Ryan Goulding [Fri, 18 Mar 2016 14:20:21 +0000 (10:20 -0400)]
Fix odl-restconf-noauth
Removes OSGi activation of AAAFilter; if you install odl-aaa-shiro
on its own then you will need to manually activate with:
>bundle:install aaa-shiro-act
Change-Id: I6c58314c09ea07bcf47dce1ad19d16e35e4fe983
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Sharon Aicler [Thu, 17 Mar 2016 16:14:59 +0000 (16:14 +0000)]
Merge "Upgrade h2 version from 1.4.185 to 1.4.191"
Sharon Aicler [Thu, 17 Mar 2016 16:14:23 +0000 (16:14 +0000)]
Merge "Upgrade org.apache.felix.metatype from 1.0.10 to 1.1.2"
Ryan Goulding [Wed, 16 Mar 2016 19:44:23 +0000 (19:44 +0000)]
Merge "Bug 5493 idmtool script doesnt honor target-hostname argument"
Sharon Aicler [Wed, 16 Mar 2016 16:23:32 +0000 (16:23 +0000)]
Merge "AAA idmlight REST endpoints should use AAAFilter"
Ryan Goulding [Wed, 16 Mar 2016 15:56:23 +0000 (15:56 +0000)]
Merge "Bug 5474 Accounting Log for Un/Successful Auth Attempts"
Ryan Goulding [Thu, 10 Mar 2016 22:00:30 +0000 (17:00 -0500)]
Upgrade org.apache.felix.metatype from 1.0.10 to 1.1.2
Upgrades org.apache.felix.metatype to the latest version.
Change-Id: If03227426373f137d57cf88cd8ae8b8bc5d4afcc
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 10 Mar 2016 21:57:19 +0000 (16:57 -0500)]
Upgrade h2 version from 1.4.185 to 1.4.191
Upgrade h2 database driver to the latest version.
Change-Id: Id9064c748de5f4eea1cf7c968575c88be80bf9c1
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 10 Mar 2016 18:13:57 +0000 (13:13 -0500)]
Bug 5493 idmtool script doesnt honor target-hostname argument
Adds capability to parse target-hostname.
Change-Id: I2d48b300c07b9ab30748809ef1aa014d9ff87833
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 10 Mar 2016 16:42:24 +0000 (11:42 -0500)]
AAA idmlight REST endpoints should use AAAFilter
AAA idmlight rest endpoints currently use TokenAuthFilter, which was
deprecated during the Beryllium cycle. This upgrades the idmlight REST
endpoints such that AAAFilter (the replacement for TokenAuthFilter) is used
instead. The introduction of AAAFilter allows for Shiro based authorization
on idmlight REST endpoints.
Authorization rules were added to the idmlight REST endpoints to allow
only users with the admin role access.
Change-Id: I2f58dc9902f7712942ef9c847b37e1af89a4b1fe
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 7 Mar 2016 21:32:35 +0000 (16:32 -0500)]
Bug 5474 Accounting Log for Un/Successful Auth Attempts
Accounting is currently limited to karaf log output messages, which can be
copied to an external syslog server. Hitherto, AAA plugin didn't report
failed v.s. successful authentication attempts. This change provides the
ability to enable audit events for successful and unsuccessful authentication
attempts. This behavior is disabled by default in order to prevent flooding
karaf logs, but may be enabled if an operator feels this logging is
important.
To enable Un/Successful logging, from the karaf shell just type:
> log:set DEBUG org.opendaylight.aaa.shiro.filters.AuthenticationListener
A good deal of testing was added in order to ensure that audit events are
reported in a sane manner. A utilities class was developed which is
responsible for forming audit log messages. A custom slf4j appender was added
for testing only in order to track karaf log output, and ensure that audit
events are properly logged.
