diff options
Diffstat (limited to 'upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa')
7 files changed, 0 insertions, 1668 deletions
diff --git a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java b/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java deleted file mode 100644 index 6fcba5d6..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm; - -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; - -import javax.ws.rs.core.Application; - -import org.opendaylight.aaa.idm.rest.DomainHandler; -import org.opendaylight.aaa.idm.rest.RoleHandler; -import org.opendaylight.aaa.idm.rest.UserHandler; -import org.opendaylight.aaa.idm.rest.VersionHandler; - -/** - * A JAX-RS application for IdmLight. The REST endpoints delivered by this - * application are in the form: - * <code>http://{HOST}:{PORT}/auth/v1/</code> - * - * For example, the users REST endpoint is: - * <code>http://{HOST}:{PORT}/auth/v1/users</code> - * - * This application is responsible for interaction with the backing h2 - * database store. - * - * @author liemmn - * @author Ryan Goulding (ryandgoulding@gmail.com) - * @see <code>org.opendaylight.aaa.idm.rest.DomainHandler</code> - * @see <code>org.opendaylight.aaa.idm.rest.UserHandler</code> - * @see <code>org.opendaylight.aaa.idm.rest.RoleHandler</code> - */ -public class IdmLightApplication extends Application { - - //TODO create a bug to address the fact that the implementation assumes 128 - // as the max length, even though this claims 256. - /** - * The maximum field length for identity fields. - */ - public static final int MAX_FIELD_LEN = 256; - public IdmLightApplication() { - } - - @Override - public Set<Class<?>> getClasses() { - return new HashSet<Class<?>>(Arrays.asList(VersionHandler.class, - DomainHandler.class, - RoleHandler.class, - UserHandler.class)); - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java b/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java deleted file mode 100644 index d17d2b13..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm; - -import com.google.common.base.Preconditions; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; -import org.opendaylight.aaa.ClaimBuilder; -import org.opendaylight.aaa.api.AuthenticationException; -import org.opendaylight.aaa.api.Claim; -import org.opendaylight.aaa.api.CredentialAuth; -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.IIDMStore; -import org.opendaylight.aaa.api.IdMService; -import org.opendaylight.aaa.api.PasswordCredentials; -import org.opendaylight.aaa.api.SHA256Calculator; -import org.opendaylight.aaa.api.model.Domain; -import org.opendaylight.aaa.api.model.Grant; -import org.opendaylight.aaa.api.model.Grants; -import org.opendaylight.aaa.api.model.Role; -import org.opendaylight.aaa.api.model.User; -import org.opendaylight.aaa.api.model.Users; -import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * An OSGi proxy for the IdmLight server. - * - */ -public class IdmLightProxy implements CredentialAuth<PasswordCredentials>, IdMService { - - private static final Logger LOG = LoggerFactory.getLogger(IdmLightProxy.class); - - /** - * claimCache is responsible for storing the active claims per domain. The - * outer map is keyed by domain, and the inner map is keyed by - * <code>PasswordCredentials</code>. - */ - private static Map<String, Map<PasswordCredentials, Claim>> claimCache = new ConcurrentHashMap<>(); - - // adds a store for the default "sdn" domain - static { - claimCache.put(IIDMStore.DEFAULT_DOMAIN, - new ConcurrentHashMap<PasswordCredentials, Claim>()); - } - - @Override - public Claim authenticate(PasswordCredentials creds) { - Preconditions.checkNotNull(creds); - Preconditions.checkNotNull(creds.username()); - Preconditions.checkNotNull(creds.password()); - String domain = creds.domain() == null ? IIDMStore.DEFAULT_DOMAIN : creds.domain(); - // FIXME: Add cache invalidation - Map<PasswordCredentials, Claim> cache = claimCache.get(domain); - if (cache == null) { - cache = new ConcurrentHashMap<PasswordCredentials, Claim>(); - claimCache.put(domain, cache); - } - Claim claim = cache.get(creds); - if (claim == null) { - synchronized (claimCache) { - claim = cache.get(creds); - if (claim == null) { - claim = dbAuthenticate(creds); - if (claim != null) { - cache.put(creds, claim); - } - } - } - } - return claim; - } - - /** - * Clears the cache of any active claims. - */ - public static synchronized void clearClaimCache() { - LOG.info("Clearing the claim cache"); - for (Map<PasswordCredentials, Claim> cache : claimCache.values()) { - cache.clear(); - } - } - - private static Claim dbAuthenticate(PasswordCredentials creds) { - Domain domain = null; - User user = null; - String credsDomain = creds.domain() == null ? IIDMStore.DEFAULT_DOMAIN : creds.domain(); - // check to see domain exists - // TODO: ensure domain names are unique change to 'getDomain' - LOG.debug("get domain"); - try { - domain = AAAIDMLightModule.getStore().readDomain(credsDomain); - if (domain == null) { - throw new AuthenticationException("Domain :" + credsDomain + " does not exist"); - } - } catch (IDMStoreException e) { - throw new AuthenticationException("Error while fetching domain", e); - } - - // check to see user exists and passes cred check - try { - LOG.debug("check user / pwd"); - Users users = AAAIDMLightModule.getStore().getUsers(creds.username(), credsDomain); - List<User> userList = users.getUsers(); - if (userList.size() == 0) { - throw new AuthenticationException("User :" + creds.username() - + " does not exist in domain " + credsDomain); - } - user = userList.get(0); - if (!SHA256Calculator.getSHA256(creds.password(), user.getSalt()).equals( - user.getPassword())) { - throw new AuthenticationException("UserName / Password not found"); - } - - // get all grants & roles for this domain and user - LOG.debug("get grants"); - List<String> roles = new ArrayList<String>(); - Grants