import com.google.common.base.Strings;
import com.google.common.util.concurrent.ListenableFuture;
-import com.google.common.util.concurrent.SettableFuture;
import org.opendaylight.aaa.cert.api.IAaaCertProvider;
import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetODLCertificateInput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetODLCertificateOutput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetODLCertificateOutputBuilder;
-import org.opendaylight.yangtools.yang.common.RpcError;
+import org.opendaylight.yangtools.yang.common.ErrorTag;
+import org.opendaylight.yangtools.yang.common.ErrorType;
import org.opendaylight.yangtools.yang.common.RpcResult;
import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
import org.slf4j.Logger;
@Override
public ListenableFuture<RpcResult<GetNodeCertificateOutput>> getNodeCertificate(
- final GetNodeCertificateInput input) {
- final SettableFuture<RpcResult<GetNodeCertificateOutput>> futureResult = SettableFuture.create();
+ final GetNodeCertificateInput input) {
final String cert = aaaCertProvider.getCertificateTrustStore(input.getNodeAlias(), false);
- if (!Strings.isNullOrEmpty(cert)) {
- final GetNodeCertificateOutput nodeCertOutput = new GetNodeCertificateOutputBuilder().setNodeCert(cert)
- .build();
- futureResult.set(RpcResultBuilder.success(nodeCertOutput).build());
- } else {
- String errorMsg = "getNodeCertificate does not fetch certificate for the alias " + input.getNodeAlias();
- futureResult.set(RpcResultBuilder.<GetNodeCertificateOutput>failed().withRpcError(RpcResultBuilder
- .newError(RpcError.ErrorType.APPLICATION, "", errorMsg)).build());
+ if (Strings.isNullOrEmpty(cert)) {
+ return RpcResultBuilder.<GetNodeCertificateOutput>failed()
+ .withRpcError(RpcResultBuilder.newError(ErrorType.APPLICATION, ErrorTag.DATA_MISSING,
+ "getNodeCertificate does not fetch certificate for the alias " + input.getNodeAlias()))
+ .buildFuture();
}
- return futureResult;
+
+ return RpcResultBuilder.success(new GetNodeCertificateOutputBuilder().setNodeCert(cert).build()).buildFuture();
}
@Override
public ListenableFuture<RpcResult<SetODLCertificateOutput>> setODLCertificate(final SetODLCertificateInput input) {
- final SettableFuture<RpcResult<SetODLCertificateOutput>> futureResult = SettableFuture.create();
if (aaaCertProvider.addCertificateODLKeyStore(input.getOdlCertAlias(), input.getOdlCert())) {
- futureResult.set(RpcResultBuilder.success(new SetODLCertificateOutputBuilder().build()).build());
- } else {
- futureResult.set(RpcResultBuilder.<SetODLCertificateOutput>failed().build());
- LOG.info("Error while adding ODL certificate");
+ return RpcResultBuilder.success(new SetODLCertificateOutputBuilder().build()).buildFuture();
}
- return futureResult;
+ LOG.info("Error while adding ODL certificate");
+ return RpcResultBuilder.<SetODLCertificateOutput>failed().buildFuture();
}
@Override
public ListenableFuture<RpcResult<GetODLCertificateOutput>> getODLCertificate(final GetODLCertificateInput input) {
- final SettableFuture<RpcResult<GetODLCertificateOutput>> futureResult = SettableFuture.create();
final String cert = aaaCertProvider.getODLKeyStoreCertificate(false);
- if (!Strings.isNullOrEmpty(cert)) {
- final GetODLCertificateOutput odlCertOutput = new GetODLCertificateOutputBuilder().setOdlCert(cert).build();
- futureResult.set(RpcResultBuilder.success(odlCertOutput).build());
- } else {
- futureResult.set(RpcResultBuilder.<GetODLCertificateOutput>failed().build());
+ if (Strings.isNullOrEmpty(cert)) {
+ return RpcResultBuilder.<GetODLCertificateOutput>failed().buildFuture();
}
- return futureResult;
+ return RpcResultBuilder.success(new GetODLCertificateOutputBuilder().setOdlCert(cert).build()).buildFuture();
}
@Override
public ListenableFuture<RpcResult<GetODLCertificateReqOutput>> getODLCertificateReq(
final GetODLCertificateReqInput input) {
- final SettableFuture<RpcResult<GetODLCertificateReqOutput>> futureResult = SettableFuture.create();
final String certReq = aaaCertProvider.genODLKeyStoreCertificateReq(false);
- if (!Strings.isNullOrEmpty(certReq)) {
- final GetODLCertificateReqOutput odlCertReqOutput = new GetODLCertificateReqOutputBuilder()
- .setOdlCertReq(certReq).build();
- futureResult.set(RpcResultBuilder.success(odlCertReqOutput).build());
- } else {
- futureResult.set(RpcResultBuilder.<GetODLCertificateReqOutput>failed().build());
+ if (Strings.isNullOrEmpty(certReq)) {
+ return RpcResultBuilder.<GetODLCertificateReqOutput>failed().buildFuture();
}
- return futureResult;
+ return RpcResultBuilder.success(new GetODLCertificateReqOutputBuilder().setOdlCertReq(certReq).build())