Change-Id: I21b8dc4ef5b137cf7f968c284a6725da7b02134a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Fri, 4 Mar 2016 19:20:17 +0000 (14:20 -0500)]
Bug 1835 - No length checking on POST and PUT fields in idm REST interface for /users
Validate the user fields length in PUT Rest API
Change-Id: I20c23d872ddfb476bc7dd8b0edec42fbb80fd0ce
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
melserngawy [Wed, 2 Mar 2016 22:28:26 +0000 (17:28 -0500)]
fix changes in openflowjava interface TlsConfiguration.
Change-Id: I718103f6f7e401cbb3bfc89de30a813ffb1c4761
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Wed, 24 Feb 2016 23:25:16 +0000 (18:25 -0500)]
Bug 5425 AAAFilter always assumes the default domain
This change allows another domain to be specified as part of the
username. Just use "username"@"domain". If no @domain is specified,
then the default domain "sdn" is assumed.
Change-Id: Ia7cdd06fbc92f9fef3723260950ef9f6682dabfa
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Wed, 24 Feb 2016 16:53:43 +0000 (17:53 +0100)]
Drop the dependency on jaxrs-api
The dependency appears to be unnecessary, remove it (instead of
upgrading it in odlparent).
Change-Id: Ifc41090520921440bde00e6c5f848e75832e636f
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Stephen Kitt [Tue, 23 Feb 2016 16:02:09 +0000 (17:02 +0100)]
Pull in PowerMock from odlparent
The Mockito upgrade breaks PowerMock 1.5.2; odlparent now provides the
necessary dependency management for PowerMock and will ensure that
Mockito and PowerMock versions are upgraded in sync.
Change-Id: I569f10df433ed8d0894c1dbc97aa9f9cbb8fbe5b
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Stephen Kitt [Fri, 19 Feb 2016 11:18:29 +0000 (12:18 +0100)]
Drop dependency on javax.annotation-api
This appears to be unused and may be contributing to issues with newer
versions of jsr305. (jsr305 3.0.0 doesn't provide any OSGi bundle
information, but 3.0.1 does, and the information provided conflicts
with the bundle information in javax.annotation-api.)
Change-Id: I39a22901e86220be5bc1da15975b39db11a6f426
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Mohamed El-Serngawy [Tue, 24 Nov 2015 23:16:22 +0000 (18:16 -0500)]
adding command-line and certificate functionalities
Change-Id: I0d5ffe7d004146fdcc92b3cf06cf45762b99cbd2
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Wed, 10 Feb 2016 19:20:15 +0000 (14:20 -0500)]
Convert to use yangtools-artifacts
Changes feature poms dependencyManagement to import yangtools-artifacts.
Change-Id: I9da547d519684b455a4a0a86f83265d313f47326
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 5 Feb 2016 23:13:46 +0000 (18:13 -0500)]
Adds a basic tool for AAA IDM manipulation
Change-Id: Ic38f2f23e4a302ecfca39ceadfe2979faec8aeba
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
(cherry picked from commit
f6c87f3cd7eaa6ffc32625546828a2b6cd42722e)
Ryan Goulding [Fri, 5 Feb 2016 18:52:26 +0000 (13:52 -0500)]
Bug 5253 AAA Delete non-functional
Fixes Stores to utilize Statement instead of PreparedStatement
due to limitations in h2 driver. Adds cleansing of input.
Puts a guard around the grant calculation to ensure a grant
referring to a missing role doesn't bomb the store.
Change-Id: I642a945b04fdae95ce67298c051726e8e9e8fe82
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
(cherry picked from commit
e0ca55c01badbbfb3ca326373dbfe0000116a34d)
Ryan Goulding [Fri, 5 Feb 2016 15:18:54 +0000 (10:18 -0500)]
Bug 5250 User update for changing password requires salt
Allows re-use of existing salt.
Change-Id: I61bbfd1e7d5839efcee3754f7d29d2c70f3aa5f7
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
(cherry picked from commit
da4610b0db64753e627b1ed12182c0581ab87298)
Ryan Goulding [Wed, 3 Feb 2016 14:37:12 +0000 (14:37 +0000)]
Merge "Ensure H2 resources are closed"
Stephen Kitt [Tue, 2 Feb 2016 17:14:04 +0000 (18:14 +0100)]
Ensure H2 resources are closed
This patch uses try-with-resources with all database resources
(connections, statements and result sets) to ensure they're closed
correctly in all cases. It drops the re-used dbConnection since that
seems fragile (two threads accessing the store simultaneously might
get the same connection, and one of the threads will close it before
the other has finished), except for tests.
