- This is for passing the front-end the privilege the current user has on the container and for enforcing the authorization filter in the web bundles rest api handlers.
Signed-off-by: Alessandro Boch <aboch@cisco.com>
package org.opendaylight.controller.sal.authorization;
+import java.io.Serializable;
+
/**
* It represents the group/resource access privilege
*/
-public enum Privilege {
+public enum Privilege implements Serializable {
NONE(""), // no privilege
READ("r"), // read only
USE("u"), // use
import javax.servlet.http.HttpServletResponse;
import org.codehaus.jackson.map.ObjectMapper;
-import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.web.DaylightWebUtil;
import org.opendaylight.controller.web.IDaylightWeb;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ResponseBody;
import org.opendaylight.controller.forwarding.staticrouting.IForwardingStaticRouting;
import org.opendaylight.controller.forwarding.staticrouting.StaticRouteConfig;
+import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.sal.core.Config;
import org.opendaylight.controller.sal.core.Name;
import org.opendaylight.controller.sal.core.Node;
import org.opendaylight.controller.sal.core.NodeConnector;
import org.opendaylight.controller.sal.core.Tier;
+import org.opendaylight.controller.sal.utils.GlobalConstants;
import org.opendaylight.controller.sal.utils.HexEncode;
import org.opendaylight.controller.sal.utils.ServiceHelper;
import org.opendaylight.controller.sal.utils.Status;
@RequestMapping(value = "/nodesLearnt", method = RequestMethod.GET)
@ResponseBody
- public DevicesJsonBean getNodesLearnt(HttpServletRequest request, @RequestParam(required = false) String container) {
+ public DevicesJsonBean getNodesLearnt(HttpServletRequest request,
+ @RequestParam(required = false) String container) {
Gson gson = new Gson();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
List<Map<String, String>> nodeData = new ArrayList<Map<String, String>>();
- if (switchManager != null) {
+ if (switchManager != null && privilege != Privilege.NONE) {
for (Switch device : switchManager.getNetworkDevices()) {
HashMap<String, String> nodeDatum = new HashMap<String, String>();
Node node = device.getNode();
DevicesJsonBean result = new DevicesJsonBean();
result.setNodeData(nodeData);
+ result.setPrivilege(privilege);
List<String> columnNames = new ArrayList<String>();
columnNames.add("Node ID");
columnNames.add("Node Name");
@RequestParam("nodeId") String nodeId,
@RequestParam("tier") String tier,
@RequestParam("operationMode") String operationMode,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil
+ .getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean resultBean = new StatusJsonBean();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
@RequestMapping(value = "/staticRoutes", method = RequestMethod.GET)
@ResponseBody
- public DevicesJsonBean getStaticRoutes(HttpServletRequest request, @RequestParam(required = false) String container) {
+ public DevicesJsonBean getStaticRoutes(HttpServletRequest request,
+ @RequestParam(required = false) String container) {
Gson gson = new Gson();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
.getInstance(IForwardingStaticRouting.class, containerName,
this);
if (routeConfigs == null) {
return null;
}
- for (StaticRouteConfig conf : routeConfigs.values()) {
- Map<String, String> staticRoute = new HashMap<String, String>();
- staticRoute.put("name", conf.getName());
- staticRoute.put("staticRoute", conf.getStaticRoute());
- staticRoute.put("nextHopType", conf.getNextHopType());
- staticRoute.put("nextHop", conf.getNextHop());
- staticRoute.put("json", gson.toJson(conf));
- staticRoutes.add(staticRoute);
+ if (privilege != Privilege.NONE) {
+ for (StaticRouteConfig conf : routeConfigs.values()) {
+ Map<String, String> staticRoute = new HashMap<String, String>();
+ staticRoute.put("name", conf.getName());
+ staticRoute.put("staticRoute", conf.getStaticRoute());
+ staticRoute.put("nextHopType", conf.getNextHopType());
+ staticRoute.put("nextHop", conf.getNextHop());
+ staticRoute.put("json", gson.toJson(conf));
+ staticRoutes.add(staticRoute);
+ }
}
DevicesJsonBean result = new DevicesJsonBean();
+ result.setPrivilege(privilege);
