2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.controller.web;
11 import java.util.List;
13 import javax.servlet.http.HttpServletRequest;
15 import org.opendaylight.controller.sal.authorization.UserLevel;
16 import org.opendaylight.controller.sal.utils.ServiceHelper;
17 import org.opendaylight.controller.sal.utils.Status;
18 import org.opendaylight.controller.sal.utils.StatusCode;
19 import org.opendaylight.controller.usermanager.IUserManager;
20 import org.opendaylight.controller.usermanager.UserConfig;
21 import org.springframework.stereotype.Controller;
22 import org.springframework.web.bind.annotation.PathVariable;
23 import org.springframework.web.bind.annotation.RequestMapping;
24 import org.springframework.web.bind.annotation.RequestMethod;
25 import org.springframework.web.bind.annotation.RequestParam;
26 import org.springframework.web.bind.annotation.ResponseBody;
28 import com.google.gson.Gson;
31 @RequestMapping("/admin")
32 public class DaylightWebAdmin {
36 @RequestMapping("/users")
38 public List<UserConfig> getUsers() {
39 IUserManager userManager = (IUserManager) ServiceHelper
40 .getGlobalInstance(IUserManager.class, this);
41 if (userManager == null) {
45 List<UserConfig> userConfList = userManager.getLocalUserList();
51 * Password in clear text, moving to HTTP/SSL soon
53 @RequestMapping(value = "/users", method = RequestMethod.POST)
55 public String saveLocalUserConfig(
56 @RequestParam(required = true) String json,
57 @RequestParam(required = true) String action,
58 HttpServletRequest request) {
60 IUserManager userManager = (IUserManager) ServiceHelper
61 .getGlobalInstance(IUserManager.class, this);
62 if (userManager == null) {
63 return "Internal Error";
66 if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
67 return "Operation not permitted";
70 Gson gson = new Gson();
71 UserConfig config = gson.fromJson(json, UserConfig.class);
73 Status result = (action.equals("add")) ? userManager
74 .addLocalUser(config) : userManager.removeLocalUser(config);
75 if(result.getCode().equals(StatusCode.SUCCESS)) {
76 String userAction=(action.equals("add")) ? "added":"removed";
77 DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), userAction, config.getUser());
80 return result.getDescription();
83 @RequestMapping(value = "/users/{username}", method = RequestMethod.POST)
85 public String removeLocalUser(@PathVariable("username") String userName,
86 HttpServletRequest request) {
88 String username = request.getUserPrincipal().getName();
89 if (username.equals(userName)) {
90 return "Invalid Request: User cannot delete itself";
93 IUserManager userManager = (IUserManager) ServiceHelper
94 .getGlobalInstance(IUserManager.class, this);
95 if (userManager == null) {
96 return "Internal Error";
99 if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
100 return "Operation not permitted";
103 Status result = userManager.removeLocalUser(userName);
104 if(result.getCode().equals(StatusCode.SUCCESS)) {
105 DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "removed", userName);
108 return result.getDescription();
111 @RequestMapping(value = "/users/password/{username}", method = RequestMethod.POST)
113 public Status changePassword(@PathVariable("username") String username, HttpServletRequest request,
114 @RequestParam("currentPassword") String currentPassword, @RequestParam("newPassword") String newPassword) {
115 IUserManager userManager = (IUserManager) ServiceHelper
116 .getGlobalInstance(IUserManager.class, this);
117 if (userManager == null) {
118 return new Status(StatusCode.GONE, "User Manager not found");
121 if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
122 return new Status(StatusCode.FORBIDDEN, "Operation not permitted");
125 if (newPassword.isEmpty()) {
126 return new Status(StatusCode.BADREQUEST, "Empty passwords not allowed");
129 Status status = userManager.changeLocalUserPassword(username, currentPassword, newPassword);
130 if(status.isSuccess()){
131 DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "changed password for", username);
137 * Is the operation permitted for the given level
141 private boolean authorize(IUserManager userManager, UserLevel level,
142 HttpServletRequest request) {
143 String username = request.getUserPrincipal().getName();
144 UserLevel userLevel = userManager.getUserLevel(username);
145 return userLevel.toNumber() <= level.toNumber();