X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=opendaylight%2Fweb%2Froot%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fweb%2FDaylightWebAdmin.java;h=4c8a6b8439f2b18482a848605e1f5e234a27f8cd;hb=03abf047ba966c53f4901d36ae5198156d66dc05;hp=3b0b85c065cc8cf2de88205525aaaf6f89e84868;hpb=a8c1facc16de70e7ca2bcfd7a94d75f590c2fca4;p=controller.git diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java index 3b0b85c065..4c8a6b8439 100644 --- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java +++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java @@ -15,6 +15,7 @@ import java.util.List; import java.util.Set; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; import org.opendaylight.controller.clustering.services.IClusterGlobalServices; import org.opendaylight.controller.connectionmanager.IConnectionManager; @@ -45,6 +46,7 @@ public class DaylightWebAdmin { /** * Returns list of clustered controllers. Highlights "this" controller and * if controller is coordinator + * * @return List */ @RequestMapping("/cluster") @@ -55,15 +57,29 @@ public class DaylightWebAdmin { if (clusterServices == null) { return null; } + IConnectionManager connectionManager = (IConnectionManager) ServiceHelper.getGlobalInstance( + IConnectionManager.class, this); + if (connectionManager == null) { + return null; + } List clusterNodes = new ArrayList(); List controllers = clusterServices.getClusteredControllers(); for (InetAddress controller : controllers) { ClusterNodeBean.Builder clusterBeanBuilder = new ClusterNodeBean.Builder(controller); + + // get number of connected nodes + Set connectedNodes = connectionManager.getNodes(controller); + int numNodes = connectedNodes == null ? 0 : connectedNodes.size(); + clusterBeanBuilder.nodesConnected(numNodes); + + // determine if this is the executing controller if (controller.equals(clusterServices.getMyAddress())) { clusterBeanBuilder.highlightMe(); } + + // determine whether this is coordinator if (clusterServices.getCoordinatorAddress().equals(controller)) { clusterBeanBuilder.iAmCoordinator(); } @@ -75,6 +91,7 @@ public class DaylightWebAdmin { /** * Return nodes connected to controller {controller} + * * @param controller * - byte[] of the address of the controller * @return List @@ -126,17 +143,22 @@ public class DaylightWebAdmin { return gson.toJson(result); } - @RequestMapping("/users") + @RequestMapping(value = "/users", method = RequestMethod.GET) @ResponseBody - public List getUsers() { + public List getUsers() { IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); if (userManager == null) { return null; } - List userConfList = userManager.getLocalUserList(); + List result = new ArrayList(); + List configs = userManager.getLocalUserList(); + for (UserConfig config : configs) { + UserBean bean = new UserBean(config); + result.add(bean); + } - return userConfList; + return result; } /* @@ -144,82 +166,175 @@ public class DaylightWebAdmin { */ @RequestMapping(value = "/users", method = RequestMethod.POST) @ResponseBody - public String saveLocalUserConfig(@RequestParam(required = true) String json, + public Status saveLocalUserConfig(@RequestParam(required = true) String json, @RequestParam(required = true) String action, HttpServletRequest request) { IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); if (userManager == null) { - return "Internal Error"; + return new Status(StatusCode.NOSERVICE, "User Manager unavailable"); } if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) { - return "Operation not permitted"; + return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted"); } Gson gson = new Gson(); - UserConfig config = gson.fromJson(json, UserConfig.class); + UserConfig plainConfig = gson.fromJson(json, UserConfig.class); + // Recreate using the proper constructor which will hash the password + UserConfig config = new UserConfig(plainConfig.getUser(), plainConfig.getPassword(), plainConfig.getRoles()); Status result = (action.equals("add")) ? userManager.addLocalUser(config) : userManager.removeLocalUser(config); if (result.isSuccess()) { - String userAction = (action.equals("add")) ? "added" : "removed"; - DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), userAction, config.getUser()); - return "Success"; + if (action.equals("add")) { + DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "added", config.getUser() + + " as " + config.getRoles().toString()); + } else { + DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "removed", config.getUser()); + } } - return result.getDescription(); + return result; } + @RequestMapping(value = "/user/modify", method = RequestMethod.POST) + @ResponseBody + public Status modifyUser(@RequestParam(required = true) String json, + @RequestParam(required = true) String action, HttpServletRequest request) { + + IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); + if (userManager == null) { + return new Status(StatusCode.NOSERVICE, "User Manager unavailable"); + } + + if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) { + return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted"); + } + + UserConfig newConfig = gson.fromJson(json, UserConfig.class); + List currentUserConfig = userManager.getLocalUserList(); + String password = null; + String user = newConfig.getUser(); + for (UserConfig userConfig : currentUserConfig) { + if(userConfig.getUser().equals(user)){ + password = userConfig.getPassword(); + break; + } + } + if (password == null) { + String msg = String.format("User %s not found in configuration database", user); + return new Status(StatusCode.NOTFOUND, msg); + } + + //While modifying a user role, the password is not provided from GUI for any user. + //The password is stored in hash mode, hence it cannot be retrieved and added to UserConfig object + //The hashed password is injected below to the json string containing username and new roles before + //converting to UserConfig object. + json = json.replace("\"roles\"", "\"password\":\""+ password + "\",\"roles\""); + Gson gson = new Gson(); + newConfig = gson.fromJson(json, UserConfig.class); + + Status result = userManager.modifyLocalUser(newConfig); + if (result.isSuccess()) { + DaylightWebUtil.auditlog("Roles of", request.getUserPrincipal().getName(), "updated", newConfig.getUser() + + " to " + newConfig.getRoles().toString()); + } + return result; + } + + @RequestMapping(value = "/users/{username}", method = RequestMethod.POST) @ResponseBody - public String removeLocalUser(@PathVariable("username") String userName, HttpServletRequest request) { + public Status removeLocalUser(@PathVariable("username") String userName, HttpServletRequest request) { - String username = request.getUserPrincipal().getName(); - if (username.equals(userName)) { - return "Invalid Request: User cannot delete itself"; + String loggedInUser = request.getUserPrincipal().getName(); + if (loggedInUser.equals(userName)) { + String msg = "Invalid Request: User cannot delete itself"; + return new Status(StatusCode.NOTALLOWED, msg); } IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); if (userManager == null) { - return "Internal Error"; + return new Status(StatusCode.NOSERVICE, "User Manager unavailable"); } if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) { - return "Operation not permitted"; + return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted"); } - Status result = userManager.removeLocalUser(userName); - if (result.isSuccess()) { + Status status = userManager.removeLocalUser(userName); + if (status.isSuccess()) { DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "removed", userName); - return "Success"; + return status; } - return result.getDescription(); + return status; } @RequestMapping(value = "/users/password/{username}", method = RequestMethod.POST) @ResponseBody - public Status changePassword(@PathVariable("username") String username, HttpServletRequest request, - @RequestParam("currentPassword") String currentPassword, @RequestParam("newPassword") String newPassword) { + public Status changePassword( + @PathVariable("username") String username, HttpServletRequest request, + @RequestParam(value = "currentPassword", required=false) String currentPassword, + @RequestParam("newPassword") String newPassword) { IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); if (userManager == null) { - return new Status(StatusCode.GONE, "User Manager not found"); + return new Status(StatusCode.NOSERVICE, "User Manager unavailable"); } - if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) { - return new Status(StatusCode.FORBIDDEN, "Operation not permitted"); - } + Status status; + String requestingUser = request.getUserPrincipal().getName(); + + //changing own password + if (requestingUser.equals(username) ) { + status = userManager.changeLocalUserPassword(username, currentPassword, newPassword); + //enforce the user to re-login with new password + if (status.isSuccess() && !newPassword.equals(currentPassword)) { + userManager.userLogout(username); + HttpSession session = request.getSession(false); + if ( session != null) { + session.invalidate(); + } + } + + //admin level user resetting other's password + } else if (authorize(userManager, UserLevel.NETWORKADMIN, request)) { + + //Since User Manager doesn't have an unprotected password change API, + //we re-create the user with the new password (and current roles). + List roles = userManager.getUserRoles(username); + UserConfig newConfig = new UserConfig(username, newPassword, roles); + + //validate before removing existing config, so we don't remove but fail to add + status = newConfig.validate(); + if (!status.isSuccess()) { + return status; + } + + userManager.userLogout(username); + status = userManager.removeLocalUser(username); + if (!status.isSuccess()) { + return status; + } + if (userManager.addLocalUser(newConfig).isSuccess()) { + status = new Status(StatusCode.SUCCESS, "Password for user " + username + " reset successfully."); + } else { + //unexpected + status = new Status(StatusCode.INTERNALERROR, "Failed resetting password for user " + username + ". User is now removed."); + } - if (newPassword.isEmpty()) { - return new Status(StatusCode.BADREQUEST, "Empty passwords not allowed"); + //unauthorized + } else { + status = new Status(StatusCode.UNAUTHORIZED, "Operation not permitted"); } - Status status = userManager.changeLocalUserPassword(username, currentPassword, newPassword); if (status.isSuccess()) { - DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "changed password for", username); + DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "changed password for", + username); } return status; } /** * Is the operation permitted for the given level + * * @param level */ private boolean authorize(IUserManager userManager, UserLevel level, HttpServletRequest request) {