result.setColumnNames(StaticRouteConfig.getGuiFieldsNames());
result.setNodeData(staticRoutes);
return result;
@RequestParam("routeName") String routeName,
@RequestParam("staticRoute") String staticRoute,
@RequestParam("nextHop") String nextHop,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil
+ .getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean result = new StatusJsonBean();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
try {
IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
.getInstance(IForwardingStaticRouting.class, containerName,
@ResponseBody
public StatusJsonBean deleteStaticRoute(
@RequestParam("routesToDelete") String routesToDelete,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean resultBean = new StatusJsonBean();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
try {
IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
.getInstance(IForwardingStaticRouting.class, containerName,
@RequestMapping(value = "/subnets", method = RequestMethod.GET)
@ResponseBody
- public DevicesJsonBean getSubnetGateways(HttpServletRequest request, @RequestParam(required = false) String container) {
+ public DevicesJsonBean getSubnetGateways(HttpServletRequest request,
+ @RequestParam(required = false) String container) {
Gson gson = new Gson();
List<Map<String, String>> subnets = new ArrayList<Map<String, String>>();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
- ISwitchManager switchManager = (ISwitchManager) ServiceHelper
- .getInstance(ISwitchManager.class, containerName, this);
- if (switchManager != null) {
- for (SubnetConfig conf : switchManager.getSubnetsConfigList()) {
- Map<String, String> subnet = new HashMap<String, String>();
- subnet.put("name", conf.getName());
- subnet.put("subnet", conf.getSubnet());
- subnet.put("json", gson.toJson(conf));
- subnets.add(subnet);
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(
+ userName, containerName, this);
+
+ if (privilege != Privilege.NONE) {
+ ISwitchManager switchManager = (ISwitchManager) ServiceHelper
+ .getInstance(ISwitchManager.class, containerName, this);
+ if (switchManager != null) {
+ for (SubnetConfig conf : switchManager.getSubnetsConfigList()) {
+ Map<String, String> subnet = new HashMap<String, String>();
+ subnet.put("name", conf.getName());
+ subnet.put("subnet", conf.getSubnet());
+ subnet.put("json", gson.toJson(conf));
+ subnets.add(subnet);
+ }
}
}
DevicesJsonBean result = new DevicesJsonBean();
+ result.setPrivilege(privilege);
result.setColumnNames(SubnetConfig.getGuiFieldsNames());
result.setNodeData(subnets);
return result;
public StatusJsonBean addSubnetGateways(
@RequestParam("gatewayName") String gatewayName,
@RequestParam("gatewayIPAddress") String gatewayIPAddress,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean resultBean = new StatusJsonBean();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
@ResponseBody
public StatusJsonBean deleteSubnetGateways(
@RequestParam("gatewaysToDelete") String gatewaysToDelete,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, container, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean resultBean = new StatusJsonBean();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
public StatusJsonBean addSubnetGatewayPort(
@RequestParam("portsName") String portsName,
@RequestParam("ports") String ports,
- @RequestParam("nodeId") String nodeId,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ @RequestParam("nodeId") String nodeId, HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean resultBean = new StatusJsonBean();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
public StatusJsonBean deleteSubnetGatewayPort(
@RequestParam("gatewayName") String gatewayName,
@RequestParam("nodePort") String nodePort,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean resultBean = new StatusJsonBean();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
@RequestMapping(value = "/spanPorts", method = RequestMethod.GET)
@ResponseBody
- public DevicesJsonBean getSpanPorts(HttpServletRequest request, @RequestParam(required = false) String container) {
+ public DevicesJsonBean getSpanPorts(HttpServletRequest request,
+ @RequestParam(required = false) String container) {
Gson gson = new Gson();