+ .buildFuture();
}
@Override
public ListenableFuture<RpcResult<SetNodeCertificateOutput>> setNodeCertificate(
final SetNodeCertificateInput input) {
- final SettableFuture<RpcResult<SetNodeCertificateOutput>> futureResult = SettableFuture.create();
if (aaaCertProvider.addCertificateTrustStore(input.getNodeAlias(), input.getNodeCert())) {
- futureResult.set(RpcResultBuilder.success(new SetNodeCertificateOutputBuilder().build()).build());
- } else {
- futureResult.set(RpcResultBuilder.<SetNodeCertificateOutput>failed().build());
- LOG.info("Error while adding the Node certificate");
+ return RpcResultBuilder.success(new SetNodeCertificateOutputBuilder().build()).buildFuture();
}
- return futureResult;
+ LOG.info("Error while adding the Node certificate");
+ return RpcResultBuilder.<SetNodeCertificateOutput>failed().buildFuture();
}
}
*/
public class ODLKeyTool {
private static final Logger LOG = LoggerFactory.getLogger(ODLKeyTool.class);
+ private static final SecureRandom RANDOM = new SecureRandom();
private final String workingDir;
* @return X509Certificate if the certificate string is not well formated
* will return null
*/
- private X509Certificate getCertificate(String certificate) {
+ private static X509Certificate getCertificate(String certificate) {
if (certificate.isEmpty()) {
return null;
}
*
* @return secure random number as BigInteger.
*/
- private BigInteger getSecureRandomeInt() {
- final SecureRandom secureRandom = new SecureRandom();
- final BigInteger bigInt = BigInteger.valueOf(secureRandom.nextInt());
+ private static BigInteger getSecureRandomeInt() {
+ final BigInteger bigInt = BigInteger.valueOf(RANDOM.nextInt());
return new BigInteger(1, bigInt.toByteArray());
}
*/
package org.opendaylight.aaa.cli.jar;
-import static java.util.Arrays.asList;
-
import java.io.File;
import java.io.IOException;
-import java.util.ArrayList;
import java.util.List;
import joptsimple.OptionParser;
import joptsimple.OptionSet;
protected static final int RETURN_PASSWORD_MISMATCH = -7;
@SuppressWarnings({ "unchecked", "checkstyle:IllegalThrows", "checkstyle:IllegalCatch" })
- public int parseArguments(String[] args) throws Exception {
+ public int parseArguments(final String[] args) throws Exception {
boolean isInDebugLogging = false;
try {
OptionParser optionParser = getOptionParser();
+ ", -" + OPTION_NEW_USER);
return RETURN_ARGUMENTS_INCOMPATIBLE;
} else if (optionSet.has(OPTION_PASS)
- && !(optionSet.has(OPTION_CHANGE_USER) || optionSet.has(OPTION_VERIFY_USER))
+ && !optionSet.has(OPTION_CHANGE_USER) && !optionSet.has(OPTION_VERIFY_USER)
&& !optionSet.has(OPTION_NEW_USER)) {
System.err.println("If passwords are specificied, then must use one or the other of these options: -"
+ OPTION_CHANGE_USER + ", -" + OPTION_NEW_USER);
return RETURN_ARGUMENTS_MISSING;
}
- List<String> userNames = new ArrayList<>();
+ final List<String> userNames;
if (optionSet.has(OPTION_CHANGE_USER)) {
userNames = (List<String>) optionSet.valuesOf(OPTION_CHANGE_USER);
} else if (optionSet.has(OPTION_NEW_USER)) {
userNames = (List<String>) optionSet.valuesOf(OPTION_DEL_USER);
} else if (optionSet.has(OPTION_VERIFY_USER)) {
userNames = (List<String>) optionSet.valuesOf(OPTION_VERIFY_USER);
+ } else {
+ userNames = List.of();
}
List<String> passwords = (List<String>) optionSet.valuesOf(OPTION_PASS);
if (!optionSet.has(OPTION_DEL_USER) && passwords.size() != userNames.size()) {
}
}
- private OptionParser getOptionParser() {
- return new OptionParser() { {
- acceptsAll(asList(OPTION_HELP, "?"), "Show help").forHelp();
- accepts(OPTION_DB_DIR, "databaseDirectory").withRequiredArg().ofType(File.class)
- .defaultsTo(new File(".")).describedAs("path");
- acceptsAll(asList(OPTION_LIST_USERS, "listUsers"), "List all existing users");
- acceptsAll(asList(OPTION_NEW_USER, "newUser"), "New user to create").withRequiredArg();
- acceptsAll(asList(OPTION_CHANGE_USER, "changeUser"), "Existing user name to change password")
- .withRequiredArg();
- acceptsAll(asList(OPTION_DEL_USER, "deleteUser"), "Existing user name to delete")
- .withRequiredArg();
- acceptsAll(asList(OPTION_VERIFY_USER, "verifyUser"), "Existing user name to verify password of")
- .withRequiredArg();
- acceptsAll(asList(OPTION_PASS, "passwd"), "New password").withRequiredArg();
- accepts(OPTION_ADMINS, "New User(s) added with 'admin' role");
- // TODO accepts("v", "Display version information").forHelp();
- acceptsAll(asList(OPTION_DEBUG, "debug"), "Produce execution debug output");
-
- allowsUnrecognizedOptions();
- }
- };
+ private static OptionParser getOptionParser() {
+ final var parser = new OptionParser();
+