grants = AAAIDMLightModule.getStore().getGrants(domain.getDomainid(), - user.getUserid()); - List<Grant> grantList = grants.getGrants(); - for (int z = 0; z < grantList.size(); z++) { - Grant grant = grantList.get(z); - Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid()); - if (role != null) { - roles.add(role.getName()); - } - } - - // build up the claim - LOG.debug("build a claim"); - ClaimBuilder claim = new ClaimBuilder(); - claim.setUserId(user.getUserid().toString()); - claim.setUser(creds.username()); - claim.setDomain(credsDomain); - for (int z = 0; z < roles.size(); z++) { - claim.addRole(roles.get(z)); - } - return claim.build(); - } catch (IDMStoreException se) { - throw new AuthenticationException("idm data store exception :" + se.toString() + se); - } - } - - @Override - public List<String> listDomains(String userId) { - LOG.debug("list Domains for userId: {}", userId); - List<String> domains = new ArrayList<String>(); - try { - Grants grants = AAAIDMLightModule.getStore().getGrants(userId); - List<Grant> grantList = grants.getGrants(); - for (int z = 0; z < grantList.size(); z++) { - Grant grant = grantList.get(z); - Domain domain = AAAIDMLightModule.getStore().readDomain(grant.getDomainid()); - domains.add(domain.getName()); - } - return domains; - } catch (IDMStoreException se) { - LOG.warn("error getting domains ", se.toString(), se); - return domains; - } - - } - - @Override - public List<String> listRoles(String userId, String domainName) { - LOG.debug("listRoles"); - List<String> roles = new ArrayList<String>(); - - try { - // find domain name for specied domain name - String did = null; - try { - Domain domain = AAAIDMLightModule.getStore().readDomain(domainName); - if (domain == null) { - LOG.debug("DomainName: {}", domainName + " Not found!"); - return roles; - } - did = domain.getDomainid(); - } catch (IDMStoreException e) { - return roles; - } - - // find all grants for uid and did - Grants grants = AAAIDMLightModule.getStore().getGrants(did, userId); - List<Grant> grantList = grants.getGrants(); - for (int z = 0; z < grantList.size(); z++) { - Grant grant = grantList.get(z); - Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid()); - roles.add(role.getName()); - } - - return roles; - } catch (IDMStoreException se) { - LOG.warn("error getting roles ", se.toString(), se); - return roles; - } - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java b/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java deleted file mode 100644 index 111665c6..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm; - -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.IIDMStore; -import org.opendaylight.aaa.api.model.Domain; -import org.opendaylight.aaa.api.model.Grant; -import org.opendaylight.aaa.api.model.Role; -import org.opendaylight.aaa.api.model.User; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * StoreBuilder is triggered during feature installation by - * <code>AAAIDMLightModule.createInstance()</code>. StoreBuilder is responsible - * for initializing the H2 database with initial default user account - * information. By default, the following users are created: - * <ol> - * <li>admin</li> - * <li>user</li> - * </ol> - * - * By default, the following domain is created: - * <ol> - * <li>sdn</li> - * </ol> - * - * By default, the following grants are created: - * <ol> - * <li>admin with admin role on sdn</li> - * <li>admin with user role on sdn</li> - * <li>user with user role on sdn</li> - * </ol> - * - * @author peter.mellquist@hp.com - * @author saichler@cisco.com - */ -public class StoreBuilder { - - private static final Logger LOG = LoggerFactory.getLogger(StoreBuilder.class); - - public static void init(IIDMStore store) throws IDMStoreException { - LOG.info("creating idmlight schema in store"); - - // Check whether the default domain exists. If it exists, then do not - // create default data in the store. - // TODO Address the fact that someone may delete the sdn domain, or make - // sdn mandatory. - Domain defaultDomain = store.readDomain(IIDMStore.DEFAULT_DOMAIN); - if (defaultDomain != null) { - LOG.info("Found default domain in Store, skipping insertion of default data"); - return; - } - - // make domain - Domain domain = new Domain(); - User adminUser = new User(); - User userUser = new User(); - Role adminRole = new Role(); - Role userRole = new Role(); - domain.setEnabled(true); - domain.setName(IIDMStore.DEFAULT_DOMAIN); - domain.setDescription("default odl sdn domain"); - domain = store.writeDomain(domain); - - // Create default users - // "admin" user - adminUser.setEnabled(true); - adminUser.setName("admin"); - adminUser.setDomainid(domain.getDomainid()); - adminUser.setDescription("admin user"); - adminUser.setEmail(""); - adminUser.setPassword("admin"); - adminUser = store.writeUser(adminUser); - // "user" user - userUser.setEnabled(true); - userUser.setName("user"); - userUser.setDomainid(domain.getDomainid()); - userUser.setDescription("user user"); - userUser.setEmail(""); - userUser.setPassword("user"); - userUser = store.writeUser(userUser); - - // Create default Roles ("admin" and "user") - adminRole.setName("admin"); - adminRole.setDomainid(domain.getDomainid()); - adminRole.setDescription("a role for admins"); - adminRole = store.writeRole(adminRole); - userRole.setName("user"); - userRole.setDomainid(domain.getDomainid()); - userRole.setDescription("a role for users"); - userRole = store.writeRole(userRole); - - // Create default grants - Grant grant = new Grant(); - grant.setDomainid(domain.getDomainid()); - grant.setUserid(userUser.getUserid()); - grant.setRoleid(userRole.getRoleid()); - grant = store.writeGrant(grant); - - grant.setDomainid(domain.getDomainid()); - grant.setUserid(adminUser.getUserid()); - grant.setRoleid(userRole.getRoleid()); - grant = store.writeGrant(grant); - - grant.setDomainid(domain.getDomainid()); - grant.setUserid(adminUser.getUserid()); - grant.setRoleid(adminRole.getRoleid()); - grant = store.writeGrant(grant); - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java b/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java deleted file mode 100644 index 7ddc0748..