From: Ryan Goulding <ryandgoulding@gmail.com>
Date: Thu, 3 Sep 2015 16:00:29 +0000 (-0400)
Subject: Bug 4719 Shiro integration into restconf
X-Git-Tag: release/beryllium~62^2
X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=commitdiff_plain;h=b23eeab2818243f02d15e48f2e7adc564cee3b53;p=netconf.git

Bug 4719 Shiro integration into restconf

Switches from TokenAuthFilter, a ContainerRequestFilter, to AAAFilter, a
javax.servlet.Filter.  This allows use of Shiro Realms including LDAP.  In
order to run restconf without AAA, you can can still utilize the
odl-restconf-noauth feature.  AAAFilter is disabled by default, and only
enabled when the odl-shiro-act bundle is activated.

Change-Id: I628967886c8b999761a71a632dc34294b45292df
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
---

diff --git a/features/netconf/pom.xml b/features/netconf/pom.xml
index 9d24f37e54..3edc9a4b54 100644
--- a/features/netconf/pom.xml
+++ b/features/netconf/pom.xml
@@ -74,6 +74,13 @@
   </dependencyManagement>
 
   <dependencies>
+    <dependency>
+      <groupId>org.opendaylight.aaa</groupId>
+      <artifactId>features-aaa-shiro</artifactId>
+      <version>${aaa.version}</version>
+      <classifier>features</classifier>
+      <type>xml</type>
+    </dependency>
     <dependency>
       <groupId>org.opendaylight.controller</groupId>
       <artifactId>features-protocol-framework</artifactId>
diff --git a/features/restconf/pom.xml b/features/restconf/pom.xml
index fa4c63882c..2d76209493 100644
--- a/features/restconf/pom.xml
+++ b/features/restconf/pom.xml
@@ -25,12 +25,11 @@
     <controller.mdsal.version>1.3.0-SNAPSHOT</controller.mdsal.version>
     <features.test.version>1.6.0-SNAPSHOT</features.test.version>
     <jersey-servlet.version>1.17</jersey-servlet.version>
-
     <mdsal.version>2.0.0-SNAPSHOT</mdsal.version>
     <mdsal.model.version>0.8.0-SNAPSHOT</mdsal.model.version>
     <restconf.version>1.3.0-SNAPSHOT</restconf.version>
-    <yangtools.version>0.8.0-SNAPSHOT</yangtools.version>
     <surefire.version>2.15</surefire.version>
+    <yangtools.version>0.8.0-SNAPSHOT</yangtools.version>
 
     <features.file>features.xml</features.file>
     <config.configfile.directory>etc/opendaylight/karaf</config.configfile.directory>
@@ -62,12 +61,11 @@
     </dependency>
     <dependency>
       <groupId>org.opendaylight.aaa</groupId>
-      <artifactId>features-aaa</artifactId>
+      <artifactId>features-aaa-shiro</artifactId>
       <version>${aaa.version}</version>
       <classifier>features</classifier>
       <type>xml</type>
     </dependency>
-
     <dependency>
       <groupId>org.opendaylight.controller</groupId>
       <artifactId>sal-remote</artifactId>
diff --git a/features/restconf/src/main/features/features.xml b/features/restconf/src/main/features/features.xml
index 10060895fe..2ede2bc45a 100644
--- a/features/restconf/src/main/features/features.xml
+++ b/features/restconf/src/main/features/features.xml
@@ -13,17 +13,19 @@
 
     <repository>mvn:org.opendaylight.controller/features-mdsal/{{VERSION}}/xml/features</repository>
     <repository>mvn:org.opendaylight.yangtools/features-yangtools/{{VERSION}}/xml/features</repository>
-    <repository>mvn:org.opendaylight.aaa/features-aaa/{{VERSION}}/xml/features</repository>
+    <repository>mvn:org.opendaylight.aaa/features-aaa-shiro/{{VERSION}}/xml/features</repository>
     <feature name='odl-restconf-all' version='${project.version}' description='OpenDaylight :: Restconf :: All'>
         <feature version='${project.version}'>odl-restconf</feature>
         <feature version='${project.version}'>odl-mdsal-apidocs</feature>
     </feature>
 