+ parser.acceptsAll(List.of(OPTION_HELP, "?"), "Show help").forHelp();
+ parser.accepts(OPTION_DB_DIR, "databaseDirectory").withRequiredArg().ofType(File.class)
+ .defaultsTo(new File(".")).describedAs("path");
+ parser.acceptsAll(List.of(OPTION_LIST_USERS, "listUsers"), "List all existing users");
+ parser.acceptsAll(List.of(OPTION_NEW_USER, "newUser"), "New user to create").withRequiredArg();
+ parser.acceptsAll(List.of(OPTION_CHANGE_USER, "changeUser"), "Existing user name to change password")
+ .withRequiredArg();
+ parser.acceptsAll(List.of(OPTION_DEL_USER, "deleteUser"), "Existing user name to delete")
+ .withRequiredArg();
+ parser.acceptsAll(List.of(OPTION_VERIFY_USER, "verifyUser"), "Existing user name to verify password of")
+ .withRequiredArg();
+ parser.acceptsAll(List.of(OPTION_PASS, "passwd"), "New password").withRequiredArg();
+ parser.accepts(OPTION_ADMINS, "New User(s) added with 'admin' role");
+ // TODO accepts("v", "Display version information").forHelp();
+ parser.acceptsAll(List.of(OPTION_DEBUG, "debug"), "Produce execution debug output");
+
+ parser.allowsUnrecognizedOptions();
+ return parser;
}
- protected void unrecognizedOptions(List<?> unrecognizedOptions) {
+ protected void unrecognizedOptions(final List<?> unrecognizedOptions) {
System.err.println("Unrecognized options: " + unrecognizedOptions);
}
- protected void printHelp(OptionParser optionParser) throws IOException {
+ protected void printHelp(final OptionParser optionParser) throws IOException {
optionParser.printHelpOn(System.out);
}
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
-import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
private static final String DEFAULT_CONFIG_FILE_PATH = "etc" + File.separator + "opendaylight" + File.separator
+ "datastore" + File.separator + "initial" + File.separator + "config" + File.separator
+ "aaa-encrypt-service-config.xml";
+ private static final SecureRandom RANDOM = new SecureRandom();
private final SecretKey key;
private final IvParameterSpec ivspec;
if (encrySrvConfig.getEncryptKey() != null && encrySrvConfig.getEncryptKey().isEmpty()) {
LOG.debug("Set the Encryption service password and encrypt salt");
String newPwd = RandomStringUtils.random(encrySrvConfig.getPasswordLength(), true, true);
- final Random random = new SecureRandom();
byte[] salt = new byte[16];
- random.nextBytes(salt);
+ RANDOM.nextBytes(salt);
String encodedSalt = Base64.getEncoder().encodeToString(salt);
encrySrvConfig = new AaaEncryptServiceConfigBuilder(encrySrvConfig).setEncryptKey(newPwd)
.setEncryptSalt(encodedSalt).build();
| InvalidKeyException e) {
LOG.error("Failed to create encrypt cipher.", e);
}
- this.encryptCipher = cipher;
+ encryptCipher = cipher;
cipher = null;
try {
cipher = Cipher.getInstance(encrySrvConfig.getCipherTransforms());
| InvalidKeyException e) {
LOG.error("Failed to create decrypt cipher.", e);
}
- this.decryptCipher = cipher;
+ decryptCipher = cipher;
}
@Override
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent-lite</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.cmpn</artifactId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
</dependency>
</dependencies>
<!-- OSGI dependencies -->
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.cmpn</artifactId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.metatype.annotations</artifactId>
</dependency>
<!-- External dependencies -->
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.cmpn</artifactId>
+ <artifactId>org.osgi.service.component</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.mdsal</groupId>
+ <artifactId>yang-binding</artifactId>
</dependency>
<dependency>
<groupId>org.opendaylight.mdsal</groupId>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent-lite</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
- <dependency>
- <groupId>org.opendaylight.yangtools</groupId>
- <artifactId>concepts</artifactId>
- </dependency>
<dependency>
<groupId>org.opendaylight.yangtools</groupId>
<artifactId>yang-common</artifactId>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.cmpn</artifactId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.http</artifactId>
</dependency>
<dependency>
<groupId>com.guicedee.services</groupId>
*/
package org.opendaylight.aaa.shiro.realm;
+import static java.util.Objects.requireNonNull;
+
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.UncheckedExecutionException;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
-import java.util.Objects;
-import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.slf4j.LoggerFactory;
/**
- * KeystoneAuthRealm is a Shiro Realm that authenticates users from
- * OpenStack Keystone.
