Robert Varga [Sat, 26 Nov 2022 08:24:21 +0000 (09:24 +0100)]
Bump upstreams
Adopt:
- odlparent-12.0.1
- yangtools-10.0.1
- mdsal-11.0.1
Change-Id: I17c5b8695ef9d4e1eef02d292831b3f39e556597
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Stephen Kitt [Mon, 21 Nov 2022 08:26:06 +0000 (09:26 +0100)]
Bump shiro to 1.10.1
Changes:
https://shiro.apache.org/blog/2022/11/19/apache-shiro-1101-released.html
JIRA: AAA-242
Change-Id: I294d2a3e50abfff46486811bce97c2d192e9e3a7
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Robert Varga [Wed, 16 Nov 2022 17:58:35 +0000 (18:58 +0100)]
Drop an old FIXME
This FIXME has been addressed, remove it.
Change-Id: I929a0359b7f71adfa043eb0ff55831e8231b3f7b
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 16 Nov 2022 17:34:10 +0000 (18:34 +0100)]
Fix aaa-idm-store-h2 dependencies
We should depend on aaa-password-service-impl and aaa-tokenauthrealm
only for tests. Fix this up, improving packaging in the process.
Change-Id: I65f9093c7d3cf00dcbe19b336030ae86db33b38a
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 16 Nov 2022 17:28:58 +0000 (18:28 +0100)]
Drop dependency on commons-text
Fix the final SQL injection issue in GrantStore, which means we no
longer need to escape strings. This allows us to drop dependency on
common-text and fixup a warning by mentioning guava in our dependencies.
Change-Id: I3665a42fd81c7e07ea708d352c784f2bb75a86ad
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 16 Nov 2022 17:27:12 +0000 (18:27 +0100)]
Use prepareStatement() in UserStore.deleteUser()
The conversion to prepared statements has not dealt with the delete
function, leaving the ability to wipe the entire UserStore with SQL
injection. Fix this by using a proper prepared statement.
JIRA: AAA-241
Change-Id: Ie3d9a8eae815fab457809f3d2cd3577d38bd0207
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 16 Nov 2022 17:24:46 +0000 (18:24 +0100)]
Use prepareStatement() in DomainStore.deleteDomain()
The conversion to prepared statements has not dealt with the delete
function, leaving the ability to wipe the entire DomainStore with SQL
injection. Fix this by using a proper prepared statement.
JIRA: AAA-240
Change-Id: I4650e4561482864c90df737e964dcc5514221a15
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 16 Nov 2022 17:20:59 +0000 (18:20 +0100)]
Use prepareStatement() in RoleStore.deleteRole()
The conversion to prepared statements has not dealt with the delete
function, leaving the ability to wipe the entire RoleStore with SQL
injection. Fix this by using a proper prepared statement.
JIRA: AAA-239
Change-Id: If46a900951b4f1769239bd5f38516b299284f88b
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Tue, 8 Nov 2022 19:12:00 +0000 (20:12 +0100)]
Bump upstreams
Adopt:
- odlparent-12.0.0
- infrautils-5.0.0
- yangtools-10.0.0
- mdsal-11.0.0-SNAPSHOT
- controller-7.0.0-SNAPSHOT
Change-Id: If07553504aa1cdf7144bacafbbd984ecb2f60894
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 2 Nov 2022 11:32:33 +0000 (11:32 +0000)]
Merge "Document and validate web-api constructs"
OleksandrZharov [Tue, 27 Sep 2022 10:42:49 +0000 (12:42 +0200)]
Document and validate web-api constructs
We ditch immutables.org and use interface/builder/record to provide
minimal API footprint change. Any violations are flagged by builder
setter methods.
This forces a rather more thorough change in APIs, but the result is
more worth the churn.
The urlPatterns are check for compliance with Java Servlet
Specification, version 3.1.
