X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=blobdiff_plain;f=opendaylight%2Fweb%2Fflows%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fflows%2Fweb%2FFlows.java;h=9444360eecb7d7ae4a6e084a4fde8512c7b5ed71;hp=e1cfcc57087d4c1ca340f0fc13dccfd7d2ab5fb1;hb=65c9b2ea72201b67ece5d6e5e210857d69df743c;hpb=7c3362df780f30a47d0f6a7b7695360bbb5513bc diff --git a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java index e1cfcc5708..9444360eec 100644 --- a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java +++ b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java @@ -18,17 +18,19 @@ import javax.servlet.http.HttpServletRequest; import org.opendaylight.controller.forwardingrulesmanager.FlowConfig; import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager; +import org.opendaylight.controller.sal.authorization.Privilege; import org.opendaylight.controller.sal.authorization.UserLevel; +import org.opendaylight.controller.sal.core.Description; import org.opendaylight.controller.sal.core.Name; import org.opendaylight.controller.sal.core.Node; import org.opendaylight.controller.sal.core.NodeConnector; +import org.opendaylight.controller.sal.utils.GlobalConstants; import org.opendaylight.controller.sal.utils.ServiceHelper; import org.opendaylight.controller.sal.utils.Status; import org.opendaylight.controller.sal.utils.StatusCode; import org.opendaylight.controller.switchmanager.ISwitchManager; import org.opendaylight.controller.switchmanager.Switch; import org.opendaylight.controller.switchmanager.SwitchConfig; -import org.opendaylight.controller.usermanager.IUserManager; import org.opendaylight.controller.web.DaylightWebUtil; import org.opendaylight.controller.web.IDaylightWeb; import org.springframework.stereotype.Controller; @@ -45,6 +47,7 @@ import com.google.gson.Gson; public class Flows implements IDaylightWeb { private static final UserLevel AUTH_LEVEL = UserLevel.CONTAINERUSER; private static final String WEB_NAME = "Flows"; + private static final String WEB_ID = "flows"; private static final short WEB_ORDER = 2; @@ -74,8 +77,15 @@ public class Flows implements IDaylightWeb { @RequestMapping(value = "/main") @ResponseBody - public Set> getFlows(HttpServletRequest request, @RequestParam(required = false) String container) { - String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this); + public Map getFlows(HttpServletRequest request, @RequestParam(required = false) String container) { + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Derive the privilege this user has on the current container + String userName = request.getUserPrincipal().getName(); + Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this); + if (privilege == Privilege.NONE) { + return null; + } // fetch frm IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper @@ -93,26 +103,33 @@ public class Flows implements IDaylightWeb { // get static flow list List staticFlowList = frm.getStaticFlows(); - Set> output = new HashSet>(); + Set> flowSet = new HashSet>(); for (FlowConfig flowConfig : staticFlowList) { Map entry = new HashMap(); entry.put("flow", flowConfig); entry.put("name", flowConfig.getName()); Node node = flowConfig.getNode(); - String description = switchManager.getNodeDescription(node); - entry.put("node", (description.isEmpty() || description - .equalsIgnoreCase("none")) ? node.toString() : description); + entry.put("node", getNodeDesc(node, switchManager)); entry.put("nodeId", node.toString()); - output.add(entry); + flowSet.add(entry); } + Map output = new HashMap(2); + output.put("flows", flowSet); + output.put("privilege", privilege); return output; } @RequestMapping(value = "/node-ports") @ResponseBody public Map getNodePorts(HttpServletRequest request, @RequestParam(required = false) String container) { - String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this); + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Derive the privilege this user has on the current container + String userName = request.getUserPrincipal().getName(); + if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) { + return null; + } ISwitchManager switchManager = (ISwitchManager) ServiceHelper .getInstance(ISwitchManager.class, containerName, this); @@ -143,11 +160,7 @@ public class Flows implements IDaylightWeb { entry.put("ports", port); // add name - String description = switchManager.getNodeDescription(node - .getNode()); - entry.put("name", (description.isEmpty() || description - .equalsIgnoreCase("none")) ? node.getNode().toString() - : description); + entry.put("name", getNodeDesc(node.getNode(), switchManager)); // add to the node nodes.put(node.getNode().toString(), entry); @@ -159,7 +172,13 @@ public class Flows implements IDaylightWeb { @RequestMapping(value = "/node-flows") @ResponseBody public Map getNodeFlows(HttpServletRequest request, @RequestParam(required = false) String container) { - String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this); + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Derive the privilege this user has on the current container + String userName = request.getUserPrincipal().getName(); + if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) { + return null; + } ISwitchManager switchManager = (ISwitchManager) ServiceHelper .getInstance(ISwitchManager.class, containerName, this); @@ -182,8 +201,8 @@ public class Flows implements IDaylightWeb { String nodeDesc = node.toString(); SwitchConfig config = switchManager.getSwitchConfig(node .toString()); - if (config != null) { - nodeDesc = config.getNodeDescription(); + if ((config != null) && (config.getProperty(Description.propertyName) != null)) { + nodeDesc = ((Description) config.getProperty(Description.propertyName)).getValue(); } nodes.put(nodeDesc, flows.size()); @@ -198,12 +217,14 @@ public class Flows implements IDaylightWeb { @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId, HttpServletRequest request, @RequestParam(required = false) String container) { - if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) { + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Authorization check + String userName = request.getUserPrincipal().getName(); + if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) { return "Operation not authorized"; } - String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this); - IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper .getInstance(IForwardingRulesManager.class, containerName, this); if (frm == null) { @@ -216,25 +237,28 @@ public class Flows implements IDaylightWeb { flow.setNode(node); Status result = new Status(StatusCode.BADREQUEST, "Invalid request"); if (action.equals("add")) { - result = frm.addStaticFlow(flow, false); + result = frm.addStaticFlow(flow); + DaylightWebUtil.auditlog("Flow", userName, "added", flow.getName(), containerName); } return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result .getDescription(); } - @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST) + @RequestMapping(value = "/flow/{nodeId}/{name:.*}", method = RequestMethod.POST) @ResponseBody public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name, @RequestParam(required = true) String action, HttpServletRequest request, @RequestParam(required = false) String container) { - if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) { + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Authorization check + String userName = request.getUserPrincipal().getName(); + if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) { return "Operation not authorized"; } - String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this); - IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper .getInstance(IForwardingRulesManager.class, containerName, this); if (frm == null) { @@ -248,8 +272,14 @@ public class Flows implements IDaylightWeb { } if (action.equals("remove")) { result = frm.removeStaticFlow(name, node); + if(result.isSuccess()) { + DaylightWebUtil.auditlog("Flow", userName, "removed", name, containerName); + } } else if (action.equals("toggle")) { result = frm.toggleStaticFlowStatus(name, node); + if(result.isSuccess()) { + DaylightWebUtil.auditlog("Flow", userName, "toggled", name, containerName); + } } else { result = new Status(StatusCode.BADREQUEST, "Unknown action"); } @@ -258,24 +288,10 @@ public class Flows implements IDaylightWeb { .getDescription(); } - /** - * Returns whether the current user's level is same or above the required - * authorization level. - * - * @param requiredLevel - * the authorization level required - */ - private boolean isUserAuthorized(UserLevel requiredLevel, - HttpServletRequest request) { - IUserManager userManager = (IUserManager) ServiceHelper - .getGlobalInstance(IUserManager.class, this); - if (userManager == null) { - return false; - } - - String username = request.getUserPrincipal().getName(); - UserLevel userLevel = userManager.getUserLevel(username); - return (userLevel.ordinal() <= requiredLevel.ordinal()); + private String getNodeDesc(Node node, ISwitchManager switchManager) { + Description desc = (Description) switchManager.getNodeProp(node, Description.propertyName); + String description = (desc == null) ? "" : desc.getValue(); + return (description.isEmpty() || description.equalsIgnoreCase("none")) ? node.toString() : description; } }