- List<String> spanConfigs_json = new ArrayList<String>();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
- ISwitchManager switchManager = (ISwitchManager) ServiceHelper
- .getInstance(ISwitchManager.class, containerName, this);
- if (switchManager != null) {
- for (SpanConfig conf : switchManager.getSpanConfigList()) {
- spanConfigs_json.add(gson.toJson(conf));
- }
- }
- ObjectMapper mapper = new ObjectMapper();
List<Map<String, String>> spanConfigs = new ArrayList<Map<String, String>>();
- for (String config_json : spanConfigs_json) {
- try {
- @SuppressWarnings("unchecked")
- Map<String, String> config_data = mapper.readValue(config_json,
- HashMap.class);
- Map<String, String> config = new HashMap<String, String>();
- for (String name : config_data.keySet()) {
- config.put(name, config_data.get(name));
- // Add switch name value (non-configuration field)
- config.put("nodeName",
- getNodeDesc(config_data.get("nodeId"), containerName));
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(
+ userName, containerName, this);
+
+ if (privilege != Privilege.NONE) {
+ List<String> spanConfigs_json = new ArrayList<String>();
+ ISwitchManager switchManager = (ISwitchManager) ServiceHelper
+ .getInstance(ISwitchManager.class, containerName, this);
+ if (switchManager != null) {
+ for (SpanConfig conf : switchManager.getSpanConfigList()) {
+ spanConfigs_json.add(gson.toJson(conf));
+ }
+ }
+ ObjectMapper mapper = new ObjectMapper();
+
+ for (String config_json : spanConfigs_json) {
+ try {
+ @SuppressWarnings("unchecked")
+ Map<String, String> config_data = mapper.readValue(config_json,
+ HashMap.class);
+ Map<String, String> config = new HashMap<String, String>();
+ for (String name : config_data.keySet()) {
+ config.put(name, config_data.get(name));
+ // Add switch name value (non-configuration field)
+ config.put("nodeName",
+ getNodeDesc(config_data.get("nodeId"), containerName));
+ }
+ config.put("json", config_json);
+ spanConfigs.add(config);
+ } catch (Exception e) {
+ // TODO: Handle the exception.
}
- config.put("json", config_json);
- spanConfigs.add(config);
- } catch (Exception e) {
- // TODO: Handle the exception.
}
}
+
DevicesJsonBean result = new DevicesJsonBean();
+ result.setPrivilege(privilege);
result.setColumnNames(SpanConfig.getGuiFieldsNames());
result.setNodeData(spanConfigs);
return result;
@RequestMapping(value = "/nodeports")
@ResponseBody
- public Map<String, Object> getNodePorts(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+ public Map<String, Object> getNodePorts(HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+ return null;
+ }
+
+
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
if (switchManager == null) {
port = new HashMap<Short, String>(); // new port
Set<NodeConnector> nodeConnectorSet = node.getNodeConnectors();
- if (nodeConnectorSet != null)
+ if (nodeConnectorSet != null) {
for (NodeConnector nodeConnector : nodeConnectorSet) {
String nodeConnectorName = ((Name) switchManager
.getNodeConnectorProp(nodeConnector,
port.put((Short) nodeConnector.getID(), nodeConnectorName
+ "(" + nodeConnector.getID() + ")");
}
+ }
nodes.put(node.getNode().toString(), port);
}
@ResponseBody
public StatusJsonBean addSpanPort(
@RequestParam("jsonData") String jsonData,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean resultBean = new StatusJsonBean();
try {
Gson gson = new Gson();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
SpanConfig cfgObject = gson.fromJson(jsonData, SpanConfig.class);
@ResponseBody
public StatusJsonBean deleteSpanPorts(
@RequestParam("spanPortsToDelete") String spanPortsToDelete,
- HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ HttpServletRequest request,
+ @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT
+ .toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return unauthorizedMessage();
}
StatusJsonBean resultBean = new StatusJsonBean();
try {
Gson gson = new Gson();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
String[] spans = spanPortsToDelete.split("###");
: description;
}
- /**
- * Is the operation permitted for the given level
- *
- * @param level
- */
- private boolean authorize(UserLevel level, HttpServletRequest request) {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager == null) {