The initial table check/creation is synchronized to avoid
time-of-check to time-of-use races.
Common code is extracted to an AbstractStore.
Exceptions are logged and re-thrown as StoreExceptions with exception
chaining.
Change-Id: Ia63493fcb1361e53a5f3400ee5e2fdf09bccb574
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Tue, 2 Feb 2016 20:24:54 +0000 (15:24 -0500)]
Bug 5193 Fix idmlight REST endpoints
Clean up feature install ordering.
Change-Id: I41f544185037138bb0119df26be3b11052c0d05b
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
(cherry picked from commit
710f46a274b7addae220a0cb8634c69d592d8342)
Ryan Goulding [Fri, 29 Jan 2016 19:03:33 +0000 (14:03 -0500)]
Bug 5145 ODLJndiLdapRealm does not allow configurable searchBase
Add configurable searchBase and ldapAttributeForComparison, which
is needed since the defaults will NOT apply to every LDAP deployment.
Fixes JDK8 incompatibilities in documentation.
Change-Id: Id7f5b5201311f6c7297ff976b777b4aafcccebe9
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
(cherry picked from commit
5058c61bf1cfa2b5b6f7f88a6460f9a3445a0dff)
Ryan Goulding [Fri, 29 Jan 2016 21:43:46 +0000 (16:43 -0500)]
Bug 5148 - CORS requests stopped early
Override isAccessAllowed(...) in order to allow through requests
with OPTIONS header, and no Authentication header.
Change-Id: I7344ad0eec573572bd9cd0495b622e09cfecbb8a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Sat, 23 Jan 2016 01:02:05 +0000 (20:02 -0500)]
Bug 5060 Cannot Delete Users
Fix the sql to delete a user.
Change-Id: Ic3b5273b898fd566a611e26ebeb4f35199b25797
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
(cherry picked from commit
372e83ce3e0c74042fa856ce59404179c3769988)
Sai MarapaReddy [Mon, 25 Jan 2016 19:54:00 +0000 (11:54 -0800)]
Fix license header violations
Change-Id: I7f41259477a30e58a88e635f74234366f308c94c
Signed-off-by: Sai MarapaReddy <sai.marapareddy@gmail.com>
Thanh Ha [Thu, 21 Jan 2016 21:21:05 +0000 (16:21 -0500)]
Bump yangtools to 1.0.0-SNAPSHOT
Change-Id: I5bf78cb609a154e26afab5cbbdb68995bc89a172
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Ryan Goulding [Wed, 20 Jan 2016 16:32:21 +0000 (11:32 -0500)]
Bug 5033 AAA sometimes falsely authorizes user to restricted endpoint
This change abstracts a custom principal with appropriate identification
information for the "doGetAuthorizationInfo()" step. The cached user
is elminated due to the fact that there may be interleaving in calls
to "doGetAuthenticationInfo()" and "doGetAuthorizationInfo()" for different
requests.
Change-Id: Ib76681137bb5c5d83493d5f3092a54e668b3c337
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Thanh Ha [Fri, 15 Jan 2016 02:12:52 +0000 (21:12 -0500)]
Bumping versions by 0.1.0 for next dev cycle
Change-Id: Ic0b167430069eb61ea4f06bf420c249806d2008c
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
xsir [Wed, 6 Jan 2016 01:45:21 +0000 (09:45 +0800)]
Fix generator path inconsistent
The generator path of build-helper-plugin is inconsistent with
odl-parent, this caused the Eclipse build path to be missing.
Change-Id: I6d1fa45abaef49d0995549230b7337892abec8ba
Signed-off-by: xsir <xujinchuan@huawei.com>
Robert Varga [Mon, 4 Jan 2016 21:27:53 +0000 (22:27 +0100)]
Fix AAA not advertising its features properly
All artifacts for public consumption need to be made part of the
project's arttifact pom, so they can be imported properly into
downstream projects.