JIRA: AAA-233
Change-Id: If65aa0fac7ee7040e89d926bf115b4f124c5b4e2
Signed-off-by: OleksandrZharov <Oleksandr.Zharov@pantheon.tech>
Signed-off-by: Ivan Hrasko <ivan.hrasko@pantheon.tech>
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
OleksandrZharov [Tue, 18 Oct 2022 16:00:44 +0000 (18:00 +0200)]
Ignore untagged Filters
We want to ignore all filters for HTTP whiteboard and allow
only those comming from 'odl.aaa.filterchain.filter'.
Instead of not-allowing filters we do NOT want to use lets just
specify filters we DO want to use.
JIRA: AAA-237
Change-Id: I657396dc0f7295b4d492fb64bf5f4e5c4b34c548
Signed-off-by: OleksandrZharov <Oleksandr.Zharov@pantheon.tech>
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 28 Oct 2022 21:30:57 +0000 (23:30 +0200)]
Bump h2database to 2.1.214
https://github.com/h2database/h2database/releases/tag/version-2.1.212
https://github.com/h2database/h2database/releases/tag/version-2.1.214
Change-Id: Ia731330d2b452868438b3b9595a2c86a7c8d6ccc
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 28 Oct 2022 20:16:32 +0000 (22:16 +0200)]
Bump shiro to 1.10.0
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=
12310950&version=
12351946
Change-Id: I2e11329f33a18283d941a33d29f47bee4d24bd94
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 20 Oct 2022 16:25:36 +0000 (18:25 +0200)]
Bump versions to 0.17.0-SNAPSHOT
This starts the next major development iteration.
Change-Id: I13beb539d905af7f197dcb6be13fb06e28545757
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 12:55:31 +0000 (14:55 +0200)]
Use faster lastIndexOf()
Searching for a char index is faster than searching for a string, use
the former.
Change-Id: I528499247d6361cfeadb49b9d9d05df3ac12078a
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 10:25:27 +0000 (12:25 +0200)]
Bump versions to 0.16.4-SNAPSHOT
This starts the next development iteration.
Change-Id: I9f3bdc47994bc9fa912464376798f96c354d42ea
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 11:02:46 +0000 (13:02 +0200)]
Clean up filter loading
Reduce the size of try/catch block and use Class.asSubclass() to
remove an unchecked cast.
Change-Id: Ib2c90a3df761f7a8436a56ea37078ea94feb2084
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 10:59:28 +0000 (12:59 +0200)]
Simplify FilterDTO hierarchy
Only NamedFilterDTO needs initialization parameters, make sure we clean
up the hierarchy appropriately.
Change-Id: I8d9b2af086195e2ce567fb6725e5018a96a784a9
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 10:41:58 +0000 (12:41 +0200)]
Remove unneded this. qualifier
Field references are obvious, no need to use to over-specify them.
Change-Id: I02ffcad83f801cdd7faa0d0c53a13596f517a588
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 10:41:09 +0000 (12:41 +0200)]
Flatten else/if
Use a simple else if instead of nesting.
Change-Id: I05d3b54bebee2a2f78e5bf33e10834b3f1a5e8ba
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 10:02:23 +0000 (12:02 +0200)]
Optimize getFilterInstance()
This is a purely-private method, there is no point in using a Stream
where a nullable object suffices.
Change-Id: Ibcec056f3235022ffb4f7b2814d5e5250d436eed
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 09:59:16 +0000 (11:59 +0200)]
Optimize convertCustomFilterList()
Rather than creating a temporary collection, use Streams.concat()
to acquire a combined stream. Also collect directly to an ImmutableList,
so that we do not have two objects allocated.
Change-Id: Id9fdaa2f83524cdf0c8cc133f8cab9e1767c94c0
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 09:54:49 +0000 (11:54 +0200)]
Use ImmutableList for internal tracking
We are already assuming immutability, clean up types to make things a
tad more streamlined.