+ * KeystoneAuthRealm is a Shiro Realm that authenticates users from OpenStack Keystone.
*/
+// Non-final for testing
public class KeystoneAuthRealm extends AuthorizingRealm {
-
private static final Logger LOG = LoggerFactory.getLogger(KeystoneAuthRealm.class);
private static final String NO_CATALOG_OPTION = "nocatalog";
private volatile boolean sslVerification = true;
private volatile String defaultDomain = DEFAULT_KEYSTONE_DOMAIN;
- private final LoadingCache<Boolean, SimpleHttpClient> clientCache = buildCache();
+ private final LoadingCache<Boolean, SimpleHttpClient> clientCache;
private final ICertificateManager certManager;
+ @SuppressFBWarnings(value = "MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR", justification = "Legacy class layout")
public KeystoneAuthRealm() {
- this.certManager = Objects.requireNonNull(ThreadLocals.CERT_MANAGER_TL.get());
+ certManager = requireNonNull(ThreadLocals.CERT_MANAGER_TL.get());
+ clientCache = buildCache();
LOG.info("KeystoneAuthRealm created");
}
return doGetAuthenticationInfo(authenticationToken, client);
} catch (UncheckedExecutionException e) {
Throwable cause = e.getCause();
- if (!Objects.isNull(cause) && cause instanceof AuthenticationException) {
+ if (cause instanceof AuthenticationException) {
throw (AuthenticationException) cause;
}
throw e;
throw new AuthenticationException(FATAL_ERROR_BASIC_AUTH_ONLY);
}
- if (Objects.isNull(theServerUri)) {
+ if (theServerUri == null) {
LOG.error("Invalid URL to Keystone server");
throw new AuthenticationException(FATAL_ERROR_INVALID_URL);
}
.expireAfterWrite(CLIENT_EXPIRE_AFTER_WRITE, TimeUnit.SECONDS)
.build(new CacheLoader<Boolean, SimpleHttpClient>() {
@Override
- public SimpleHttpClient load(Boolean withSslVerification) throws Exception {
+ public SimpleHttpClient load(final Boolean withSslVerification) throws Exception {
return buildClient(withSslVerification, certManager, SimpleHttpClient.clientBuilder());
}
});
.build();
}
- private SSLContext getSecureSSLContext(final ICertificateManager certificateManager) {
- final SSLContext sslContext = Optional.ofNullable(certificateManager)
- .map(ICertificateManager::getServerContext)
- .orElse(null);
- if (Objects.isNull(sslContext)) {
- LOG.error("Could not get a valid SSL context from certificate manager");
- throw new AuthenticationException(UNABLE_TO_AUTHENTICATE);
+ private static SSLContext getSecureSSLContext(final ICertificateManager certificateManager) {
+ if (certificateManager != null) {
+ final SSLContext sslContext = certificateManager.getServerContext();
+ if (sslContext != null) {
+ return sslContext;
+ }
}
- return sslContext;
+
+ LOG.error("Could not get a valid SSL context from certificate manager");
+ throw new AuthenticationException(UNABLE_TO_AUTHENTICATE);
}
/**
* .apache.shiro.authc.AuthenticationToken)
*/
@Override
- protected AuthenticationInfo doGetAuthenticationInfo(
- final AuthenticationToken authenticationToken) throws AuthenticationException {
+ protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken authenticationToken)
+ throws AuthenticationException {
+ if (authenticationToken == null) {
+ throw new AuthenticationException(FATAL_ERROR_DECODING_CREDENTIALS);
+ }
final String username;
final String password;
username = HeaderUtils.extractUsername(possiblyQualifiedUser);
domain = HeaderUtils.extractDomain(possiblyQualifiedUser);
password = TokenUtils.extractPassword(authenticationToken);
-
- } catch (NullPointerException e) {
- throw new AuthenticationException(FATAL_ERROR_DECODING_CREDENTIALS, e);
} catch (ClassCastException e) {
throw new AuthenticationException(FATAL_ERROR_BASIC_AUTH_ONLY, e);
}
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
-
package org.opendaylight.aaa.shiro.realm.util;
import org.apache.shiro.authc.AuthenticationToken;
* Utilities for manipulating <code>AuthenticationToken</code> instances from Shiro.