- return false;
- }
-
- String username = request.getUserPrincipal().getName();
- UserLevel userLevel = userManager.getUserLevel(username);
- if (userLevel.toNumber() <= level.toNumber()) {
- return true;
- }
- return false;
- }
-
private StatusJsonBean unauthorizedMessage() {
StatusJsonBean message = new StatusJsonBean();
message.setStatus(false);
import java.util.List;
import java.util.Map;
+import org.opendaylight.controller.sal.authorization.Privilege;
+
public class DevicesJsonBean {
private List<String> columnNames;
private List<Map<String, String>> nodeData;
+ private Privilege privilege;
public List<String> getColumnNames() {
return columnNames;
public void setNodeData(List<Map<String, String>> nodeData) {
this.nodeData = nodeData;
}
+
+ public void setPrivilege(Privilege privilege) {
+ this.privilege = privilege;
+ }
+
+ public Privilege getPrivilege() {
+ return privilege;
+ }
}
import org.opendaylight.controller.forwardingrulesmanager.FlowConfig;
import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager;
+import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.sal.core.Name;
import org.opendaylight.controller.sal.core.Node;
import org.opendaylight.controller.sal.core.NodeConnector;
+import org.opendaylight.controller.sal.utils.GlobalConstants;
import org.opendaylight.controller.sal.utils.ServiceHelper;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.switchmanager.ISwitchManager;
import org.opendaylight.controller.switchmanager.Switch;
import org.opendaylight.controller.switchmanager.SwitchConfig;
-import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.web.DaylightWebUtil;
import org.opendaylight.controller.web.IDaylightWeb;
import org.springframework.stereotype.Controller;
@RequestMapping(value = "/main")
@ResponseBody
public Set<Map<String, Object>> getFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+ return null;
+ }
// fetch frm
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
@RequestMapping(value = "/node-ports")
@ResponseBody
public Map<String, Object> getNodePorts(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+ return null;
+ }
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
@RequestMapping(value = "/node-flows")
@ResponseBody
public Map<String, Object> getNodeFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+ return null;
+ }
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
@RequestParam(required = false) String body,
@RequestParam(required = true) String nodeId,
HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return "Operation not authorized";
}
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
if (frm == null) {
@PathVariable("name") String name,
@RequestParam(required = true) String action,
HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return "Operation not authorized";
}
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
if (frm == null) {
return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result
.getDescription();
}
-
- /**
- * Returns whether the current user's level is same or above the required
- * authorization level.
- *
- * @param requiredLevel
- * the authorization level required
- */
- private boolean isUserAuthorized(UserLevel requiredLevel,
- HttpServletRequest request) {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager == null) {
- return false;
- }
-
- String username = request.getUserPrincipal().getName();
- UserLevel userLevel = userManager.getUserLevel(username);
- return (userLevel.ordinal() <= requiredLevel.ordinal());
- }
-
}
package org.opendaylight.controller.web;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-
import org.opendaylight.controller.containermanager.IContainerAuthorization;
-import org.opendaylight.controller.sal.authorization.Resource;
+import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.utils.GlobalConstants;
import org.opendaylight.controller.sal.utils.ServiceHelper;
+import org.opendaylight.controller.usermanager.IUserManager;
public class DaylightWebUtil {
- private static String defaultName = GlobalConstants.DEFAULT.toString();
/**
- * Returns the container that this user is authorized to access. If the user is not authorized to the requested
- * container, then this method will return the default container.
