opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java

   1 /*
   2  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.controller.web;
  10
  11 import java.net.InetAddress;
  12 import java.net.UnknownHostException;
  13 import java.util.ArrayList;
  14 import java.util.List;
  15 import java.util.Set;
  16
  17 import javax.servlet.http.HttpServletRequest;
  18 import javax.servlet.http.HttpSession;
  19
  20 import org.opendaylight.controller.clustering.services.IClusterGlobalServices;
  21 import org.opendaylight.controller.connectionmanager.IConnectionManager;
  22 import org.opendaylight.controller.sal.authorization.UserLevel;
  23 import org.opendaylight.controller.sal.core.Description;
  24 import org.opendaylight.controller.sal.core.Node;
  25 import org.opendaylight.controller.sal.utils.GlobalConstants;
  26 import org.opendaylight.controller.sal.utils.ServiceHelper;
  27 import org.opendaylight.controller.sal.utils.Status;
  28 import org.opendaylight.controller.sal.utils.StatusCode;
  29 import org.opendaylight.controller.switchmanager.ISwitchManager;
  30 import org.opendaylight.controller.usermanager.IUserManager;
  31 import org.opendaylight.controller.usermanager.UserConfig;
  32 import org.springframework.stereotype.Controller;
  33 import org.springframework.web.bind.annotation.PathVariable;
  34 import org.springframework.web.bind.annotation.RequestMapping;
  35 import org.springframework.web.bind.annotation.RequestMethod;
  36 import org.springframework.web.bind.annotation.RequestParam;
  37 import org.springframework.web.bind.annotation.ResponseBody;
  38
  39 import com.google.gson.Gson;
  40
  41 @Controller
  42 @RequestMapping("/admin")
  43 public class DaylightWebAdmin {
  44     Gson gson = new Gson();
  45
  46     /**
  47      * Returns list of clustered controllers. Highlights "this" controller and
  48      * if controller is coordinator
  49      *
  50      * @return List<ClusterBean>
  51      */
  52     @RequestMapping("/cluster")
  53     @ResponseBody
  54     public String getClusteredControllers() {
  55         IClusterGlobalServices clusterServices = (IClusterGlobalServices) ServiceHelper.getGlobalInstance(
  56                 IClusterGlobalServices.class, this);
  57         if (clusterServices == null) {
  58             return null;
  59         }
  60         IConnectionManager connectionManager = (IConnectionManager) ServiceHelper.getGlobalInstance(
  61                 IConnectionManager.class, this);
  62         if (connectionManager == null) {
  63             return null;
  64         }
  65
  66         List<ClusterNodeBean> clusterNodes = new ArrayList<ClusterNodeBean>();
  67
  68         List<InetAddress> controllers = clusterServices.getClusteredControllers();
  69         for (InetAddress controller : controllers) {
  70             ClusterNodeBean.Builder clusterBeanBuilder = new ClusterNodeBean.Builder(controller);
  71
  72             // get number of connected nodes
  73             Set<Node> connectedNodes = connectionManager.getNodes(controller);
  74             int numNodes = connectedNodes == null ? 0 : connectedNodes.size();
  75             clusterBeanBuilder.nodesConnected(numNodes);
  76
  77             // determine if this is the executing controller
  78             if (controller.equals(clusterServices.getMyAddress())) {
  79                 clusterBeanBuilder.highlightMe();
  80             }
  81
  82             // determine whether this is coordinator
  83             if (clusterServices.getCoordinatorAddress().equals(controller)) {
  84                 clusterBeanBuilder.iAmCoordinator();
  85             }
  86             clusterNodes.add(clusterBeanBuilder.build());
  87         }
  88
  89         return gson.toJson(clusterNodes);
  90     }
  91
  92     /**
  93      * Return nodes connected to controller {controller}
  94      *
  95      * @param controller
  96      *            - byte[] of the address of the controller
  97      * @return List<NodeBean>
  98      */
  99     @RequestMapping("/cluster/controller/{controller}")
 100     @ResponseBody
 101     public String getNodesConnectedToController(@PathVariable("controller") String controller) {
 102         IClusterGlobalServices clusterServices = (IClusterGlobalServices) ServiceHelper.getGlobalInstance(
 103                 IClusterGlobalServices.class, this);
 104         if (clusterServices == null) {
 105             return null;
 106         }
 107         IConnectionManager connectionManager = (IConnectionManager) ServiceHelper.getGlobalInstance(
 108                 IConnectionManager.class, this);
 109         if (connectionManager == null) {
 110             return null;
 111         }
 112         ISwitchManager switchManager = (ISwitchManager) ServiceHelper.getInstance(ISwitchManager.class,
 113                 GlobalConstants.DEFAULT.toString(), this);
 114         if (switchManager == null) {
 115             return null;
 116         }
 117
 118         byte[] address = gson.fromJson(controller, byte[].class);
 119         InetAddress controllerAddress = null;
 120         try {
 121             controllerAddress = InetAddress.getByAddress(address);
 122         } catch (UnknownHostException e) {
 123             return null;
 124         }
 125
 126         List<NodeBean> result = new ArrayList<NodeBean>();
 127
 128         Set<Node> nodes = connectionManager.getNodes(controllerAddress);
 129         if (nodes == null) {
 130             return gson.toJson(result);
 131         }
 132         for (Node node : nodes) {
 133             Description description = (Description) switchManager.getNodeProp(node, Description.propertyName);
 134             NodeBean nodeBean;
 135             if (description == null || description.getValue().equals("None")) {
 136                 nodeBean = new NodeBean(node);
 137             } else {
 138                 nodeBean = new NodeBean(node, description.getValue());
 139             }
 140             result.add(nodeBean);
 141         }
 142
 143         return gson.toJson(result);
 144     }
 145
 146     @RequestMapping("/users")
 147     @ResponseBody
 148     public List<UserConfig> getUsers() {
 149         IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
 150         if (userManager == null) {
 151             return null;
 152         }
 153
 154         List<UserConfig> userConfList = userManager.getLocalUserList();
 155
 156         return userConfList;
 157     }
 158
 159     /*