*/
public final class TokenUtils {
-
private TokenUtils() {
+ // Hidden on purpose
}
/**
* @param authenticationToken authentication token
* @return string with the user name
*/
- public static String extractUsername(final AuthenticationToken authenticationToken)
- throws ClassCastException, NullPointerException {
-
+ public static String extractUsername(final AuthenticationToken authenticationToken) throws ClassCastException {
return (String) authenticationToken.getPrincipal();
}
* @param authenticationToken authentication token
* @return string with the extracted password
*/
- public static String extractPassword(final AuthenticationToken authenticationToken)
- throws ClassCastException, NullPointerException {
-
+ public static String extractPassword(final AuthenticationToken authenticationToken) throws ClassCastException {
final UsernamePasswordToken upt = (UsernamePasswordToken) authenticationToken;
return new String(upt.getPassword());
}
import static org.opendaylight.yangtools.util.concurrent.FluentFutures.immediateFailedFluentFuture;
import static org.opendaylight.yangtools.util.concurrent.FluentFutures.immediateFluentFuture;
-import com.google.common.collect.Lists;
-import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
+import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
}
// test helper method to generate some cool mdsal data
- private static DataBroker getTestData() throws Exception {
+ private static DataBroker getTestData() {
return getTestData("/**", "admin", "Default Test AuthZ Rule", Permissions.Actions.Put);
}
// test helper method to generate some cool mdsal data
private static DataBroker getTestData(final String resource, final String role, final String description,
- final Permissions.Actions actions) throws Exception {
+ final Permissions.Actions actions) {
- final List<Permissions.Actions> actionsList = Lists.newArrayList(actions);
final Permissions permissions = mock(Permissions.class);
when(permissions.getRole()).thenReturn(role);
- when(permissions.getActions()).thenReturn(actionsList);
- final List<Permissions> permissionsList = Lists.newArrayList(permissions);
- final org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies
- innerPolicies = mock(
- org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies.class);
+ when(permissions.getActions()).thenReturn(Set.of(actions));
+ final var innerPolicies = mock(org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214
+ .http.authorization.policies.Policies.class);
when(innerPolicies.getResource()).thenReturn(resource);
when(innerPolicies.getDescription()).thenReturn(description);
- when(innerPolicies.getPermissions()).thenReturn(permissionsList);
- final List<org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies>
- policiesList = Lists.newArrayList(innerPolicies);
+ when(innerPolicies.getPermissions()).thenReturn(List.of(permissions));
final Policies policies = mock(Policies.class);
- when(policies.getPolicies()).thenReturn(policiesList);
+ when(policies.getPolicies()).thenReturn(List.of(innerPolicies));
final HttpAuthorization httpAuthorization = mock(HttpAuthorization.class);
when(httpAuthorization.getPolicies()).thenReturn(policies);
// Same as above, but with an empty policy list returned.
final Policies policies = mock(Policies.class);
- when(policies.getPolicies()).thenReturn(new ArrayList<>());
+ when(policies.getPolicies()).thenReturn(List.of());
final HttpAuthorization httpAuthorization = mock(HttpAuthorization.class);
when(httpAuthorization.getPolicies()).thenReturn(policies);
filter = newFilter(mock(Subject.class), mockDataBroker(httpAuthorization));
//
// Create some mock data which has a couple of rules which may/may not match. This
// test ensures the correct application of said rules.
