Code Review / controller.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Bug 2942: odl-mdsal-apidocs feature is not protected through AAA
[controller.git] / opendaylight / md-sal / sal-rest-docgen / src / main / resources / WEB-INF / web.xml
diff --git a/opendaylight/md-sal/sal-rest-docgen/src/main/resources/WEB-INF/web.xml b/opendaylight/md-sal/sal-rest-docgen/src/main/resources/WEB-INF/web.xml
index c470b3237ea7fe2dd69f37254cae4b38439c8861..0e660eaf6de50f7876e05e922956e24dfc6e3611 100644 (file)
--- a/opendaylight/md-sal/sal-rest-docgen/src/main/resources/WEB-INF/web.xml
+++ b/opendaylight/md-sal/sal-rest-docgen/src/main/resources/WEB-INF/web.xml
@@ -12,6 +12,11 @@
             <param-name>javax.ws.rs.Application</param-name>
             <param-value>org.opendaylight.controller.sal.rest.doc.jaxrs.ApiDocApplication</param-value>
         </init-param>
+        <!-- AAA Auth Filter -->
+        <init-param>
+            <param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
+            <param-value> org.opendaylight.aaa.sts.TokenAuthFilter</param-value>
+        </init-param>
         <load-on-startup>1</load-on-startup>
     </servlet>
 
@@ -20,46 +25,32 @@
         <url-pattern>/apis/*</url-pattern>
     </servlet-mapping>
 
-    <!--filter>
-        <filter-name>CorsFilter</filter-name>
-        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+    <filter>
+        <filter-name>cross-origin-api-doc</filter-name>
+        <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
         <init-param>
-            <param-name>cors.allowed.origins</param-name>
+            <param-name>allowedOrigins</param-name>
             <param-value>*</param-value>
         </init-param>
         <init-param>
-            <param-name>cors.allowed.methods</param-name>
-            <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.allowed.headers</param-name>
-            <param-value>Content-Type,X-Requested-With,accept,authorization,
-        origin,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
+            <param-name>allowedMethods</param-name>
+            <param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>
         </init-param>
         <init-param>
-            <param-name>cors.exposed.headers</param-name>
-            <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.support.credentials</param-name>
-            <param-value>true</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.preflight.maxage</param-name>
-            <param-value>10</param-value>
+            <param-name>allowedHeaders</param-name>
+            <param-value>origin, content-type, accept, authorization</param-value>
         </init-param>
     </filter>
     <filter-mapping>
-        <filter-name>CorsFilter</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping-->
+        <filter-name>cross-origin-api-doc</filter-name>
+        <url-pattern>/apis/*</url-pattern>
+    </filter-mapping>
+
+
     <security-constraint>
       <web-resource-collection>
-        <web-resource-name>free access</web-resource-name>
-        <url-pattern>/explorer/css/*</url-pattern>
-        <url-pattern>/explorer/images/*</url-pattern>
-        <url-pattern>/explorer/lib/*</url-pattern>
-        <url-pattern>/explorer/*</url-pattern>
+        <web-resource-name>API Doc</web-resource-name>
+        <url-pattern>/*</url-pattern>
       </web-resource-collection>
     </security-constraint>
 
OpenDaylight controller