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java +++ /dev/null @@ -1,591 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm.rest; - -import java.util.ArrayList; -import java.util.List; -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.model.Claim; -import org.opendaylight.aaa.api.model.Domain; -import org.opendaylight.aaa.api.model.Domains; -import org.opendaylight.aaa.api.model.Grant; -import org.opendaylight.aaa.api.model.Grants; -import org.opendaylight.aaa.api.model.IDMError; -import org.opendaylight.aaa.api.model.Role; -import org.opendaylight.aaa.api.model.Roles; -import org.opendaylight.aaa.api.model.User; -import org.opendaylight.aaa.api.model.UserPwd; -import org.opendaylight.aaa.api.model.Users; -import org.opendaylight.aaa.idm.IdmLightProxy; -import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * REST application used to manipulate the H2 database domains table. The REST - * endpoint is <code>/auth/v1/domains</code>. - * - * The following provides examples of curl commands and payloads to utilize the - * domains REST endpoint: - * - * <b>Get All Domains</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/domains</code> - * - * <b>Get A Specific Domain</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/domains/{id}</code> - * - * <b>Create A Domain</b> - * <code>curl -u admin:admin -X POST -H "Content-Type: application/json" --data-binary {@literal @}domain.json http://{HOST}:{PORT}/auth/v1/domains</code> - * Example domain.json <code>{ - * "description": "new domain", - * "enabled", "true", - * "name", "not sdn" - * }</code> - * - * <b>Update A Domain</b> - * <code>curl -u admin:admin -X PUT -H "Content-Type: application/json" --data-binary {@literal @}domain.json http://{HOST}:{PORT}/auth/v1/domains</code> - * Example domain.json <code>{ - * "description": "new domain description", - * "enabled", "true", - * "name", "not sdn" - * }</code> - * - * @author peter.mellquist@hp.com - * @author Ryan Goulding (ryandgoulding@gmail.com) - */ -@Path("/v1/domains") -public class DomainHandler { - - private static final Logger LOG = LoggerFactory.getLogger(DomainHandler.class); - - /** - * Extracts all domains. - * - * @return a response with all domains stored in the H2 database - */ - @GET - @Produces("application/json") - public Response getDomains() { - LOG.info("Get /domains"); - Domains domains = null; - try { - domains = AAAIDMLightModule.getStore().getDomains(); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domains"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - return Response.ok(domains).build(); - } - - /** - * Extracts the domain represented by <code>domainId</code>. - * - * @param domainId the string domain (i.e., "sdn") - * @return a response with the specified domain - */ - @GET - @Path("/{id}") - @Produces("application/json") - public Response getDomain(@PathParam("id") String domainId) { - LOG.info("Get /domains/{}", domainId); - Domain domain = null; - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - return Response.ok(domain).build(); - } - - /** - * Creates a domain. The name attribute is required for domain creation. - * Enabled and description fields are optional. Optional fields default - * in the following manner: - * <code>enabled</code>: <code>false</code> - * <code>description</code>: An empty string (<code>""</code>). - * - * @param info passed from Jersey - * @param domain designated by the REST payload - * @return A response stating success or failure of domain creation. - */ - @POST - @Consumes("application/json") - @Produces("application/json") - public Response createDomain(@Context UriInfo info, Domain domain) { - LOG.info("Post /domains"); - try { - if (domain.isEnabled() == null) { - domain.setEnabled(false); - } - if (domain.getName() == null) { - domain.setName(""); - } - if (domain.getDescription() == null) { - domain.setDescription(""); - } - domain = AAAIDMLightModule.getStore().writeDomain(domain); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error creating domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - return Response.status(201).entity(domain).build(); - } - - /** - * Updates a domain. - * - * @param info passed from Jersey - * @param domain the REST payload - * @param domainId the last part of the path, containing the specified domain id - * @return A response stating success or failure of domain update. - */ - @PUT - @Path("/{id}") - @Consumes("application/json") - @Produces("application/json") - public Response putDomain(@Context UriInfo info, Domain domain, @PathParam("id") String domainId) { - LOG.info("Put /domains/{}", domainId); - try { - domain.setDomainid(domainId); - domain = AAAIDMLightModule.getStore().updateDomain(domain); - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(200).entity(domain).build(); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error putting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - } - - /** - * Deletes a domain. - * - * @param info passed from Jersey - * @param domainId the last part of the path, containing the specified domain id - * @return A response stating success or failure of domain deletion. - */ - @DELETE - @Path("/{id}") - public Response deleteDomain(@Context UriInfo info, @PathParam("id") String domainId) { - LOG.info("Delete /domains/{}", domainId); - - try { - Domain domain = AAAIDMLightModule.getStore().deleteDomain(domainId); - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error deleting Domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(204).build(); - } - - /** - * Creates a grant. A grant defines the role a particular user is given on - * a particular domain. For example, by default, AAA installs a grant for - * the "admin" user, granting permission to act with "admin" role on the - * "sdn" domain. - * - * @param info passed from Jersey - * @param domainId the domain the user is allowed to access - * @param userId the user that is allowed to access the domain - * @param grant the payload containing role access controls - * @return A response stating success or failure of grant creation. - */ - @POST - @Path("/{did}/users/{uid}/roles") - @Consumes("application/json") - @Produces("application/json") - public Response createGrant(@Context UriInfo info, @PathParam("did") String domainId, - @PathParam("uid") String userId, Grant grant) { - LOG.info("Post /domains/{}/users/{}/roles", domainId, userId); - Domain domain = null; - User user = null; - Role role = null; - String roleId = null; - - // validate domain id - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - grant.setDomainid(domainId); - - try { - user = AAAIDMLightModule.getStore().readUser(userId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting user"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (user == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! User id :" + userId); - return Response.status(404).entity(idmerror).build(); - } - grant.setUserid(userId); - - // validate role id - try { - roleId = grant.getRoleid(); - LOG.info("roleid = {}", roleId); - } catch (NumberFormatException nfe) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Invalid Role id :" + grant.getRoleid()); - return Response.status(404).entity(idmerror).build(); - } - try { - role = AAAIDMLightModule.getStore().readRole(roleId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting role"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (role == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! role :" + grant.getRoleid()); - return Response.status(404).entity(idmerror).build(); - } - - // see if grant already exists for this - try { - Grant existingGrant = AAAIDMLightModule.getStore().readGrant(domainId, userId, roleId); - if (existingGrant != null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Grant already exists for did:" + domainId + " uid:" + userId - + " rid:" + roleId); - return Response.status(403).entity(idmerror).build(); - } - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error creating grant"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - // create grant - try { - grant = AAAIDMLightModule.getStore().writeGrant(grant); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error creating grant"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - IdmLightProxy.clearClaimCache(); - return Response.status(201).entity(grant).build(); - } - - /** - * Used to validate user access. - * - * @param info passed from Jersey - * @param domainId the domain in question - * @param userpwd the password attempt - * @return A response stating success or failure of user validation. - */ - @POST - @Path("/{did}/users/roles") - @Consumes("application/json") - @Produces("application/json") - public Response validateUser(@Context UriInfo info, @PathParam("did") String domainId, - UserPwd userpwd) { - - LOG.info("GET /domains/{}/users", domainId); - Domain domain = null; - Claim claim = new Claim(); - List<Role> roleList = new ArrayList<Role>(); - - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - - // check request body for username and pwd - String username = userpwd.getUsername(); - if (username == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("username not specfied in request body"); - return Response.status(400).entity(idmerror).build(); - } - String pwd = userpwd.getUserpwd(); - if (pwd == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("userpwd not specfied in request body"); - return Response.status(400).entity(idmerror).build(); - } - - // find userid for user - try { - Users users = AAAIDMLightModule.getStore().getUsers(username, domainId); - List<User> userList = users.getUsers(); - if (userList.size() == 0) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("did not find username: " + username); - return Response.status(404).entity(idmerror).build(); - } - User user = userList.get(0); - String userPwd = user.getPassword(); - String reqPwd = userpwd.getUserpwd(); - if (!userPwd.equals(reqPwd)) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("password does not match for username: " + username); - return Response.status(401).entity(idmerror).build(); - } - claim.setDomainid(domainId); - claim.setUsername(username); - claim.setUserid(user.getUserid()); - try { - Grants grants = AAAIDMLightModule.getStore().getGrants(domainId, user.getUserid()); - List<Grant> grantsList = grants.getGrants(); - for (int i = 0; i < grantsList.size(); i++) { - Grant grant = grantsList.get(i); - Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid()); - roleList.add(role); - } - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting Roles"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - claim.setRoles(roleList); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting user"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - return Response.ok(claim).build(); - } - - /** - * Get the grants for a user on a domain. - * - * @param info passed from Jersey - * @param domainId the domain in question - * @param userId the user in question - * @return A response containing the grants for a user on a domain. - */ - @GET - @Path("/{did}/users/{uid}/roles") - @Produces("application/json") - public Response getRoles(@Context UriInfo info, @PathParam("did") String domainId, - @PathParam("uid") String userId) { - LOG.info("GET /domains/{}/users/{}/roles", domainId, userId); - Domain domain = null; - User user = null; - Roles roles = new Roles(); - List<Role> roleList = new ArrayList<Role>(); - - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - - try { - user = AAAIDMLightModule.getStore().readUser(userId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting user"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (user == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! User id :" + userId); - return Response.status(404).entity(idmerror).build(); - } - - try { - Grants grants = AAAIDMLightModule.getStore().getGrants(domainId, userId); - List<Grant> grantsList = grants.getGrants(); - for (int i = 0; i < grantsList.size(); i++) { - Grant grant = grantsList.get(i); - Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid()); - roleList.add(role); - } - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting Roles"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - roles.setRoles(roleList); - return Response.ok(roles).build(); - } - - /** - * Delete a grant. - * - * @param info passed from Jersey - * @param domainId the domain for the grant - * @param userId the user for the grant - * @param roleId the role for the grant - * @return A response stating success or failure of the grant deletion. - */ - @DELETE - @Path("/{did}/users/{uid}/roles/{rid}") - public Response deleteGrant(@Context UriInfo info, @PathParam("did") String domainId, - @PathParam("uid") String userId, @PathParam("rid") String roleId) { - Domain domain = null; - User user = null; - Role role = null; - - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("Error deleting Grant : ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - - try { - user = AAAIDMLightModule.getStore().readUser(userId); - } catch (IDMStoreException se) { - LOG.error("StoreException : ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting user"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (user == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! User id :" + userId); - return Response.status(404).entity(idmerror).build(); - } - - try { - role = AAAIDMLightModule.getStore().readRole(roleId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting Role"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (role == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Role id :" + roleId); - return Response.status(404).entity(idmerror).build(); - } - - // see if grant already exists - try { - Grant existingGrant = AAAIDMLightModule.getStore().readGrant(domainId, userId, roleId); - if (existingGrant == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Grant does not exist for did:" + domainId + " uid:" + userId - + " rid:" + roleId); - return Response.status(404).entity(idmerror).build(); - } - existingGrant = AAAIDMLightModule.getStore().deleteGrant(existingGrant.getGrantid()); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error creating grant"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(204).build(); - } - -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java b/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java deleted file mode 100644 index 34a60c0c..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm.rest; - -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.model.IDMError; -import org.opendaylight.aaa.api.model.Role; -import org.opendaylight.aaa.api.model.Roles; -import org.opendaylight.aaa.idm.IdmLightApplication; -import org.opendaylight.aaa.idm.IdmLightProxy; -import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * REST application used to manipulate the H2 database roles table. The REST - * endpoint is <code>/auth/v1/roles</code>. - * - * The following provides examples of curl commands and payloads to utilize the - * roles REST endpoint: - * - * <b>Get All Roles</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/roles</code> - * - * <b>Get A Specific Role</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/roles/{id}</code> - * - * <b>Create A Role</b> - * <code>curl -u admin:admin -X POST -H "Content-Type: application/json" --data-binary {@literal @}role.json http://{HOST}:{PORT}/auth/v1/roles</code> - * An example of role.json: - * <code>{ - * "name":"IT Administrator", - * "description":"A user role for IT admins" - * }</code> - * - * <b>Update A Role</b> - * <code>curl -u admin:admin -X PUT -H "Content-Type: application/json" --data-binary {@literal @}role.json http://{HOST}:{PORT}/auth/v1/roles/{id}</code> - * An example of role.json: - * <code>{ - * "name":"IT Administrator Limited", - * "description":"A user role for IT admins who can only do one thing" - * }</code> - * - * @author peter.mellquist@hp.com - * @author Ryan Goulding (ryandgoulding@gmail.com) - */ -@Path("/v1/roles") -public class RoleHandler { - private static final Logger LOG = LoggerFactory.getLogger(RoleHandler.class); - - /** - * Extracts all roles. - * - * @return A response with all roles in the H2 database, or internal error if one is encountered - */ - @GET - @Produces("application/json") - public Response getRoles() { - LOG.info("get /roles"); - Roles roles = null; - try { - roles = AAAIDMLightModule.getStore().getRoles(); - } catch (IDMStoreException se) { - return new IDMError(500, "internal error getting roles", se.getMessage()).response(); - } - return Response.ok(roles).build(); - } - - /** - * Extract a specific role identified by <code>id</code> - * - * @param id the String id for the role - * @return A response with the role identified by <code>id</code>, or internal error if one is encountered - */ - @GET - @Path("/{id}") - @Produces("application/json") - public Response getRole(@PathParam("id") String id) { - LOG.info("get /roles/{}", id); - Role role = null; - - try { - role = AAAIDMLightModule.getStore().readRole(id); - } catch (IDMStoreException se) { - return new IDMError(500, "internal error getting roles", se.getMessage()).response(); - } - - if (role == null) { - return new IDMError(404, "role not found id :" + id, "").response(); - } - return Response.ok(role).build(); - } - - /** - * Creates a role. - * - * @param info passed from