Change-Id: I4eff79d9ebe9be31ceac4682e2a003a18b291cfb
Signed-off-by: Robert Varga <robert.varga@pantheon.sk>
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 29 Dec 2015 13:52:19 +0000 (08:52 -0500)]
Force shiro deps to inherit from odlparent
Shiro dependencies should inherit from odlparent, as they are
used across projects (netconf & AAA), and should be the same
to avoid version skew.
Change-Id: I35a79b9ef5b7e9699e105dfac09376eabc5a0ffb
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 28 Dec 2015 13:46:40 +0000 (08:46 -0500)]
Fix javadoc formatting for SHA256Calculator
Change-Id: Ie55998a88943b8d14184d6e0424a644ce9851858
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 14:13:31 +0000 (09:13 -0500)]
Adds documentation to IdmLightConfig
This is a formatting change to add documentation to IdmLightConfig.
This change extracts constants from magic strings.
Change-Id: I9f6c5efe8b073a11f6eb79b543856463374fcbb5
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 02:02:30 +0000 (21:02 -0500)]
Formatting applied to aaa-authz bundles
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: I918e68574cbcb3ebacdcd3556339219a5a21f7e4
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 01:41:23 +0000 (01:41 +0000)]
Merge "Formatting applied to features"
Ryan Goulding [Mon, 21 Dec 2015 01:33:51 +0000 (01:33 +0000)]
Merge "Formatting applied to aaa's distribution-karaf bundle"
Ryan Goulding [Mon, 21 Dec 2015 01:33:44 +0000 (01:33 +0000)]
Merge "Formatting applied to aaa-shiro-act bundle"
Ryan Goulding [Mon, 21 Dec 2015 01:27:47 +0000 (01:27 +0000)]
Merge "Formatting applied to aaa-shiro bundle"
Ryan Goulding [Mon, 21 Dec 2015 01:26:51 +0000 (20:26 -0500)]
Formatting applied to features
Removed any tabs and innapropriate whitespace from feature
poms and features.xml files.
Change-Id: I50ad151f706115ccc5b2de28f9ca8b863b224a91
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 01:19:03 +0000 (20:19 -0500)]
Formatting applied to aaa's distribution-karaf bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: I85d3fcd292f964fd5c02e455747e93a79660db88
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 01:16:17 +0000 (20:16 -0500)]
Formatting applied to aaa-shiro-act bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: I81a9e2c09518108f2166de01ba5e974ac4e0170d
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 01:14:50 +0000 (01:14 +0000)]
Merge "Formatting applied to aaa-authn-sts bundle"
Ryan Goulding [Mon, 21 Dec 2015 01:14:41 +0000 (01:14 +0000)]
Merge "Formatting applied to aaa-authn-sssd bundle"
Ryan Goulding [Mon, 21 Dec 2015 01:13:35 +0000 (20:13 -0500)]
Formatting applied to aaa-shiro bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: Ic9f6f70ce229c83e79bc7683e8591773396c5b6e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 01:00:01 +0000 (01:00 +0000)]
Merge "Formatting applied to aaa-authn-store bundle"
Ryan Goulding [Mon, 21 Dec 2015 00:33:20 +0000 (19:33 -0500)]
Formatting applied to aaa-authn-sssd bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: I638b8384e1b88508799dfaf27b62351c1915d904
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 00:52:05 +0000 (00:52 +0000)]
Merge "Formatting applied to aaa-authn-mdsal bundles"
Ryan Goulding [Mon, 21 Dec 2015 00:50:43 +0000 (19:50 -0500)]
Formatting applied to aaa-authn-sts bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: Iad4cdcff1c356a4dc4199531e8d716521be62d21
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 00:42:40 +0000 (00:42 +0000)]
Merge "Formatting applied to aaa-authn-federation bundle"
Ryan Goulding [Mon, 21 Dec 2015 00:41:07 +0000 (19:41 -0500)]
Formatting applied to aaa-authn-store bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: I4aa68123fe0d014ab6d51845cc87cc038567effc