- final List<Permissions.Actions> actionsList = Lists
- .newArrayList(Permissions.Actions.Get, Permissions.Actions.Delete, Permissions.Actions.Patch,
- Permissions.Actions.Put, Permissions.Actions.Post);
+ final Set<Permissions.Actions> actionsList = Set.of(Permissions.Actions.Get, Permissions.Actions.Delete,
+ Permissions.Actions.Patch, Permissions.Actions.Put, Permissions.Actions.Post);
final String role = "admin";
final String resource = "/**";
final String resource2 = "/specialendpoint/**";
final Permissions permissions = mock(Permissions.class);
when(permissions.getRole()).thenReturn(role);
when(permissions.getActions()).thenReturn(actionsList);
- final List<Permissions> permissionsList = Lists.newArrayList(permissions);
- final org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies
- innerPolicies = mock(
- org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies.class);
+ final var innerPolicies = mock(org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214
+ .http.authorization.policies.Policies.class);
when(innerPolicies.getResource()).thenReturn(resource);
when(innerPolicies.getIndex()).thenReturn(Uint32.valueOf(5));
when(innerPolicies.getDescription()).thenReturn(description);
- when(innerPolicies.getPermissions()).thenReturn(permissionsList);
- final org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies
- innerPolicies2 = mock(
- org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies.class);
+ when(innerPolicies.getPermissions()).thenReturn(List.of(permissions));
+ final var innerPolicies2 = mock(org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214
+ .http.authorization.policies.Policies.class);
when(innerPolicies2.getResource()).thenReturn(resource2);
- when(innerPolicies2.getIndex()).thenReturn(Uint32.valueOf(10));
+ when(innerPolicies2.getIndex()).thenReturn(Uint32.TEN);
final Permissions permissions2 = mock(Permissions.class);
when(permissions2.getRole()).thenReturn("dog");
when(permissions2.getActions()).thenReturn(actionsList);
- when(innerPolicies2.getPermissions()).thenReturn(Lists.newArrayList(permissions2));
+ when(innerPolicies2.getPermissions()).thenReturn(List.of(permissions2));
when(innerPolicies2.getDescription()).thenReturn("Specialized Rule");
- List<org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies>
- policiesList = Lists.newArrayList(innerPolicies, innerPolicies2);
final Policies policies = mock(Policies.class);
- when(policies.getPolicies()).thenReturn(policiesList);
+ when(policies.getPolicies()).thenReturn(List.of(innerPolicies, innerPolicies2));
final HttpAuthorization httpAuthorization = mock(HttpAuthorization.class);
when(httpAuthorization.getPolicies()).thenReturn(policies);
// Now reverse the ordering of the rules, and ensure that access is denied (except for
// the first non-applicable rule, which should still be allowed). This is
// because the Subject making the request is not granted the "dog" role.
- policiesList = Lists.newArrayList(innerPolicies2, innerPolicies);
- when(policies.getPolicies()).thenReturn(policiesList);
+ when(policies.getPolicies()).thenReturn(List.of(innerPolicies2, innerPolicies));
// Modify Index to ensure the innerPolicies2 actually gets
// used instead of innerPolicies
when(innerPolicies2.getIndex()).thenReturn(Uint32.valueOf(4));
final String role = "admin";
final String resource = "/**";
final String description = "Test description";
- final List<Permissions.Actions> actionsList = Lists
- .newArrayList(Permissions.Actions.Get, Permissions.Actions.Put, Permissions.Actions.Delete,
- Permissions.Actions.Patch, Permissions.Actions.Post);
final Permissions permissions = mock(Permissions.class);
when(permissions.getRole()).thenReturn(role);
- when(permissions.getActions()).thenReturn(actionsList);
+ when(permissions.getActions()).thenReturn(Set.of(Permissions.Actions.Get, Permissions.Actions.Put,
+ Permissions.Actions.Delete, Permissions.Actions.Patch, Permissions.Actions.Post));
final Permissions permissions2 = mock(Permissions.class);
when(permissions2.getRole()).thenReturn("user");
- when(permissions2.getActions()).thenReturn(Lists.newArrayList(Permissions.Actions.Get));
- final List<Permissions> permissionsList = Lists.newArrayList(permissions, permissions2);
- final org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies
- innerPolicies = mock(
- org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies.class);
+ when(permissions2.getActions()).thenReturn(Set.of(Permissions.Actions.Get));
+ final var innerPolicies = mock(org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214
+ .http.authorization.policies.Policies.class);
when(innerPolicies.getResource()).thenReturn(resource);
when(innerPolicies.getDescription()).thenReturn(description);
- when(innerPolicies.getPermissions()).thenReturn(permissionsList);
- final List<org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
- .policies.Policies>