Change-Id: I50c94050d4632a25c6c0dafb42fc87ec76cbc7aa
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 09:48:29 +0000 (11:48 +0200)]
Iterate over simple array
There is no point in using Arrays.asList(), as we end up only iterating
over the list anyway.
Change-Id: I7e0345ea6ae92fc61d8814a0424837c51719612c
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 09:45:47 +0000 (11:45 +0200)]
Use Iterators.asEnumeration()
There is no point in open-coding an implementation, use Guava instead.
Change-Id: I8cad2cec9501178d69916636263f116cec8f7750
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 22 Sep 2022 09:19:39 +0000 (11:19 +0200)]
Ignore HTTP Whiteboard Filters
CustomFilterAdapterConfigurationImpl is listening for all servlet
filters being published to OSGi registry. This unfortunately means
it picks up also filters destined for HTTP Whiteboard -- such as
CustomFilterAdapter, which in turn uses ConfigurationImpl to get
its list of filters -- leading to the filter referencing itself.
Exclude Filters properly marked for HTTP Whiteboard from contributing to
the list and drop a FIXME for a future enhancement.
JIRA: AAA-235
Change-Id: I80c1264889b42a105a62cd5da4238a54554839dd
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 16 Sep 2022 17:51:59 +0000 (19:51 +0200)]
Bump versions to 0.16.3-SNAPSHOT
This starts the next development iteration.
Change-Id: Ia9cddf4a1b4ee5da34249c7f16bb6d77ec22d963
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 16 Sep 2022 17:40:53 +0000 (19:40 +0200)]
Remove aaa.web.jetty.test
Unit tests should be in the same package as the classes being tested,
fix that up.
Change-Id: I83fa642f874fa8b1f383032cc0ea64c25cf1c457
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 16 Sep 2022 17:39:05 +0000 (19:39 +0200)]
Remove aaa.web.tests
Unit tests should be in the same package, fix that up.
Change-Id: I6e41daecd47065be6fd60dc2eb8c57813861e3a8
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
OleksandrZharov [Fri, 16 Sep 2022 09:18:26 +0000 (11:18 +0200)]
Ensure patterns are absolute
The contract in web-api does not spell out the requirement for patterns
to conform to servlet spec. Jetty implementation needs to ensure they
start with a '/' just like the OSGi implementation does.
JIRA: AAA-232
Change-Id: I34879163596872e4e497a13c3b60111a317feadd
Signed-off-by: OleksandrZharov <Oleksandr.Zharov@pantheon.tech>
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 16 Sep 2022 08:40:10 +0000 (10:40 +0200)]
Bump upstreams
Adopt:
- mdsal-10.0.2
- controller-6.0.2
Change-Id: Ib8be205d49c6170b91bbf96bc52dd87ed27583ad
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Tue, 13 Sep 2022 10:16:46 +0000 (12:16 +0200)]
Use ResourceDetails.alias() from URL patterns
We have impedance on resource registration. We need to make sure we
interpret alias as the URL pattern.
JIRA: AAA-231
Change-Id: Ib3db3ce9e42665476e5ea2a91862363f3893af42
Signed-off-by: Ivan Martiniak <ivan.martiniak@pantheon.tech>
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Ivan Martiniak [Mon, 12 Sep 2022 05:20:49 +0000 (07:20 +0200)]
Fix web pattern propagation
Adding additional "contextPath" to URL patterns caused its doubling.
For instance, the pattern "apidoc/openapi3/apis/single" was represented
as "/apidoc/apidoc/openapi3/apis/single".
New whiteboard implementation adds this "contextPath" automatically,
because of its specification in the constant
HttpWhiteboardConstants.HTTP_WHITEBOARD_CONTEXT_PATH.
This is the difference against older pax-web implementation.
JIRA: AAA-230
Change-Id: I969706594f8cae10781d7a251cc689454982b83e
Signed-off-by: Ivan Martiniak <ivan.martiniak@pantheon.tech>
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 18 Aug 2022 20:28:19 +0000 (22:28 +0200)]
Bump versions to 0.16.2-SNAPSHOT
This starts the next development iteration.