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 00:26:40 +0000 (00:26 +0000)]
Merge "Formatting applied to aaa-authn-keystone bundle"
Ryan Goulding [Sun, 20 Dec 2015 23:50:01 +0000 (18:50 -0500)]
Formatting applied to aaa-authn-federation bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: Id378fc5f086972a417886d1652e31a2170997f16
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 00:22:48 +0000 (19:22 -0500)]
Formatting applied to aaa-authn-mdsal bundles
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: I0e2717e15c4ca27ce6c4161caf491958e8ab2777
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 00:22:06 +0000 (00:22 +0000)]
Merge "Formatting applied to aaa-authn-idpmapping"
Ryan Goulding [Mon, 21 Dec 2015 00:08:56 +0000 (19:08 -0500)]
Formatting applied to aaa-authn-keystone bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: I1e57066564f74b81b8fb84cf33dbfe96df833368
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 21 Dec 2015 00:04:19 +0000 (00:04 +0000)]
Merge "Formatting applied to aaa-authn-basic"
Ryan Goulding [Mon, 21 Dec 2015 00:03:43 +0000 (19:03 -0500)]
Formatting applied to aaa-authn-idpmapping
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: I5551eec1ceed56281447453d8ed619b033deb541
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Sun, 20 Dec 2015 23:59:53 +0000 (23:59 +0000)]
Merge "Formatting applied to aaa-authn bundle"
Ryan Goulding [Sun, 20 Dec 2015 23:44:04 +0000 (18:44 -0500)]
Formatting applied to aaa-authn-basic
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: Icba7172edc67a0e8697e7d12aabcc0928573095d
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Sun, 20 Dec 2015 23:40:35 +0000 (18:40 -0500)]
Formatting applied to aaa-authn bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, reorganizing imports, and converting
all line endings to Unix-style.
Change-Id: If0e2ccad0eee789ecb6f81fb3a237e2f95886486
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Sun, 20 Dec 2015 23:31:11 +0000 (18:31 -0500)]
Formatting applied to aaa-authn-api bundle
Fixes flagrant checkstyle violations. This is done using
eclipse formatting, adding Logger where printStackTrace()
existed, and reorganizing any imports that were in the
wrong order.
Change-Id: Ia9f521d2e8715666b90347201a0c5abd9d4d275e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Sharon Aicler [Sun, 20 Dec 2015 19:20:12 +0000 (19:20 +0000)]
Merge "Bug 4804 IDMLight REST endpoints do not redact the salt user field"
Ryan Goulding [Fri, 18 Dec 2015 17:22:35 +0000 (12:22 -0500)]
Formatting applied to aaa-h2-store package
Fixes checkstyle violations. Deprecates and logger wrapper methods,
in favor of directly invoking LOG methods.
Change-Id: I4799b8be41ae7615fb15878a3302f7d13bda6a17
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 17 Dec 2015 17:56:15 +0000 (12:56 -0500)]
Bug 4804 IDMLight REST endpoints do not redact the salt user field
Enforces redacted fields salt fields for IDMLight rest endpoints, since
exposing such information is a plausible security concern. Abstracts several
helper methods to avoid code duplication. Cleans up error reporting so error
messages are consistent among operations on the /auth/v1/users REST
endpoint. Reformats several areas of code that do not align to AAA
checkstyle. Adds much needed documentation on how to utilize the REST
endpoint.
Change-Id: I65319a34d1c0f0363fc2c73a6e872cdb296f9604
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 18 Dec 2015 01:45:54 +0000 (01:45 +0000)]
Merge "Formatting applied to aaa-idmlight tests"
Ryan Goulding [Fri, 18 Dec 2015 01:29:03 +0000 (20:29 -0500)]
Formatting applied to aaa-idmlight tests
Fixes formatting in test scripts. Fixes PasswordHashTest
to throw Exception in setup instead of try/catch so the
test actually fails.