Jersey - * @param role the role JSON payload - * @return A response stating success or failure of role creation, or internal error if one is encountered - */ - @POST - @Consumes("application/json") - @Produces("application/json") - public Response createRole(@Context UriInfo info, Role role) { - LOG.info("Post /roles"); - try { - // TODO: role names should be unique! - // name - if (role.getName() == null) { - return new IDMError(404, "name must be defined on role create", "").response(); - } else if (role.getName().length() > IdmLightApplication.MAX_FIELD_LEN) { - return new IDMError(400, "role name max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - // domain - if (role.getDomainid() == null) { - return new IDMError(404, - "The role's domain must be defined on role when creating a role.", "") - .response(); - } else if (role.getDomainid().length() > IdmLightApplication.MAX_FIELD_LEN) { - return new IDMError(400, "role domain max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - // description - if (role.getDescription() == null) { - role.setDescription(""); - } else if (role.getDescription().length() > IdmLightApplication.MAX_FIELD_LEN) { - return new IDMError(400, "role description max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - role = AAAIDMLightModule.getStore().writeRole(role); - } catch (IDMStoreException se) { - return new IDMError(500, "internal error creating role", se.getMessage()).response(); - } - - return Response.status(201).entity(role).build(); - } - - /** - * Updates a specific role identified by <code>id</code>. - * - * @param info passed from Jersey - * @param role the role JSON payload - * @param id the String id for the role - * @return A response stating success or failure of role update, or internal error if one occurs - */ - @PUT - @Path("/{id}") - @Consumes("application/json") - @Produces("application/json") - public Response putRole(@Context UriInfo info, Role role, @PathParam("id") String id) { - LOG.info("put /roles/{}", id); - - try { - role.setRoleid(id); - - // name - // TODO: names should be unique - if ((role.getName() != null) - && (role.getName().length() > IdmLightApplication.MAX_FIELD_LEN)) { - return new IDMError(400, "role name max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - // description - if ((role.getDescription() != null) - && (role.getDescription().length() > IdmLightApplication.MAX_FIELD_LEN)) { - return new IDMError(400, "role description max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - role = AAAIDMLightModule.getStore().updateRole(role); - if (role == null) { - return new IDMError(404, "role id not found :" + id, "").response(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(200).entity(role).build(); - } catch (IDMStoreException se) { - return new IDMError(500, "internal error putting role", se.getMessage()).response(); - } - } - - /** - * Delete a role. - * - * @param info passed from Jersey - * @param id the String id for the role - * @return A response stating success or failure of user deletion, or internal error if one occurs - */ - @DELETE - @Path("/{id}") - public Response deleteRole(@Context UriInfo info, @PathParam("id") String id) { - LOG.info("Delete /roles/{}", id); - - try { - Role role = AAAIDMLightModule.getStore().deleteRole(id); - if (role == null) { - return new IDMError(404, "role id not found :" + id, "").response(); - } - } catch (IDMStoreException se) { - return new IDMError(500, "internal error deleting role", se.getMessage()).response(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(204).build(); - } - -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java b/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java deleted file mode 100644 index 1649faa2..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm.rest; - -import java.util.Collection; - -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.model.IDMError; -import org.opendaylight.aaa.api.model.User; -import org.opendaylight.aaa.api.model.Users; -import org.opendaylight.aaa.idm.IdmLightApplication; -import org.opendaylight.aaa.idm.IdmLightProxy; -import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * REST application used to manipulate the H2 database users table. The REST - * endpoint is <code>/auth/v1/users</code>. - * - * The following provides examples of how curl commands and payloads to utilize - * the users REST endpoint: - * - * <b>Get All Users</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/users</code> - * - * <b>Get A Specific User</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/users/{id}</code> - * - * <b>Create A User</b> - * <code>curl -u admin:admin -X POST -H "Content-type: application/json" --data-binary {@literal @}user.json http://{HOST}:{PORT}/auth/v1/users</code> - * An example of user.json file is: - * <code>{ - * "name": "admin2", - * "password", "admin2", - * "domain": "sdn" - * }</code> - * - * <b>Update A User</b> - * <code>curl -u admin:admin -X PUT -H "Content-type: application/json" --data-binary {@literal @}user.json http://{HOST}:{PORT}/auth/v1/users/{id}</code> - * An example of user.json file is: - * <code>{ - * "name": "admin2", - * "password", "admin2", - * "domain": "sdn", - * "description", "Simple description." - * }</code> - * - * <b>Delete A User</b> - * <code>curl -u admin:admin -X DELETE http://{HOST}:{PORT}/auth/v1/users/{id}</code> - * - * @author peter.mellquist@hp.com - * @author Ryan Goulding (ryandgoulding@gmail.com) - */ -@Path("/v1/users") -public class UserHandler { - - private static final Logger LOG = LoggerFactory.getLogger(UserHandler.class); - - /** - * If a user is created through the <code>/auth/v1/users</code> rest - * endpoint without a password, the default password is assigned to the - * user. - */ - private final static String DEFAULT_PWD = "changeme"; - - /** - * When an HTTP GET is performed on <code>/auth/v1/users</code>, the - * password field is replaced with <code>REDACTED_PASSWORD</code> for - * security reasons. - */ - private static final String REDACTED_PASSWORD = "**********"; - - /** - * When an HTTP GET is performed on <code>/auth/v1/users</code>, the salt - * field is replaced with <code>REDACTED_SALT</code> for security reasons. - */ - private static final String REDACTED_SALT = "**********"; - - /** - * When creating a user, the description is optional and defaults to an - * empty string. - */ - private static final String DEFAULT_DESCRIPTION = ""; - - /** - * When creating a user, the email is optional and defaults to an empty - * string. - */ - private static final String DEFAULT_EMAIL = ""; - - /** - * Extracts all users. The password and salt fields are redacted for - * security reasons. - * - * @return A response containing the users, or internal error if one occurs - */ - @GET - @Produces("application/json") - public Response getUsers() { - LOG.info("GET /auth/v1/users (extracts all users)"); - - try { - final Users users = AAAIDMLightModule.getStore().getUsers(); - - // Redact the password and salt for security purposes. - final Collection<User> usersList = users.getUsers(); - for (User user : usersList) { - redactUserPasswordInfo(user); - } - - return Response.ok(users).build(); - } catch (IDMStoreException se) { - return internalError("getting", se); - } - } - - /** - * Extracts the user represented by <code>id</code>. The password and salt - * fields are redacted for security reasons. - * - * @param id the unique id of representing the user account - * @return A response with the user information, or internal error if one occurs - */ - @GET - @Path("/{id}") - @Produces("application/json") - public Response getUser(@PathParam("id") String id) { - LOG.info("GET auth/v1/users/ {} (extract user with specified id)", id); - - try { - final User user = AAAIDMLightModule.getStore().readUser(id); - - if (user == null) { - final String error = "user not found! id: " + id; - return new IDMError(404, error, "").response(); - } - - // Redact the password and salt for security purposes. - redactUserPasswordInfo(user); - - return Response.ok(user).build(); - } catch (IDMStoreException se) { - return internalError("getting", se); - } - } - - /** - * REST endpoint to create a user. Name and domain are required attributes, - * and all other fields (description, email, password, enabled) are - * optional. Optional fields default in the following manner: - * <code>description</code>: An empty string (<code>""</code>). - * <code>email</code>: An empty string (<code>""</code>). - * <code>password</code>: <code>changeme</code> <code>enabled</code>: - * <code>true</code> - * - * If a password is not provided, please ensure you change the default - * password ASAP for security reasons! - * - * @param info passed from Jersey - * @param user the user defined in the JSON payload - * @return A response stating success or failure of user creation - */ - @POST - @Consumes("application/json") - @Produces("application/json") - public Response createUser(@Context UriInfo info, User user) { - LOG.info("POST /auth/v1/users (create a user with the specified payload"); - - // The "enabled" field is optional, and defaults to true. - if (user.isEnabled() == null) { - user.setEnabled(true); - } - - // The "name" field is required. - final String userName = user.getName(); - if (userName == null) { - return missingRequiredField("name"); - } - // The "name" field has a maximum length. - if (userName.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("name", IdmLightApplication.MAX_FIELD_LEN); - } - - // The "domain field is required. - final String domainId = user.getDomainid(); - if (domainId == null) { - return missingRequiredField("domain"); - } - // The "domain" field has a maximum length. - if (domainId.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("domain", IdmLightApplication.MAX_FIELD_LEN); - } - - // The "description" field is optional and defaults to "". - final String userDescription = user.getDescription(); - if (userDescription == null) { - user.setDescription(DEFAULT_DESCRIPTION); - } - // The "description" field has a maximum length. - if (userDescription.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("description", IdmLightApplication.MAX_FIELD_LEN); - } - - // The "email" field is optional and defaults to "". - final String userEmail = user.getEmail(); - if (userEmail == null) { - user.setEmail(DEFAULT_EMAIL); - } - if (userEmail.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("email", IdmLightApplication.MAX_FIELD_LEN); - } - // TODO add a check on email format here. - - // The "password" field is optional and defautls to "changeme". - final String userPassword = user.getPassword(); - if (userPassword == null) { - user.setPassword(DEFAULT_PWD); - } else if (userPassword.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("password", IdmLightApplication.MAX_FIELD_LEN); - } - - try { - // At this point, fields have been properly verified. Create the - // user account - final User createdUser = AAAIDMLightModule.getStore().writeUser(user); - user.setUserid(createdUser.getUserid()); - } catch (IDMStoreException se) { - return internalError("creating", se); - } - - // Redact the password and salt for security reasons. - redactUserPasswordInfo(user); - // TODO report back to the client a warning message to change the - // default password if none was specified. - return Response.status(201).entity(user).build(); - } - - /** - * REST endpoint to update a user account. - * - * @param info passed from Jersey - * @param user the user defined in the JSON payload - * @param id the unique id for the user that will be updated - * @return A response stating success or failure of the user update - */ - @PUT - @Path("/{id}") - @Consumes("application/json") - @Produces("application/json") - public Response putUser(@Context