     <feature name='odl-restconf' version='${project.version}' description="OpenDaylight :: Restconf">
-        <feature version='${aaa.version}'>odl-aaa-authn</feature>
+        <!-- Enables AAA through the odl-shiro-act bundle Activator -->
+        <bundle>mvn:org.opendaylight.aaa/aaa-shiro-act/{{VERSION}}</bundle>
         <feature version='${project.version}'>odl-restconf-noauth</feature>
     </feature>
     <feature name='odl-restconf-noauth' version='${project.version}' description="OpenDaylight :: Restconf">
+        <feature version='${aaa.version}'>odl-aaa-shiro</feature>
         <feature version='${controller.mdsal.version}'>odl-mdsal-broker</feature>
         <feature>war</feature>
         <!-- presently we need sal-remote to be listed BEFORE sal-rest-connector because sal-rest-connector
diff --git a/opendaylight/restconf/sal-rest-connector/pom.xml b/opendaylight/restconf/sal-rest-connector/pom.xml
index 41d746284b..0edf03112a 100644
--- a/opendaylight/restconf/sal-rest-connector/pom.xml
+++ b/opendaylight/restconf/sal-rest-connector/pom.xml
@@ -107,6 +107,10 @@
       <artifactId>logback-classic</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>com.sun.jersey</groupId>
+      <artifactId>jersey-server</artifactId>
+    </dependency>
 
     <!-- Testing Dependencies -->
     <dependency>
@@ -128,6 +132,16 @@
 
   <build>
     <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <configuration>
+          <classpathDependencyExcludes>
+            <!-- Removes com.sun.jersey from testing classpath so there is no conflict with org.glassfish.jersey -->
+            <classpathDependencyExclude>com.sun.jersey</classpathDependencyExclude>
+          </classpathDependencyExcludes>
+        </configuration>
+      </plugin>
       <plugin>
         <groupId>org.apache.felix</groupId>
         <artifactId>maven-bundle-plugin</artifactId>
@@ -142,11 +156,13 @@
               org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.controller.md.sal.rest.connector.rev140724.*,
             </Private-Package>
             <Import-Package>
-              com.sun.jersey.spi.container.servlet, org.eclipse.jetty.servlets,
-              <!-- Set the javax packages version to 0. Relying on "*" includes versions from jsr305 dependency whic are
-              incompatible with karaf provided packages -->
-              javax.*;version="0.0",
               *,
+              com.sun.jersey.spi.container.servlet,
+              org.eclipse.jetty.servlets,
+              org.opendaylight.aaa.shiro.filters,
+              org.opendaylight.aaa.shiro.realm,
+              org.opendaylight.aaa.shiro.web.env,
+              org.apache.shiro.web.env
             </Import-Package>
             <Embed-Dependency>stax-utils</Embed-Dependency>
             <Web-ContextPath>/restconf</Web-ContextPath>
diff --git a/opendaylight/restconf/sal-rest-connector/src/main/resources/WEB-INF/web.xml b/opendaylight/restconf/sal-rest-connector/src/main/resources/WEB-INF/web.xml
index 66cadd0cbc..4935729525 100644
--- a/opendaylight/restconf/sal-rest-connector/src/main/resources/WEB-INF/web.xml
+++ b/opendaylight/restconf/sal-rest-connector/src/main/resources/WEB-INF/web.xml
@@ -10,14 +10,28 @@
             <param-name>javax.ws.rs.Application</param-name>
             <param-value>org.opendaylight.netconf.sal.rest.impl.RestconfApplication</param-value>
         </init-param>
-        <!-- AAA Auth Filter -->
-        <init-param>
-            <param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
-            <param-value> org.opendaylight.aaa.sts.TokenAuthFilter</param-value>
-        </init-param>
         <load-on-startup>1</load-on-startup>
     </servlet>
 
+    <context-param>
+      <param-name>shiroEnvironmentClass</param-name>
+      <param-value>org.opendaylight.aaa.shiro.web.env.KarafIniWebEnvironment</param-value>
+    </context-param>
+
+    <listener>
+        <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
+    </listener>
+
+    <filter>
+        <filter-name>ShiroFilter</filter-name>
+        <filter-class>org.opendaylight.aaa.shiro.filters.AAAFilter</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>ShiroFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <servlet-mapping>
         <servlet-name>JAXRSRestconf</servlet-name>
         <url-pattern>/*</url-pattern>