Change-Id: Icdc496b5ff560a3c6ff9d3afd292ff02a2c23993
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 18 Dec 2015 01:17:55 +0000 (20:17 -0500)]
Formatting applied to AAAIDMLightModule
Fixed checkstyle errors in AAAIDMLightModule.
Change-Id: Ie104eb3cf510880f37b34fe8e3196fd8ef11f30a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 18 Dec 2015 01:13:34 +0000 (01:13 +0000)]
Merge "Formatting applied to StoreBuilder"
Ryan Goulding [Fri, 18 Dec 2015 00:03:44 +0000 (19:03 -0500)]
Formatting applied to StoreBuilder
This change tackles some vital formatting issues with StoreBuilder. The
following is done to the IdmLightApplication class to promote clarity and conformance
to project style:
1) Add some detailed information to the class comment concerning the default installed
accounts.
2) Add TODO concerning what to do if "sdn" is deleted. Implies that "sdn" could
be made a mandatory domain.
3) Format in eclipse by clicking "format".
4) Fix any errors reported by "mvn checkstyle:checkstyle".
No actual code or functionality changes were made. This is strictly a
formatting related patch.
Change-Id: I09f45e529201d3eeaca94286f86e3dc06bf727c8
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 18 Dec 2015 00:37:57 +0000 (00:37 +0000)]
Merge "Formatting applied to IdmLightApplication"
Ryan Goulding [Fri, 18 Dec 2015 00:13:38 +0000 (00:13 +0000)]
Merge "Bug 4809 Deprecate the versionhandler for AAA"
Ryan Goulding [Thu, 17 Dec 2015 23:35:56 +0000 (18:35 -0500)]
Formatting applied to IdmLightApplication
This change tackles some vital formatting issues with IdmLightApplication. The
following is done to the IdmLightApplication class to promote clarity and conformance
to project style:
1) Move the class documentation comment to the right location. Add some
detailed information to the class comment concerning different handlers.
2) Add CONSTANT documentation.
3) Format in eclipse by clicking "format".
4) Fix any errors reported by "mvn checkstyle:checkstyle".
5) Add a TODO to address the mismatch in MAX_FIELD_LENGTH between this
class and the Store classes, which assume 128 not 256.
No actual code or functionality changes were made. This is strictly a
formatting related patch.
Change-Id: Id4fee54715f392830a97207f24fc9f7ca6880b60
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 18 Dec 2015 00:10:16 +0000 (00:10 +0000)]
Merge "Formatting applied to IdmLightProxy"
Ryan Goulding [Thu, 17 Dec 2015 23:51:27 +0000 (18:51 -0500)]
Formatting applied to IdmLightProxy
This change tackles some vital formatting issues with IdmLightProxy. The
following is done to the IdmLightProxy class to promote clarity and conformance
to project style:
1) Add instance member documentation.
2) Add static initialization documentation
3) Add info logging to the "clearClaimCache()" method.
4) Format in eclipse by clicking "format".
5) Fix any errors reported by "mvn checkstyle:checkstyle".
6) Eliminate the "debug" logging method in favor of direct invocation.
No actual code or functionality changes were made. This is strictly a
formatting related patch.
Change-Id: Iebd14af02f0a5ffa13c96839e24b29efec76c708
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 17 Dec 2015 23:19:50 +0000 (18:19 -0500)]
Bug 4809 Deprecate the versionhandler for AAA
AAA currently has a rest endpoint to display version information. This REST
endpoint is:
1) out of date
2) largely unused to our knowledge
3) should be deprecated
This patch does the following:
1) Formats by clicking "format" in eclipse.
2) Fix any checkstyle violations.
3) Puts the class javadoc comment in the correct place
4) Adds an @Deprecated tag so the interface can be safely removed in Boron
Change-Id: I2195af6980dc08c4e445daa3cb29078a11821ad6
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 17 Dec 2015 23:12:10 +0000 (18:12 -0500)]
Formatting applied to RoleHandler
This change tackles some vital formatting issues with RoleHandler. The
following is done to the RoleHandler class to promote clarity and conformance
to project style:
1) Move the class documentation comment to the right location. Add some
detailed information to the class comment concerning how to use the REST
endpoints for RoleHandler.