Change-Id: I119dfb0836aaf0fc028450873fb8eff18b052080
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 18 Aug 2022 20:10:48 +0000 (22:10 +0200)]
Bump upstreams
Adopt:
- odlparent-11.0.1
- yangtools-9.0.1
- infrautils-4.0.1
- mdsal-10.0.1
- controller-6.0.1
Change-Id: I3f493f462dc83f5ed1bde69f75e6ac9a43aab047
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Tue, 16 Aug 2022 15:52:48 +0000 (17:52 +0200)]
Inject WebEnvironment into ODLAuthenticator
With the rework done in AAA-225 we no longer inject SecurityManager into
static contexts nor the WebEnvironment into the external web server.
This leads to SecurityUtils.getSubject() not being able to allocate a
subject -- and hence not working at all.
Rather than relying on static contexts, make sure we talk to the
WebEnvironment we create and use its SecurityManager to create subjects.
JIRA: AAA-215
Change-Id: I8ccc4411e31ab6b392a4be8211621fd940516935
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 11 Jul 2022 22:02:17 +0000 (00:02 +0200)]
Cleanup Arrays.copyOfRange() call
Let's keep the call on a single line to improve clarity.
Change-Id: Id57e91bf3c42a7a9cd655cfab7f2bc21649ceab4
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 11 Jul 2022 22:01:29 +0000 (00:01 +0200)]
Remove PKIUtil.ECDSA_CURVES
This Map is only used to initialize a constant, remove that indirection.
Change-Id: Ifa2553dc54cd88fdaea38ac8cf25867973a5bcf0
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 11 Jul 2022 21:54:53 +0000 (23:54 +0200)]
Move trailing comments
Sonarcloud does not like these, move them.
Change-Id: I6f6b6b4498b36cd6a80baff36131780bd5837779
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 11 Jul 2022 21:02:24 +0000 (23:02 +0200)]
Use FrameworkUtil.asDictionary()
We do not need a Hashtable, use FrameworkUtil to give us what we need.
Change-Id: Ib85e8fcfb7511e8c78576b7d27d33af896025abe
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 11 Jul 2022 20:42:32 +0000 (22:42 +0200)]
Simplify equals() methods
Sonarcloud does not like the structure here, clean it up, formatting the
code a bit.
Change-Id: I3fa7c0302a31233059de67a2eae44beaf951b0a8
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 11 Jul 2022 19:13:52 +0000 (21:13 +0200)]
Fix a typo
'implementation' is spelled incorrectly.
Change-Id: I3f216b1758fff9b71ee73137f5de849f479116d0
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 11 Jul 2022 19:11:08 +0000 (21:11 +0200)]
Remove OSGiH2Store
We have constructor injection, hence we can easily merge the two
implementation into one.
Change-Id: If4996612b4ffcbae9b4e5e5e377d6b042025b962
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 11 Jul 2022 19:04:40 +0000 (21:04 +0200)]
Fix a nullness warning
The result can be null, add an annotation to reflect that.
Change-Id: I6d26539bf3853bd9ed8289b896bd530ff4abb09d
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 11:58:43 +0000 (13:58 +0200)]
Bump versions to 0.16.1-SNAPSHOT
This starts the next development iteration.
Change-Id: Ide7c179de310af9b585c96f29ee2e7069b457717
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 17:08:03 +0000 (19:08 +0200)]
Refactor Shiro/HTTP integration
ShiroFilter is designed to work with EnvironmentLoaderListener, both of
which are designed to work with web.xml.
We are in programmatic-land, hence the indirection through
ServletContext lifecycle is completely unnecessary and actually is
hurtful, as we cannot smuggle WebEnvironment through OSGi HTTP
Whiteboard -- it requires String properties when coupled with
ServletContextHelper.