+ * Returns the access privilege the user has on the specified container
*
- * @param request - HttpServletRequest object to retrieve username
- * @param container - requested container
- * @param bundle - respective bundle
- * @return container name if cleared, else it will always be 'default'
+ * @param userName
+ * The user name
+ * @param container
+ * The container name. If null, the default container will be assumed
+ * @param bundle
+ * The bundle originating the request
+ * @return The access privilege the user is granted on the container
*/
- public static String getAuthorizedContainer(HttpServletRequest request, String container, Object bundle) {
- if (container == null) {
- return defaultName;
+ public static Privilege getContainerPrivilege(String userName,
+ String container, Object bundle) {
+ // Derive the target resource
+ String resource = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Retrieve the Container Authorization service
+ IContainerAuthorization auth = (IContainerAuthorization) ServiceHelper
+ .getGlobalInstance(IContainerAuthorization.class, bundle);
+ if (auth != null) {
+ return auth.getResourcePrivilege(userName, resource);
}
- String username = request.getUserPrincipal().getName();
- IContainerAuthorization containerAuthorization = (IContainerAuthorization)
- ServiceHelper.getGlobalInstance(IContainerAuthorization.class, bundle);
- if (containerAuthorization != null) {
- Set<Resource> resources = containerAuthorization.getAllResourcesforUser(username);
- for(Resource resource : resources) {
- String name = (String) resource.getResource();
- if(container.equals(name)) {
- return name;
+ /*
+ * Container Authorization service not available. We can only derive the
+ * access privilege to the default container based on user level
+ */
+ if (resource.equals(GlobalConstants.DEFAULT.toString())) {
+ IUserManager userManager = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, bundle);
+ if (userManager != null) {
+ switch (userManager.getUserLevel(userName)) {
+ case NETWORKADMIN:
+ return Privilege.WRITE;
+ case NETWORKOPERATOR:
+ return Privilege.READ;
+ default:
+ return Privilege.NONE;
}
}
}
- return defaultName;
+
+ return Privilege.NONE;
}
}
\ No newline at end of file
import javax.servlet.http.HttpServletRequest;
import org.opendaylight.controller.configuration.IConfigurationAware;
-import org.opendaylight.controller.containermanager.IContainerAuthorization;
-import org.opendaylight.controller.sal.authorization.Resource;
-import org.opendaylight.controller.sal.authorization.UserLevel;
+import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.core.Bandwidth;
import org.opendaylight.controller.sal.core.Edge;
import org.opendaylight.controller.sal.core.Host;
import org.opendaylight.controller.switchmanager.Switch;
import org.opendaylight.controller.switchmanager.SwitchConfig;
import org.opendaylight.controller.topologymanager.ITopologyManager;
-import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.web.DaylightWebUtil;
-import org.opendaylight.controller.web.IDaylightWeb;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@RequestMapping(value = "/visual.json", method = RequestMethod.GET)
@ResponseBody
public Collection<Map<String, Object>> getLinkData(@RequestParam(required = false) String container, HttpServletRequest request) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+ if (privilege == Privilege.NONE) {
+ return null;
+ }
ITopologyManager topologyManager = (ITopologyManager) ServiceHelper
.getInstance(ITopologyManager.class, containerName, this);
public Map<String, Object> post(@PathVariable String nodeId, @RequestParam(required = true) String x,
@RequestParam(required = true) String y, @RequestParam(required = false) String container,
HttpServletRequest request) {
- if (!authorize(UserLevel.NETWORKADMIN, request)) {
- return new HashMap<String, Object>(); // silently disregard new node position
- }
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
- String containerName = getAuthorizedContainer(request, container);
+ if (privilege != Privilege.WRITE) {
+ return new HashMap<String, Object>(); // silently disregard new node position
+ }
String id = new String(nodeId);
public static final String HOST = "host";
}
- private boolean authorize(UserLevel level, HttpServletRequest request) {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager == null) {
- return false;
- }
-
- String username = request.getUserPrincipal().getName();
- UserLevel userLevel = userManager.getUserLevel(username);
- if (userLevel.toNumber() <= level.toNumber()) {
- return true;
- }
- return false;
- }
-
- private String getAuthorizedContainer(HttpServletRequest request, String container) {
- String username = request.getUserPrincipal().getName();
- IContainerAuthorization containerAuthorization = (IContainerAuthorization) ServiceHelper.