2) Add function documentation comments explaining their responsibilities.
3) Format in eclipse by clicking "format".
4) Fix any errors reported by "mvn checkstyle:checkstyle".
No actual code or functionality changes were made. This is strictly a
formatting related patch.
Change-Id: I7a8a9343792d5384b1639010918d2ed8ecdaaa6a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 17 Dec 2015 19:36:26 +0000 (14:36 -0500)]
Formatting applied to DomainHandler
This change tackles some vital formatting issues with DomainHandler. The
following is done to the DomainHandler class to promote clarity and conformance
to project style:
1) Move the class documentation comment to the right location. Add some
detailed information to the class comment concerning how to use the REST
endpoints for DomainHandler.
2) Add function documentation comments explaining their responsibilities.
3) Format in eclipse by clicking "format".
4) Fix any errors reported by "mvn checkstyle:checkstyle".
No actual code or functionality changes were made. This is strictly a
formatting related patch.
Change-Id: Ie2d0ecff913afbceb280950e1a8d40a43a3958a0
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Sharon Aicler [Wed, 16 Dec 2015 23:31:25 +0000 (23:31 +0000)]
Merge "Bug 4766 AAA does not provide AuthN only LDAP capability"
Ryan Goulding [Tue, 15 Dec 2015 15:24:52 +0000 (15:24 +0000)]
Merge "Pull in dependencies from odlparent"
Ryan Goulding [Tue, 15 Dec 2015 15:06:02 +0000 (10:06 -0500)]
Bug 4783 SQLException masked my IDMStoreException, making debugging impossible
Adds logging to help actually debug StoreException(s), which are usually
caused by SQLException(s). Propagates the entire throwable to IDMStoreException
instead of just the message, which is more useful for debugging.
Change-Id: I91fcb5513ea7d0dce055b4b02b6c2af4a07994f0
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 14 Dec 2015 20:34:28 +0000 (15:34 -0500)]
Bug 4768 AAA STS ServiceWireTask prone to IllegalStateException: BundleContext is no longer valid
ServiceWireTask is deprecated since it is prone to stale BundleContext. The
functionality is replaced with an OSGi ServiceTracker and
ServiceTrackerCustomizer pair, which handles AAA activation and service loading
asynchronously. This patch was inspired by this great work:
https://git.opendaylight.org/gerrit/#/c/31070/
Change-Id: Ief09dbd1a8c27805eb29a222dc062899fccffaa5
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 14 Dec 2015 17:36:53 +0000 (12:36 -0500)]
Bug 4773 Package uses conflict between authn and restconf
Adds necessary annotation libraries from jsr305.
Change-Id: I4c7ead22e6aa100c2430061c35e449edaace6110
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Sat, 12 Dec 2015 17:11:55 +0000 (12:11 -0500)]
Bug 4766 AAA does not provide AuthN only LDAP capability
Provides a wrapper to JndiLdapRealm (Shiro) for AuthN only LDAP integration.
From a security perspective, certain operators may not want to expose LDAP
grouping information to the controller.
Also, this change adds some more necessary documentation to shiro.ini
concerning configuration of Shiro-based AAA. The documentation provides
examples of how to set up the different LDAP implementations.
Change-Id: Icb295ec40a4ab164111c39f5d6570549bf634fae
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Fri, 11 Dec 2015 16:32:23 +0000 (17:32 +0100)]
Pull in dependencies from odlparent
Drop Jersey dependencies from dependency management (this needs
jersey-test-framework-grizzly2 to be added to odlparent).
Switch from javax.servlet:servlet-api:2.5 to
javax.servlet.javax.servlet-api:3.0.1 (which is also OSGi compliant).
