remove <security-constraint> from web.xml

The original idea of this (back when Tomcat was still used, before
Karaf, perhaps?) probably was to protect URLs at the "web container
level", but... we ALSO have the Shiro AAAFilter, and my understanding is
that this Filter is what actually does the protection (today); therefore
I suspect that this <security-constraint> is now useless.  We can remove
it to remove confusion for possible future work to replace the web.xml
with something else.

Change-Id: I23c74ed146364ee8864e31f7a8038a782bd32fba
Signed-off-by: Michael Vorburger <vorburger@redhat.com>

diff --git a/northbound-api/src/main/resources/WEB-INF/web.xml b/northbound-api/src/main/resources/WEB-INF/web.xml
index 67b613cd8db8dcf5bdebb85bf5398f9b09dc06c2..2ef97da738eabcee2a12f5d78acaa6a30bd020ce 100644 (file)
--- a/northbound-api/src/main/resources/WEB-INF/web.xml
+++ b/northbound-api/src/main/resources/WEB-INF/web.xml
@@ -1,71 +1,59 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>\r
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
-        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"\r
-        version="3.0">\r
-  <servlet>\r
-    <servlet-name>JAXRSNeutron</servlet-name>\r
-    <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>\r
-    <init-param>\r
-      <param-name>javax.ws.rs.Application</param-name>\r
-      <param-value>org.opendaylight.neutron.northbound.api.NeutronNorthboundRSApplication</param-value>\r
-    </init-param>\r
-    <load-on-startup>1</load-on-startup>\r
-  </servlet>\r
-\r
-  <servlet-mapping>\r
-    <servlet-name>JAXRSNeutron</servlet-name>\r
-    <url-pattern>/*</url-pattern>\r
-  </servlet-mapping>\r
-\r
-  <context-param>\r
-    <param-name>shiroEnvironmentClass</param-name>\r
-    <param-value>org.opendaylight.aaa.shiro.web.env.KarafIniWebEnvironment</param-value>\r
-  </context-param>\r
-\r
-  <listener>\r
-    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>\r
-  </listener>\r
-\r
-  <filter>\r
-    <filter-name>ShiroFilter</filter-name>\r
-    <filter-class>org.opendaylight.aaa.shiro.filters.AAAShiroFilter</filter-class>\r
-  </filter>\r
-\r
-  <filter-mapping>\r
-    <filter-name>ShiroFilter</filter-name>\r
-    <url-pattern>/*</url-pattern>\r
-  </filter-mapping>\r
-\r
-  <filter>\r
-    <filter-name>cross-origin-restconf</filter-name>\r
-    <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>\r
-    <init-param>\r
-      <param-name>allowedOrigins</param-name>\r
-      <param-value>*</param-value>\r
-    </init-param>\r
-    <init-param>\r
-      <param-name>allowedMethods</param-name>\r
-      <param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>\r
-    </init-param>\r
-    <init-param>\r
-      <param-name>allowedHeaders</param-name>\r
-      <param-value>origin, content-type, accept, authorization</param-value>\r
-    </init-param>\r
-  </filter>\r
-  <filter-mapping>\r
-    <filter-name>cross-origin-restconf</filter-name>\r
-    <url-pattern>/*</url-pattern>\r
-  </filter-mapping>\r
-  <security-constraint>\r
-    <web-resource-collection>\r
-      <web-resource-name>NB api</web-resource-name>\r
-      <url-pattern>/*</url-pattern>\r
-      <http-method>POST</http-method>\r
-      <http-method>GET</http-method>\r
-      <http-method>PUT</http-method>\r
-      <http-method>PATCH</http-method>\r
-      <http-method>DELETE</http-method>\r
-      <http-method>HEAD</http-method>\r
-    </web-resource-collection>\r
-  </security-constraint>\r
-</web-app>\r
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+        version="3.0">
+  <servlet>
+    <servlet-name>JAXRSNeutron</servlet-name>
+    <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
+    <init-param>
+      <param-name>javax.ws.rs.Application</param-name>
+      <param-value>org.opendaylight.neutron.northbound.api.NeutronNorthboundRSApplication</param-value>
+    </init-param>
+    <load-on-startup>1</load-on-startup>
+  </servlet>
+
+  <servlet-mapping>
+    <servlet-name>JAXRSNeutron</servlet-name>
+    <url-pattern>/*</url-pattern>
+  </servlet-mapping>
+
+  <context-param>
+    <param-name>shiroEnvironmentClass</param-name>
+    <param-value>org.opendaylight.aaa.shiro.web.env.KarafIniWebEnvironment</param-value>
+  </context-param>
+
+  <listener>
+    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
+  </listener>
+
+  <filter>
+    <filter-name>ShiroFilter</filter-name>
+    <filter-class>org.opendaylight.aaa.shiro.filters.AAAShiroFilter</filter-class>
+  </filter>
+
+  <filter-mapping>
+    <filter-name>ShiroFilter</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+
+  <filter>
+    <filter-name>cross-origin-restconf</filter-name>
+    <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
+    <init-param>
+      <param-name>allowedOrigins</param-name>
+      <param-value>*</param-value>
+    </init-param>
+    <init-param>
+      <param-name>allowedMethods</param-name>
+      <param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>
+    </init-param>
+    <init-param>
+      <param-name>allowedHeaders</param-name>
+      <param-value>origin, content-type, accept, authorization</param-value>
+    </init-param>
+  </filter>
+  <filter-mapping>
+    <filter-name>cross-origin-restconf</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+</web-app>