- getGlobalInstance(IContainerAuthorization.class, this);
- if (containerAuthorization != null) {
- Set<Resource> resources = containerAuthorization.getAllResourcesforUser(username);
- if (authorizeContainer(container, resources)) {
- return container;
- }
- }
-
- return GlobalConstants.DEFAULT.toString();
- }
-
- private boolean authorizeContainer(String container, Set<Resource> resources) {
- for(Resource resource : resources) {
- String containerName = (String) resource.getResource();
- if (containerName.equals(container)) {
- return true;
- }
- }
-
- return false;
- }
-
@SuppressWarnings("unchecked")
private void loadConfiguration() {
ObjectReader objReader = new ObjectReader();
metaCache = (Map<String, Map<String, Map<String, Object>>>) objReader.read(this, topologyWebFileName);
- if (metaCache == null) metaCache = new HashMap<String, Map<String, Map<String, Object>>>();
+ if (metaCache == null) {
+ metaCache = new HashMap<String, Map<String, Map<String, Object>>>();
+ }
}
@Override
import java.util.Date;
import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.opendaylight.controller.sal.action.Action;
import org.opendaylight.controller.sal.action.Output;
import org.opendaylight.controller.sal.action.SetVlanId;
+import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.sal.core.Node;
import org.opendaylight.controller.sal.core.NodeConnector;
@RequestMapping("/")
public class Troubleshoot implements IDaylightWeb {
private static final UserLevel AUTH_LEVEL = UserLevel.CONTAINERUSER;
+ private static final List<String> flowStatsColumnNames = Arrays.asList("Node", "In Port",
+ "DL Src", "DL Dst", "DL Type", "DL Vlan", "NW Src", "NW Dst",
+ "NW Proto", "TP Src", "TP Dst", "Actions", "Bytes", "Packets",
+ "Time (s)", "Timeout (s)", "Out Port(s)", "Out Vlan",
+ "Priority");
+ private static final List<String> portStatsColumnNames = Arrays.asList("Node Connector",
+ "Rx Pkts", "Tx Pkts", "Rx Bytes", "Tx Bytes", "Rx Drops",
+ "Tx Drops", "Rx Errs", "Tx Errs", "Rx Frame Errs",
+ "Rx OverRun Errs", "Rx CRC Errs", "Collisions");
+ private static final List<String> nodesColumnNames = Arrays.asList("Node", "Node ID", "Statistics");
+ private static final List<String> nodeStatsColumnNames = Arrays.asList("Node", "Node ID", "Statistics");
private final String WEB_NAME = "Troubleshoot";
private final String WEB_ID = "troubleshoot";
private final short WEB_ORDER = 4;
+
public Troubleshoot() {
ServiceHelper.registerGlobalService(IDaylightWeb.class, this, null);
}
@RequestMapping(value = "/existingNodes", method = RequestMethod.GET)
@ResponseBody
public TroubleshootingJsonBean getExistingNodes(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
- ISwitchManager switchManager = (ISwitchManager) ServiceHelper
- .getInstance(ISwitchManager.class, containerName, this);
- List<HashMap<String, String>> lines = new ArrayList<HashMap<String, String>>();
- Set<Node> nodeSet = null;
- if (switchManager != null) {
- nodeSet = switchManager.getNodes();
- }
- if (nodeSet != null) {
- for (Node node : nodeSet) {
- HashMap<String, String> device = new HashMap<String, String>();
- device.put("nodeName", switchManager.getNodeDescription(node));
- device.put("nodeId", node.toString());
- lines.add(device);
+ List<Map<String, String>> lines = new ArrayList<Map<String, String>>();
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+ if (privilege != Privilege.NONE) {
+ ISwitchManager switchManager = (ISwitchManager) ServiceHelper
+ .getInstance(ISwitchManager.class, containerName, this);
+ Set<Node> nodeSet = (switchManager != null) ? switchManager.getNodes() : null;
+ if (nodeSet != null) {
+ for (Node node : nodeSet) {
+ Map<String, String> device = new HashMap<String, String>();
+ device.put("nodeName", switchManager.getNodeDescription(node));
+ device.put("nodeId", node.toString());