- policiesList = Lists.newArrayList(innerPolicies);
+ when(innerPolicies.getPermissions()).thenReturn(List.of(permissions, permissions2));
final Policies policies = mock(Policies.class);
- when(policies.getPolicies()).thenReturn(policiesList);
+ when(policies.getPolicies()).thenReturn(List.of(innerPolicies));
final HttpAuthorization httpAuthorization = mock(HttpAuthorization.class);
when(httpAuthorization.getPolicies()).thenReturn(policies);
assertFalse(filter.isAccessAllowed(request, null, null));
when(request.getMethod()).thenReturn("Get");
assertTrue(filter.isAccessAllowed(request, null, null));
-
}
}
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent-lite</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.cmpn</artifactId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.metatype.annotations</artifactId>
</dependency>
<dependency>
<groupId>com.guicedee.services</groupId>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent-lite</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<dependency>
<groupId>org.opendaylight.infrautils</groupId>
<artifactId>inject.guice.testutils</artifactId>
- <version>2.0.13</version>
+ <version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<link>https://commons.apache.org/proper/commons-lang/javadocs/api-release/</link>
<link>https://commons.apache.org/proper/commons-codec/apidocs/</link>
- <link>https://www.javadoc.io/doc/org.opendaylight.odlparent/odlparent-docs/9.0.13/</link>
- <link>https://www.javadoc.io/doc/org.opendaylight.infrautils/infrautils-docs/2.0.13/</link>
- <link>https://www.javadoc.io/doc/org.opendaylight.yangtools/yangtools-docs/7.0.14/</link>
- <link>https://www.javadoc.io/doc/org.opendaylight.mdsal/mdsal-docs/8.0.11/</link>
- <link>https://www.javadoc.io/doc/org.opendaylight.controller/controller-docs/4.0.10/</link>
+ <link>https://www.javadoc.io/doc/org.opendaylight.odlparent/odlparent-docs/10.0.0/</link>
+ <link>https://www.javadoc.io/doc/org.opendaylight.infrautils/infrautils-docs/3.0.0/</link>
+ <link>https://www.javadoc.io/doc/org.opendaylight.yangtools/yangtools-docs/8.0.0-SNAPSHOT/</link>
+ <link>https://www.javadoc.io/doc/org.opendaylight.mdsal/mdsal-docs/9.0.0-SNAPSHOT/</link>
+ <link>https://www.javadoc.io/doc/org.opendaylight.controller/controller-docs/5.0.0-SNAPSHOT/</link>
</links>
<!--groups>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>feature-repo-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<dependency>
<groupId>org.opendaylight.mdsal</groupId>
<artifactId>odl-mdsal-binding-base</artifactId>
- <version>8.0.11</version>
+ <version>9.0.0-SNAPSHOT</version>
<type>xml</type>
<classifier>features</classifier>
</dependency>
-->
<features xmlns="http://karaf.apache.org/xmlns/features/v1.2.0" name="odl-aaa-${project.version}">
<feature name="odl-aaa-api" version="${project.version}">
- <feature version="[9,10)">odl-jakarta-activation-api</feature>
- <feature version="[9,10)">odl-servlet-api</feature>
- <feature version="[9,10)">odl-ws-rs-api</feature>
- <feature version="[8,9)">odl-mdsal-binding-base</feature>
+ <feature version="[10,11)">odl-jakarta-activation-api</feature>
+ <feature version="[10,11)">odl-servlet-api</feature>
+ <feature version="[10,11)">odl-ws-rs-api</feature>
+ <feature version="[9,10)">odl-mdsal-binding-base</feature>
</feature>
</features>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<dependency>
<groupId>org.opendaylight.controller</groupId>
<artifactId>odl-mdsal-broker</artifactId>
- <version>4.0.10</version>
+ <version>5.0.0-SNAPSHOT</version>
<type>xml</type>
<classifier>features</classifier>
</dependency>
-->
<features name="odl-aaa-${project.version}" xmlns="http://karaf.apache.org/xmlns/features/v1.2.0">
<feature name="odl-aaa-cert" version="${project.version}">
- <feature version="[4,5)">odl-mdsal-broker</feature>
+ <feature version="[5,6)">odl-mdsal-broker</feature>
<configfile finalname="etc/opendaylight/datastore/initial/config/aaa-cert-config.xml">
mvn:org.opendaylight.aaa/aaa-cert/${project.version}/xml/config
</configfile>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<dependencyManagement>
<dependencies>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>controller-artifacts</artifactId>
+ <version>5.0.0-SNAPSHOT</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>aaa-artifacts</artifactId>
<dependency>
<groupId>org.opendaylight.controller</groupId>
<artifactId>odl-mdsal-broker</artifactId>
- <version>4.0.10</version>
+ <type>xml</type>
+ <classifier>features</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>odl-controller-blueprint</artifactId>
<type>xml</type>
<classifier>features</classifier>
</dependency>
-->
<features name="odl-aaa-${project.version}" xmlns="http://karaf.apache.org/xmlns/features/v1.2.0">
<feature name="odl-aaa-encryption-service" version="${project.version}">
- <feature version="[4,5)">odl-mdsal-broker</feature>