Here we create a much more direct connection, where AAAWebEnvironment
is eagerly-initialized and it is passed directly to AAAShiroFilter. This
allows us to use AbstractShiroFilter only without having to dance around
init() methods -- and eliminate binding to to static SecurityManager
wiring as well.
JIRA: AAA-225
Change-Id: Id3990dd533b5e60f3781f9e4cdc3114163ecb931
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 16:30:01 +0000 (18:30 +0200)]
Clarify WebContext.contextParams()
ServletContext's initial parameters can include any Object, but there
are implementation indirections, which limit these to Strings. Document
this fact.
Change-Id: Ie402ea1340584d1c0a008122d67fbeccb081b790
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 16:45:31 +0000 (18:45 +0200)]
Clean up AAAIniWebEnvironment a bit
Use lambdas to invoke things with ClassLoader.
Change-Id: Ia00379349684eb485c813a237fbfe8f248d993c6
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 15:24:48 +0000 (17:24 +0200)]
Use explicit "true" String
The spec says the property needs to be a String, make sure we comply.
JIRA: AAA-225
Change-Id: Ic0793676e79e50d79b55b73f2ad6d18055afb52d
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 14:55:39 +0000 (16:55 +0200)]
Bump Shiro to 1.9.1
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=
12310950&version=
12351487
JIRA: AAA-227
Change-Id: I9c8e53f0a8287755f69a309e7efea46a9d6e1aab
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 12:40:56 +0000 (14:40 +0200)]
Pull in pax-web-http-whiteboard
We need the extender to properly bridge our the HTTP Whiteboard.
JIRA: AAA-225
Change-Id: Ib3d3ff39681b5b8facf57399dd83529ba1954a7c
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
gvrangan [Sun, 27 Mar 2022 08:00:34 +0000 (13:30 +0530)]
Upgrade H2 to 2.1.210
This is a major incompatible upgrade. Release notes:
https://github.com/h2database/h2database/releases/tag/version-2.0.202
https://github.com/h2database/h2database/releases/tag/version-2.0.204
https://github.com/h2database/h2database/releases/tag/version-2.0.206
https://github.com/h2database/h2database/releases/tag/version-2.1.210
JIRA: AAA-221
Change-Id: I35487db539a24051cb8281e55527a8484d73a367
Signed-off-by: gvrangan <gvrangan@gmail.com>
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 09:17:11 +0000 (11:17 +0200)]
Rename H2 database tables
We have a potential conflict with H2 system tables, make sure we have
our own prefix. Since we are breaking compatibility, also use BOOLEAN
for ENABLED column.
JIRA: AAA-221
Change-Id: I9c84187cdc4528a71db90a8f046718b09120a7cf
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Tue, 5 Jul 2022 20:27:09 +0000 (22:27 +0200)]
Clean up H2 SQL interactions
We have a rather ugly mess around consistency of various queries. Clean
them up, so we can comfortably change things around in future. Also make
sure the tests are mocking things they should be mocking.
JIRA: AAA-221
Change-Id: Ide9ad6fb7028ba996ed8c1ed60df9cae17318999
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 6 Jul 2022 00:22:11 +0000 (02:22 +0200)]
Remove IdlLightConfig.log()
Implement a proper toString() rather than a dedicated log() method.
Change-Id: If102dd9e526e4bccd6c3617b97603932d5eb8750
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 4 Jul 2022 20:17:37 +0000 (22:17 +0200)]
Use pattern match on instanceof
Java 17 gives us a nice way to prevent duplicate casts, use it to
simplify our code.
Change-Id: I5e8e0dd110bacc04affba9348c448b2ffcc7ead2
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 4 Jul 2022 19:52:29 +0000 (21:52 +0200)]
Remove MapDictionary
We have OSGi R8, which has a FrameworkUtil.asDictionary(Map), hence
we do not need a custom Dictionary implementation.