UriInfo info, User user, @PathParam("id") String id) { - - LOG.info("PUT /auth/v1/users/{} (Updates a user account)", id); - - try { - user.setUserid(id); - - if (checkInputFieldLength(user.getPassword())) { - return providedFieldTooLong("password", IdmLightApplication.MAX_FIELD_LEN); - } - - if (checkInputFieldLength(user.getName())) { - return providedFieldTooLong("name", IdmLightApplication.MAX_FIELD_LEN); - } - - if (checkInputFieldLength(user.getDescription())) { - return providedFieldTooLong("description", IdmLightApplication.MAX_FIELD_LEN); - } - - if (checkInputFieldLength(user.getEmail())) { - return providedFieldTooLong("email", IdmLightApplication.MAX_FIELD_LEN); - } - - if (checkInputFieldLength(user.getDomainid())) { - return providedFieldTooLong("domain", IdmLightApplication.MAX_FIELD_LEN); - } - - user = AAAIDMLightModule.getStore().updateUser(user); - if (user == null) { - return new IDMError(404, String.format("User not found for id %s", id), "").response(); - } - - IdmLightProxy.clearClaimCache(); - - // Redact the password and salt for security reasons. - redactUserPasswordInfo(user); - return Response.status(200).entity(user).build(); - } catch (IDMStoreException se) { - return internalError("updating", se); - } - } - - /** - * REST endpoint to delete a user account. - * - * @param info passed from Jersey - * @param id the unique id of the user which is being deleted - * @return A response stating success or failure of user deletion - */ - @DELETE - @Path("/{id}") - public Response deleteUser(@Context UriInfo info, @PathParam("id") String id) { - LOG.info("DELETE /auth/v1/users/{} (Delete a user account)", id); - - try { - final User user = AAAIDMLightModule.getStore().deleteUser(id); - - if (user == null) { - return new IDMError(404, - String.format("Error deleting user. " + - "Couldn't find user with id %s", id), - "").response(); - } - } catch (IDMStoreException se) { - return internalError("deleting", se); - } - - // Successfully deleted the user; report success to the client. - IdmLightProxy.clearClaimCache(); - return Response.status(204).build(); - } - - /** - * Creates a <code>Response</code> related to an internal server error. - * - * @param verbal such as "creating", "deleting", "updating" - * @param e The exception, which is propagated in the response - * @return A response containing internal error with specific reasoning - */ - private Response internalError(final String verbal, final Exception e) { - LOG.error("There was an internal error {} the user", verbal, e); - return new IDMError(500, - String.format("There was an internal error %s the user", verbal), - e.getMessage()).response(); - } - - /** - * Creates a <code>Response</code> related to the user not providing a - * required field. - * - * @param fieldName the name of the field which is missing - * @return A response explaining that the request is missing a field - */ - private Response missingRequiredField(final String fieldName) { - - return new IDMError(400, - String.format("%s is required to create the user account. " + - "Please provide a %s in your payload.", fieldName, fieldName), - "").response(); - } - - /** - * Creates a <code>Response</code> related to the user providing a field - * that is too long. - * - * @param fieldName the name of the field that is too long - * @param maxFieldLength the maximum length of <code>fieldName</code> - * @return A response containing the bad field and the maximum field length - */ - private Response providedFieldTooLong(final String fieldName, final int maxFieldLength) { - - return new IDMError(400, - getProvidedFieldTooLongMessage(fieldName, maxFieldLength), - "").response(); - } - - /** - * Creates the client-facing message related to the user providing a field - * that is too long. - * - * @param fieldName the name of the field that is too long - * @param maxFieldLength the maximum length of <code>fieldName</code> - * @return - */ - private static String getProvidedFieldTooLongMessage(final String fieldName, - final int maxFieldLength) { - - return String.format("The provided {} field is too long. " + - "The max length is {}.", fieldName, maxFieldLength); - } - - /** - * Prepares a user account for output by redacting the appropriate fields. - * This method side-effects the <code>user</code> parameter. - * - * @param user the user account which will have fields redacted - */ - private static void redactUserPasswordInfo(final User user) { - user.setPassword(REDACTED_PASSWORD); - user.setSalt(REDACTED_SALT); - } - - /** - * Validate the input field length - * - * @param inputField - * @return true if input field bigger than the MAX_FIELD_LEN - */ - private boolean checkInputFieldLength(final String inputField) { - return inputField != null && (inputField.length() > IdmLightApplication.MAX_FIELD_LEN); - } -} diff --git a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java b/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java deleted file mode 100644 index f865162a..00000000 --- a/upstream/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm.rest; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; - -import org.opendaylight.aaa.api.model.Version; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * - * @author peter.mellquist@hp.com - * - */ -@Deprecated -@Path("/") -public class VersionHandler { - private static final Logger LOG = LoggerFactory.getLogger(VersionHandler.class);; - - protected static String CURRENT_VERSION = "v1"; - protected static String LAST_UPDATED = "2014-04-18T18:30:02.25Z"; - protected static String CURRENT_STATUS = "CURRENT"; - - @GET - @Produces("application/json") - public Version getVersion(@Context HttpServletRequest request) { - LOG.info("Get /"); - Version version = new Version(); - version.setId(CURRENT_VERSION); - version.setUpdated(LAST_UPDATED); - version.setStatus(CURRENT_STATUS); - return version; - } - -} |