Change-Id: Ib1eca3d2fa2feac0cedafc8962f6c1f541855f10
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Wed, 9 Dec 2015 22:21:02 +0000 (17:21 -0500)]
Bug 4749 odl-aaa-shiro feature doesn't import some runtime dependencies
Imports the correct runtime dependencies so that ODL's Shiro wrapper
and Filtering works. Also updates to use ${project.version} in the
appropriate places.
Change-Id: I2c9eb0fb111909b652a5d551dea238fbfe4d0f44
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Tom Pantelis [Wed, 9 Dec 2015 08:28:02 +0000 (03:28 -0500)]
Modify AAAIDMLightModule to use a ServiceTracker
This replaces the thread that was spawned to busy wait for the IdmStore
service.
Change-Id: Ib90a92716725a7e9c94945f067f5029d0f06526d
Signed-off-by: Tom Pantelis <tpanteli@brocade.com>
Sharon Aicler [Tue, 8 Dec 2015 17:19:06 +0000 (09:19 -0800)]
Fix Bug 4723 StoreBuilder init times out
Removes StoreBuilder initialization call from IdmLightApplication constructor
to avoid blocking the main OSGi thread. A separate thread called
StoreServiceLocator, which is spawned during IDMLightModule creation,
is used to track status of IIDMStore, the "pluggable" backing data store for
AAA identity management. When the store is resolved, the thread invokes
StoreBuilder initialization code to handle initial creation of identity data.
Change-Id: I7cb91f2ed71712932e33188e3b4f6d2b9b0f1aa3
Signed-off-by: Sharon Aicler <saichler@cisco.com>
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 9 Dec 2015 11:12:58 +0000 (06:12 -0500)]
Revert Bug 4723 AAA StoreBuilder init times out too early
This reverts commit
0f25e8c273c6297e4e88f8e2f335e08d0194c029.
Change-Id: I3d435e45290c3f6ac0c9163ada9130c6210687b0
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Sharon Aicler [Tue, 8 Dec 2015 19:28:05 +0000 (19:28 +0000)]
Merge "Bug 4741 AAA ServiceWireTask causes long running singleFeatureTest"
Ryan Goulding [Tue, 8 Dec 2015 16:33:06 +0000 (11:33 -0500)]
Bug 4741 AAA ServiceWireTask causes long running singleFeatureTest
Sets StoreServiceLocator thread to be a daemon thread.
Change-Id: I90b82e481bcc9f63991baa967fc62f7505d48fd9
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 8 Dec 2015 16:08:48 +0000 (11:08 -0500)]
Bug 4741 AAA ServiceWireTask causes long running singleFeatureTest
Makes ServiceWireTask thread daemon so it won't block.
Change-Id: I7082424acc7a574b40852feb7e856818813ee4f9
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Sharon Aicler [Fri, 4 Dec 2015 21:32:32 +0000 (13:32 -0800)]
Bug 4732 Convert IDM Light to use config subsystem
Change-Id: I3800b15c4371c5acb7c9ae9b2af0c85412224d72
Signed-off-by: Sharon Aicler <saichler@cisco.com>
Jamo Luhrsen [Fri, 4 Dec 2015 17:13:24 +0000 (09:13 -0800)]
change log message from 30s to 10m
Change-Id: I848e0958a1e1b9548f74352fe0f1b929f53bd57f
Signed-off-by: Jamo Luhrsen <jluhrsen@redhat.com>
Ryan Goulding [Fri, 4 Dec 2015 15:45:36 +0000 (15:45 +0000)]
Merge "Bug 4723 AAA StoreBuilder init times out too early"
Ryan Goulding [Fri, 4 Dec 2015 15:19:50 +0000 (10:19 -0500)]
Bug 4723 AAA StoreBuilder init times out too early
AAA StoreBuilder will timeout if the backing data store isn't
loaded in 30s. This is too short for some features.
Change-Id: I5c0c866b820bcf49e9592d620df69eefbb8dc2db
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 4 Dec 2015 01:22:08 +0000 (01:22 +0000)]
Merge "Add Deprecated Tag to TokenAuthFilter"
Code Review / aaa.git / log