 160      * Password in clear text, moving to HTTP/SSL soon
 161      */
 162     @RequestMapping(value = "/users", method = RequestMethod.POST)
 163     @ResponseBody
 164     public String saveLocalUserConfig(@RequestParam(required = true) String json,
 165             @RequestParam(required = true) String action, HttpServletRequest request) {
 166
 167         IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
 168         if (userManager == null) {
 169             return "Internal Error";
 170         }
 171
 172         if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
 173             return "Operation not permitted";
 174         }
 175
 176         Gson gson = new Gson();
 177         UserConfig plainConfig = gson.fromJson(json, UserConfig.class);
 178         // Recreate using the proper constructor which will hash the password
 179         UserConfig config = new UserConfig(plainConfig.getUser(), plainConfig.getPassword(), plainConfig.getRoles());
 180
 181         Status result = (action.equals("add")) ? userManager.addLocalUser(config) : userManager.removeLocalUser(config);
 182         if (result.isSuccess()) {
 183             String userAction = (action.equals("add")) ? "added" : "removed";
 184             if (action.equals("add")) {
 185                 String userRoles = "";
 186                 for (String userRole : config.getRoles()) {
 187                     userRoles = userRoles + userRole + ",";
 188                 }
 189                 DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), userAction, config.getUser()
 190                         + " as " + userRoles.substring(0, userRoles.length() - 1));
 191             } else {
 192                 DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), userAction, config.getUser());
 193             }
 194             return "Success";
 195         }
 196         return result.getDescription();
 197     }
 198
 199     @RequestMapping(value = "/users/{username}", method = RequestMethod.POST)
 200     @ResponseBody
 201     public String removeLocalUser(@PathVariable("username") String userName, HttpServletRequest request) {
 202
 203         String username = request.getUserPrincipal().getName();
 204         if (username.equals(userName)) {
 205             return "Invalid Request: User cannot delete itself";
 206         }
 207
 208         IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
 209         if (userManager == null) {
 210             return "Internal Error";
 211         }
 212
 213         if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
 214             return "Operation not permitted";
 215         }
 216
 217         Status result = userManager.removeLocalUser(userName);
 218         if (result.isSuccess()) {
 219             DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "removed", userName);
 220             return "Success";
 221         }
 222         return result.getDescription();
 223     }
 224
 225     @RequestMapping(value = "/users/password/{username}", method = RequestMethod.POST)
 226     @ResponseBody
 227     public Status changePassword(
 228             @PathVariable("username") String username, HttpServletRequest request,
 229             @RequestParam(value = "currentPassword", required=false) String currentPassword,
 230             @RequestParam("newPassword") String newPassword) {
 231         IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
 232         if (userManager == null) {
 233             return new Status(StatusCode.NOSERVICE, "User Manager unavailable");
 234         }
 235
 236         Status status;
 237         String requestingUser = request.getUserPrincipal().getName();
 238
 239         //changing own password
 240         if (requestingUser.equals(username) ) {
 241             status = userManager.changeLocalUserPassword(username, currentPassword, newPassword);
 242             //enforce the user to re-login with new password
 243             if (status.isSuccess() && !newPassword.equals(currentPassword)) {
 244                 userManager.userLogout(username);
 245                 HttpSession session = request.getSession(false);
 246                 if ( session != null) {
 247                     session.invalidate();
 248                 }
 249             }
 250
 251         //admin level user resetting other's password
 252         } else if (authorize(userManager, UserLevel.NETWORKADMIN, request)) {
 253
 254             //Since User Manager doesn't have an unprotected password change API,
 255             //we re-create the user with the new password (and current roles).
 256             List<String> roles = userManager.getUserRoles(username);
 257             UserConfig newConfig = new UserConfig(username, newPassword, roles);
 258
 259             //validate before removing existing config, so we don't remove but fail to add
 260             status = newConfig.validate();
 261             if (!status.isSuccess()) {
 262                 return status;
 263             }
 264
 265             userManager.userLogout(username);
 266             status = userManager.removeLocalUser(username);
 267             if (!status.isSuccess()) {
 268                 return status;
 269             }
 270             if (userManager.addLocalUser(newConfig).isSuccess()) {
 271                 status = new Status(StatusCode.SUCCESS, "Password for user " + username + " reset successfully.");
 272             } else {
 273                 //unexpected
 274                 status = new Status(StatusCode.INTERNALERROR, "Failed resetting password for user " + username + ". User is now removed.");
 275             }
 276
 277         //unauthorized
 278         } else {
 279             status = new Status(StatusCode.UNAUTHORIZED, "Operation not permitted");
 280         }
 281
 282         if (status.isSuccess()) {
 283             DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), " changed password for User ",
 284                     username);
 285         }
 286         return status;
 287     }
 288
 289     /**
 290      * Is the operation permitted for the given level
 291      *
 292      * @param level
 293      */
 294     private boolean authorize(IUserManager userManager, UserLevel level, HttpServletRequest request) {
 295         String username = request.getUserPrincipal().getName();
 296         UserLevel userLevel = userManager.getUserLevel(username);
 297         return userLevel.toNumber() <= level.toNumber();
 298     }
 299 }