Change-Id: Idada9d0fd6d7fc24079a91c34c19757cb9b4fd39
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 1 Jun 2022 01:02:09 +0000 (03:02 +0200)]
Adopt 2022.09 upstreams
Adopt:
- odlparent-11.0.0
- infrautils-4.0.0
- yangtools-9.0.0
- mdsal-10.0.0
- controller-6.0.0
Change-Id: Ic6ab892572b3ed46ea58a41b7f221482f684b902
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 4 Jul 2022 15:46:28 +0000 (17:46 +0200)]
Convert web-impl-osgi to WhiteBoard
We are using OSGi R7, which has a very much workable HTTP Whiteboard
specification. Rather than mucking with pax-web-api, use HTTP Whiteboard
for WebContext implementation. This has the nice side-effect of working
with any implementation, not only with pax-web.
JIRA: AAA-225
Change-Id: I6387333b44dc9b6a40f909c3d3ceb75693193014
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 4 Jul 2022 21:18:07 +0000 (23:18 +0200)]
Revert "Publish ShiroWebEnvironmentLoaderListener to HTTP whiteboard"
This reverts commit
a8e9e36a1c516a466ee90e6f58e4e902dd657ce9, as we are
keeping WebServer after all.
Change-Id: Ie1959b403d96a108116e2bf31b1e44c3fe5f4864
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 4 Jul 2022 21:13:48 +0000 (23:13 +0200)]
Revert "Publish AAAShiroFilter as a proper Filter service"
This reverts commit
b4bab95a954e7600b0427b86540db1706ffcad5b, as we are
keeping web-api.
Change-Id: If108478fb88d83a3243699dce994faa54e2d13af
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 4 Jul 2022 19:29:17 +0000 (21:29 +0200)]
Cleanup odl-aaa-web feature
Declare the feature so we can ditch project.version reference and make
sure odl-aaa-shiro does not pull in the osgi implementation artifact.
Also make sure the feature is mentioned in features-aaa and that in
turn uses the artifacts declaration.
Change-Id: Ibead8e8ea29e54258bbfddc80514b2655344b26d
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 4 Jul 2022 11:53:23 +0000 (13:53 +0200)]
Inject ServletSupport into KeystoneAuthRealm
Do not rely on jax-rs working, but rather explicitly route to the
provider.
Change-Id: I75306b14d22512984deed91e6799e77956563039
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 4 Jul 2022 07:53:19 +0000 (09:53 +0200)]
Do not use odl:type for DataBroker
Specifying odl:type has been deprecated, do not use it.
Change-Id: I684157ff8ffb9455103439ae893769ceb58f83ad
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 19:18:35 +0000 (21:18 +0200)]
Clean up AAAShiroFilter a bit
Shorten refernces and remove unneeded @RequireHttpWhiteboard
Change-Id: I9d62b64bdb006a258d038e7ca643a68da8defd74
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 03:40:11 +0000 (05:40 +0200)]
Eliminate ThreadLocals
We can nicely co-locate services with their users, eliminating one
instance of centralization.
Change-Id: Ibad16eb8241b5baa584782a2027ba0bd87b775ba
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 02:25:08 +0000 (04:25 +0200)]
Migrate more ThreadLocals
Move ThreadLocal instances to their sole consumer.
Change-Id: Ie46be3801d12987ca3cb3014b5e66096379fce7b
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 01:40:31 +0000 (03:40 +0200)]
Migrate CERT_MANAGER_TL
This thread local has a single user, make sure we encapsulate it.
Change-Id: I6463aa48d1f2d6798f9dc2a8b5e1fa2eac21790d
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 00:53:11 +0000 (02:53 +0200)]
Inject ServletSupport into MoonRealm
We cannot quite inject Jersey in OSGi environment. Make sure we indirect
through ServletSupport, which provides the proper binding.