+ lines.add(device);
+ }
}
}
- TroubleshootingJsonBean result = new TroubleshootingJsonBean();
- List<String> guiFieldNames = new ArrayList<String>();
- guiFieldNames.add("Node");
- guiFieldNames.add("Node ID");
- guiFieldNames.add("Statistics");
-
- result.setColumnNames(guiFieldNames);
+ TroubleshootingJsonBean result = new TroubleshootingJsonBean();
+ result.setColumnNames(nodesColumnNames);
result.setNodeData(lines);
return result;
}
@RequestMapping(value = "/uptime", method = RequestMethod.GET)
@ResponseBody
public TroubleshootingJsonBean getUptime(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
- ISwitchManager switchManager = (ISwitchManager) ServiceHelper
- .getInstance(ISwitchManager.class, containerName, this);
- List<HashMap<String, String>> lines = new ArrayList<HashMap<String, String>>();
- Set<Node> nodeSet = null;
- if (switchManager != null) {
- nodeSet = switchManager.getNodes();
- }
- if (nodeSet != null) {
- for (Node node : nodeSet) {
- HashMap<String, String> device = new HashMap<String, String>();
- device.put("nodeName", switchManager.getNodeDescription(node));
- device.put("nodeId", node.toString());
- TimeStamp timeStamp = (TimeStamp) switchManager.getNodeProp(
- node, TimeStamp.TimeStampPropName);
- Long time = (timeStamp == null) ? 0 : timeStamp.getValue();
- String date = (time == 0) ? "" : (new Date(time)).toString();
- device.put("connectedSince", date);
- lines.add(device);
+ List<Map<String, String>> lines = new ArrayList<Map<String, String>>();
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+ if (privilege != Privilege.NONE) {
+ ISwitchManager switchManager = (ISwitchManager) ServiceHelper
+ .getInstance(ISwitchManager.class, containerName, this);
+ Set<Node> nodeSet = (switchManager != null) ? switchManager.getNodes() : null;
+ if (nodeSet != null) {
+ for (Node node : nodeSet) {
+ Map<String, String> device = new HashMap<String, String>();
+ device.put("nodeName", switchManager.getNodeDescription(node));
+ device.put("nodeId", node.toString());
+ TimeStamp timeStamp = (TimeStamp) switchManager.getNodeProp(
+ node, TimeStamp.TimeStampPropName);
+ Long time = (timeStamp == null) ? 0 : timeStamp.getValue();
+ String date = (time == 0) ? "" : (new Date(time)).toString();
+ device.put("connectedSince", date);
+ lines.add(device);
+ }
}
}
- TroubleshootingJsonBean result = new TroubleshootingJsonBean();
- List<String> guiFieldNames = new ArrayList<String>();
- guiFieldNames.add("Node");
- guiFieldNames.add("Node ID");
- guiFieldNames.add("Connected");
-
- result.setColumnNames(guiFieldNames);
+ TroubleshootingJsonBean result = new TroubleshootingJsonBean();
+ result.setColumnNames(nodeStatsColumnNames);
result.setNodeData(lines);
return result;
}
public TroubleshootingJsonBean getFlowStats(
@RequestParam("nodeId") String nodeId,
HttpServletRequest request, @RequestParam(required = false) String container) {
- Node node = Node.fromString(nodeId);
- List<HashMap<String, String>> cells = new ArrayList<HashMap<String, String>>();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
- IStatisticsManager statisticsManager = (IStatisticsManager) ServiceHelper
- .getInstance(IStatisticsManager.class, containerName, this);
-
- List<FlowOnNode> statistics = statisticsManager.getFlows(node);
- for (FlowOnNode stats : statistics) {
- cells.add(this.convertFlowStatistics(node, stats, containerName));
+ List<Map<String, String>> cells = new ArrayList<Map<String, String>>();
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+ if (privilege != Privilege.NONE) {
+ IStatisticsManager statisticsManager = (IStatisticsManager) ServiceHelper
+ .getInstance(IStatisticsManager.class, containerName, this);
+ if (statisticsManager != null) {
+ Node node = Node.fromString(nodeId);
+ List<FlowOnNode> statistics = statisticsManager.getFlows(node);
