDataWriteTransaction.merge(logicalDatastoreType, yangInstanceIdentifier, - normalizedNode); - } - } - - @Override - public boolean cancel() { - if (AuthzServiceImpl.isAuthorized(ActionType.Cancel)) { - return domDataWriteTransaction.cancel(); - } - return false; - } - - @Override - public void delete(LogicalDatastoreType logicalDatastoreType, - YangInstanceIdentifier yangInstanceIdentifier) { - - if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier, - ActionType.Delete)) { - domDataWriteTransaction.delete(logicalDatastoreType, yangInstanceIdentifier); - } - } - - @Override - public CheckedFuture<Void, TransactionCommitFailedException> submit() { - if (AuthzServiceImpl.isAuthorized(ActionType.Submit)) { - return domDataWriteTransaction.submit(); - } - TransactionCommitFailedException e = new TransactionCommitFailedException( - "Unauthorized User"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Deprecated - @Override - public ListenableFuture<RpcResult<TransactionStatus>> commit() { - if (AuthzServiceImpl.isAuthorized(ActionType.Commit)) { - return domDataWriteTransaction.commit(); - } - TransactionCommitFailedException e = new TransactionCommitFailedException( - "Unauthorized User"); - return Futures.immediateFailedCheckedFuture(e); - } - - @Override - public Object getIdentifier() { - if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) { - return domDataWriteTransaction.getIdentifier(); - } - return null; - } -} |