Change-Id: I132d55f4fa4e9d853e96cf3e299e241df730cb00
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sat, 2 Jul 2022 23:57:42 +0000 (01:57 +0200)]
Pre-instantiate a WebTarget
Rather than building single-use targets, create one when it is
configured. Also fix a potential thread safety issue.
Change-Id: I40a044ab86a63e242f0e70995f9b6624a7a3acdd
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sat, 2 Jul 2022 23:48:54 +0000 (01:48 +0200)]
Cleanup MoonRealm
Do silently ignore invalid URL and perform general cleanup. This results
in more descriptive authentication rejections.
Change-Id: I599cf13273c2baed80b38baa19619168483216bc
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 01:47:20 +0000 (03:47 +0200)]
Tolerate empty lists
Rather than throwing a NPE, treat missing lists as empty.
Change-Id: I60184026444829a47c8b26effb41463f2acb52d1
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 01:01:22 +0000 (03:01 +0200)]
Clean up SimpleHttpClient
We should be operating on a ClientBuilder, make sure we inject one.
Change-Id: I176a2398676e6e5a31dcc15ee9364d912f841eaa
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 01:12:36 +0000 (03:12 +0200)]
Inline buildCache()
This is an implementation detail, make sure we express it as such.
Change-Id: I405f1e2abef28a39a6ab93bc56c1a912d233ac06
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 01:08:23 +0000 (03:08 +0200)]
Improve principal handling
Use an implicit type check instead of a CCE.
Change-Id: I3b9a897b05ecb6391a5613045f759799e619191f
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 01:22:54 +0000 (03:22 +0200)]
Remove unneed @SupressWarnings
We can use Throwables to clean up the throwing logic here, improving
code layout.
Change-Id: I4fb568775769e53a2797bfe4f430ac28b5092444
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sat, 2 Jul 2022 21:57:09 +0000 (23:57 +0200)]
Fix MapDictionary init
We need to be able to downcast Map<String,String> to
MapDictionary<String,Object>. Adjust signature to allow that.
Change-Id: I2aabe8455e246a625216b0eb56acbad5a8454cc1
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Sun, 3 Jul 2022 00:35:32 +0000 (02:35 +0200)]
Clarify ShiroWebEnvironmentLoaderListener FIXMEs
The two fixmes deal with configuration injection. Update the fixme.
Change-Id: Ifa0a905af81012183333a48b7b6bcf3903325012
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 16:40:44 +0000 (18:40 +0200)]
Remove docs/jetty dependency
We no longer rely on jetty-servlets, do not pull them into docs.
Change-Id: I95a7255e82079b07ee4d330593334f2638eab59d
JIRA: AAA-213
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 13:17:04 +0000 (15:17 +0200)]
Use descriptive statuses
Rather than using literals, use well-known constants and utility methods
to create responses.
Change-Id: I99d7eaaa414df10c60f21fdc56bbe1cae482250b
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 13:38:10 +0000 (15:38 +0200)]
Use MediaType.APPLICATION_JSON
We have a number of repetitions of application/json -- use the JAX-RS
constant for that.
Change-Id: I672440b10ec1ee181240b85ac4fd6d91ac9c6121
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 12:56:05 +0000 (14:56 +0200)]
Clean up UserHandler
Use minimal try/catch blocks, make methods static and clean up argument
handling.
Change-Id: Idd32d0256eb3525f1b0c86a373ca8443feffae47
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 12:45:02 +0000 (14:45 +0200)]
Clean up RoleHandler
Use minimal try/catch blocks and clean up argument handling.
Change-Id: I5ff238452e6d1522d39d447869cf0a13882b2518
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 15:14:12 +0000 (17:14 +0200)]
Remove final class suppression
Rework constructor design to remove the need for @SuppressWarnings.
Change-Id: Ifac715ba69b2cb4268c15ecef2d40abfc759b022
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 15:02:08 +0000 (17:02 +0200)]
Do not use ClientConfig
We are not doing anything with the configuration, just take a plain
client instead. This removes a dependency on the actual implementation.