+ for (FlowOnNode stats : statistics) {
+ cells.add(this.convertFlowStatistics(node, stats, containerName));
+ }
+ }
}
- List<String> columnNames = new ArrayList<String>();
- columnNames.addAll(Arrays.asList(new String[] { "Node", "In Port",
- "DL Src", "DL Dst", "DL Type", "DL Vlan", "NW Src", "NW Dst",
- "NW Proto", "TP Src", "TP Dst", "Actions", "Bytes", "Packets",
- "Time (s)", "Timeout (s)", "Out Port(s)", "Out Vlan",
- "Priority" }));
+
TroubleshootingJsonBean result = new TroubleshootingJsonBean();
- result.setColumnNames(columnNames);
+ result.setColumnNames(flowStatsColumnNames);
result.setNodeData(cells);
return result;
}
public TroubleshootingJsonBean getPortStats(
@RequestParam("nodeId") String nodeId,
HttpServletRequest request, @RequestParam(required = false) String container) {
- Node node = Node.fromString(nodeId);
- List<HashMap<String, String>> cells = new ArrayList<HashMap<String, String>>();
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
- IStatisticsManager statisticsManager = (IStatisticsManager) ServiceHelper
- .getInstance(IStatisticsManager.class, containerName, this);
- List<NodeConnectorStatistics> statistics = statisticsManager
- .getNodeConnectorStatistics(node);
- for (NodeConnectorStatistics stats : statistics) {
- cells.add(this.convertPortsStatistics(stats));
+ List<Map<String, String>> cells = new ArrayList<Map<String, String>>();
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+ if (privilege != Privilege.NONE) {
+ IStatisticsManager statisticsManager = (IStatisticsManager) ServiceHelper
+ .getInstance(IStatisticsManager.class, containerName, this);
+ if (statisticsManager != null) {
+ Node node = Node.fromString(nodeId);
+ List<NodeConnectorStatistics> statistics = statisticsManager
+ .getNodeConnectorStatistics(node);
+ for (NodeConnectorStatistics stats : statistics) {
+ cells.add(this.convertPortsStatistics(stats));
+ }
+ }
}
+
TroubleshootingJsonBean result = new TroubleshootingJsonBean();
- List<String> columnNames = new ArrayList<String>();
- columnNames.addAll(Arrays.asList(new String[] { "Node Connector",
- "Rx Pkts", "Tx Pkts", "Rx Bytes", "Tx Bytes", "Rx Drops",
- "Tx Drops", "Rx Errs", "Tx Errs", "Rx Frame Errs",
- "Rx OverRun Errs", "Rx CRC Errs", "Collisions" }));
- result.setColumnNames(columnNames);
+ result.setColumnNames(portStatsColumnNames);
result.setNodeData(cells);
return result;
}
- private HashMap<String, String> convertPortsStatistics(
+ private Map<String, String> convertPortsStatistics(
NodeConnectorStatistics ncStats) {
- HashMap<String, String> row = new HashMap<String, String>();
+ Map<String, String> row = new HashMap<String, String>();
row.put("nodeConnector",
String.valueOf(ncStats.getNodeConnector().toString()));
return row;
}
- private HashMap<String, String> convertFlowStatistics(Node node,
+ private Map<String, String> convertFlowStatistics(Node node,
FlowOnNode flowOnNode,
String containerName) {
- HashMap<String, String> row = new HashMap<String, String>();
+ Map<String, String> row = new HashMap<String, String>();
Flow flow = flowOnNode.getFlow();
Match match = flow.getMatch();
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
package org.opendaylight.controller.troubleshoot.web;
-import java.util.HashMap;
import java.util.List;
+import java.util.Map;
public class TroubleshootingJsonBean {
private List<String> columnNames;
- private List<HashMap<String, String>> nodeData;
+ private List<Map<String, String>> nodeData;
public List<String> getColumnNames() {
return columnNames;
this.columnNames = columnNames;
}
- public List<HashMap<String, String>> getNodeData() {
+ public List<Map<String, String>> getNodeData() {
return nodeData;
}
- public void setNodeData(List<HashMap<String, String>> nodeData) {
+ public void setNodeData(List<Map<String, String>> nodeData) {
this.nodeData = nodeData;
}
}