+ <feature version="[5,6)">odl-controller-blueprint</feature>
+ <feature version="[5,6)">odl-mdsal-broker</feature>
<configfile finalname="etc/opendaylight/datastore/initial/config/aaa-encrypt-service-config.xml">
mvn:org.opendaylight.aaa/aaa-encrypt-service-impl/${project.version}/xml/config
</configfile>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<dependency>
<groupId>org.opendaylight.mdsal</groupId>
<artifactId>odl-mdsal-binding-base</artifactId>
- <version>8.0.11</version>
+ <version>9.0.0-SNAPSHOT</version>
<type>xml</type>
<classifier>features</classifier>
</dependency>
<dependency>
<groupId>org.opendaylight.controller</groupId>
<artifactId>odl-mdsal-broker</artifactId>
- <version>4.0.10</version>
+ <version>5.0.0-SNAPSHOT</version>
<type>xml</type>
<classifier>features</classifier>
</dependency>
-->
<features name="odl-aaa-${project.version}" xmlns="http://karaf.apache.org/xmlns/features/v1.2.0">
<feature name="odl-aaa-password-service" version="${project.version}">
- <feature version="[8,9)">odl-mdsal-binding-base</feature>
- <feature version="[4,5)">odl-mdsal-broker</feature>
+ <feature version="[9,10)">odl-mdsal-binding-base</feature>
+ <feature version="[5,6)">odl-mdsal-broker</feature>
<configfile finalname="etc/opendaylight/datastore/initial/config/aaa-password-service-config.xml">
mvn:org.opendaylight.aaa/aaa-password-service-impl/${project.version}/xml/aaa-password-service-config
</configfile>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<configfile finalname="/etc/org.opendaylight.aaa.filterchain.cfg">
mvn:org.opendaylight.aaa/aaa-filterchain/${project.version}/cfg/config
</configfile>
- <feature version="[9,10)">odl-karaf-feat-jdbc</feature>
- <feature version="[9,10)">odl-karaf-feat-jetty</feature>
- <feature version="[4,5)">odl-jolokia</feature>
+ <feature version="[10,11)">odl-karaf-feat-jdbc</feature>
+ <feature version="[10,11)">odl-karaf-feat-jetty</feature>
+ <feature version="[5,6)">odl-jolokia</feature>
</feature>
</features>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<dependency>
<groupId>org.opendaylight.yangtools</groupId>
<artifactId>yangtools-artifacts</artifactId>
- <version>7.0.14</version>
+ <version>8.0.0-SNAPSHOT</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<?xml version="1.0" encoding="UTF-8"?>
<features xmlns="http://karaf.apache.org/xmlns/features/v1.4.0" name="odl-aaa-${project.version}">
<feature name="odl-aaa-web" version="${project.version}">
- <feature version="[9,10)">odl-karaf-feat-jetty</feature>
- <feature version="[9,10)">odl-guava</feature>
- <feature version="[9,10)">odl-jersey-2</feature>
- <feature version="[7,8)">odl-yangtools-util</feature>
+ <feature version="[10,11)">odl-karaf-feat-jetty</feature>
+ <feature version="[10,11)">odl-guava</feature>
+ <feature version="[10,11)">odl-jersey-2</feature>
+ <feature version="[8,9)">odl-yangtools-util</feature>
</feature>
</features>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
-->
<features name="odl-aaa-${project.version}" xmlns="http://karaf.apache.org/xmlns/features/v1.2.0">
<feature name="odl-apache-shiro" version="${project.version}">
- <feature version="[9,10)">odl-servlet-api</feature>
+ <feature version="[10,11)">odl-servlet-api</feature>
</feature>
</features>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent-lite</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>karaf4-parent</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
<parent>
<groupId>org.opendaylight.mdsal</groupId>
<artifactId>binding-parent</artifactId>
- <version>8.0.11</version>
+ <version>9.0.0-SNAPSHOT</version>
<relativePath/>
</parent>
<dependency>
<groupId>org.opendaylight.controller</groupId>
<artifactId>controller-artifacts</artifactId>
- <version>4.0.10</version>
+ <version>5.0.0-SNAPSHOT</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<!-- Third-party -->
+ <dependency>
+ <groupId>com.h2database</groupId>
+ <artifactId>h2</artifactId>
+ <version>1.4.200</version>
+ </dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent-lite</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.core</artifactId>
+ <artifactId>org.osgi.framework</artifactId>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.cmpn</artifactId>
+ <artifactId>org.osgi.service.component</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
</dependency>
</dependencies>
</project>
<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>odlparent-lite</artifactId>
- <version>9.0.13</version>
+ <version>10.0.0</version>
<relativePath/>
</parent>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.cmpn</artifactId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
</dependency>
</dependencies>
</project>
<dependency>
<groupId>org.opendaylight.infrautils</groupId>
<artifactId>infrautils-artifacts</artifactId>
- <version>2.0.13</version>
+ <version>3.0.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
Code Review / aaa.git / commitdiff