Change-Id: I398b1bf40237788c52d28c01ac5c4117ae40e0ec
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 12:38:06 +0000 (14:38 +0200)]
Clean up DomainHandler
Use static import for requireNonNull() and clean up method arguments.
Change-Id: I889e96a576a85eebbb46e94baf4ef07330788372
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 14:32:43 +0000 (16:32 +0200)]
Do not use odl:type=default
Use of this type has been deprecated, do not use it.
Change-Id: I1c6a831334495d2dfd26ea18d2adffaae845bc61
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 14:31:33 +0000 (16:31 +0200)]
Do not use blueprint-cm
We are not using this namespace, do not reference it.
Change-Id: I92089c5c130767b2c8373180d93a1139c307adc1
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 12:01:48 +0000 (14:01 +0200)]
Clean up IdmLightApplication
Use ImmutableSet.of() and static import of requireNonNull().
Change-Id: I5ed0a6a9cec357a508ed3ecca8e8b9063b666054
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 11:58:25 +0000 (13:58 +0200)]
Cleanup TokenAuthRealm
Use static import of requireNonNull(), do not perform blind casts
and inline single-use constants.
Change-Id: I9defff8f9809be9bddf5bd0d9c88561b698eeb58
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 11:48:02 +0000 (13:48 +0200)]
Convert ThreadLocals to a final class
This is a holder for constants, it should not be an interface.
Change-Id: I14aec0f4ea3419da99c4dfe5f0f0eb3dfee54a92
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Fri, 1 Jul 2022 09:31:56 +0000 (11:31 +0200)]
Clean up CustomFilterAdapter
Make sure internal variable is an ImmutableList and compact the code a
bit.
Change-Id: I13d65b2ce8d79724533b77a64aee8d2e28b1807b
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 29 Jun 2022 14:21:10 +0000 (16:21 +0200)]
Remove CORS filter from ShiroWebContextSecurer
Remove the CORS defaults, so that we do not have a dependency on Jetty.
JIRA: AAA-213
Change-Id: Id16fadbd7e1e7da9b6986f20e20e254c2d00421a
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Tue, 28 Jun 2022 14:39:15 +0000 (16:39 +0200)]
Improve H2 store tests
We have weird asserts and general ugliness in the tests. Clean that up.
JIRA: AAA-221
Change-Id: I7a03c9e091f6fa4a53643688aa673e8169b83e1f
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 27 Jun 2022 09:05:03 +0000 (11:05 +0200)]
Fixup dependency-check
We have updated our artifacts, make sure that is reflected in
dependency-check.
Change-Id: I26c56ef6ab550e8e96eb45b7392e072058c42bf5
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 1 Jun 2022 01:02:09 +0000 (03:02 +0200)]
Remove WebContextRegistration
We have yangtools as a dependecy and WebContextRegistration is not
bringing anything to the table when compared to
yangtools.concepts.Registration. Remove it and use a simple Regisration
instead.
Change-Id: Iec504fad5c56c5c8ee2cc5744700ec544fc0f7f5
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 1 Jun 2022 00:47:54 +0000 (02:47 +0200)]
Remove redundant version declarations
We are inheriting from a version-specific parent, do not declare
versions.
Change-Id: Ice96e877d5389127db871308824fb5a95fd3dba8
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Wed, 1 Jun 2022 00:25:41 +0000 (02:25 +0200)]
Fix URL pattern logging
Logging an array is no quite useful, wrap it in a List.
Change-Id: Id30b21c8cb3fad00033b10852851013c3517b164
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 2 May 2022 20:38:44 +0000 (22:38 +0200)]
Publish AAAShiroFilter as a proper Filter service
We do not really need WebContextSecurer to address these paths. Also add
@WebFilter annotation so the filter works without web.xml.
Change-Id: Ie4258f2533e6eaa104ae2de0f2866e9ad04a10b2
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>