Northbound will be handled as part of a different commit.
Updated Web UI modules :
1. Root
2. Flows
3. Devices
4. Topology
5. Troublehshooting
Change-Id: I09fa1968a184bf6ae0c6248e8eea3c05a40433d8
Signed-off-by: Venkatraghavan Sankarasubbu <vensanka@cisco.com>
<module>../../statisticsmanager</module>
<module>../../topologymanager</module>
<module>../../usermanager</module>
+ <module>../../security</module>
+
+
<module>../../../third-party/openflowj</module>
<module>../../../third-party/net.sf.jung2</module>
<module>../../../third-party/jersey-servlet</module>
<module>../../web/topology</module>
<!-- Northbound bundles -->
+
+
<module>../../northbound/commons</module>
<module>../../northbound/topology</module>
<module>../../northbound/staticrouting</module>
<module>../../northbound/hosttracker</module>
<module>../../northbound/subnets</module>
<module>../../northbound/switchmanager</module>
-
+
<!-- Debug and logging -->
<module>../../logging/bridge</module>
-<Context crossContext="true"/>
+<Context crossContext="true" sessionCookiePath="/"/>
<Host name="localhost" appBase=""
unpackWARs="false" autoDeploy="false"
deployOnStartup="false" createDirs="false">
-
+ <Realm className="org.opendaylight.controller.security.ControllerCustomRealm" />
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="web_access_log_" suffix=".txt" resolveHosts="false"
rotatable="true" fileDateFormat="yyyy-MM"
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<project
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+ xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>commons.opendaylight</artifactId>
+ <version>1.4.0-SNAPSHOT</version>
+ <relativePath>../commons/opendaylight</relativePath>
+ </parent>
+
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>security</artifactId>
+ <version>0.4.0-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>2.3.6</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Fragment-Host>
+ org.apache.catalina
+ </Fragment-Host>
+ <Import-Package>
+ org.slf4j,
+ javax.servlet,
+ org.apache.catalina,
+ org.apache.catalina.connector,
+ org.apache.catalina.valves,
+ org.apache.catalina.realm,
+ org.opendaylight.controller.sal.utils,
+ org.opendaylight.controller.sal.authorization,
+ org.opendaylight.controller.usermanager
+ </Import-Package>
+ <Export-Package>
+ org.opendaylight.controller.security
+ </Export-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>usermanager</artifactId>
+ <version>0.4.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>sal</artifactId>
+ <version>0.4.0-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
+</project>
--- /dev/null
+package org.opendaylight.controller.security;
+
+import java.security.Principal;
+import java.util.List;
+
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.catalina.realm.RealmBase;
+import org.opendaylight.controller.sal.authorization.AuthResultEnum;
+import org.opendaylight.controller.sal.utils.ServiceHelper;
+import org.opendaylight.controller.usermanager.IUserManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ControllerCustomRealm extends RealmBase {
+
+ private static final String name = "ControllerCustomRealm";
+
+ private static final Logger logger = LoggerFactory
+ .getLogger(ControllerCustomRealm.class);
+
+ @Override
+ protected String getName() {
+ return name;
+ }
+
+ @Override
+ protected String getPassword(String username) {
+ IUserManager userManager = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, this);
+ if (userManager != null) {
+ return userManager.getPassword(username);
+ } else
+ throw new RuntimeException("User Manager reference is null");
+ }
+
+ @Override
+ protected Principal getPrincipal(String username) {
+ IUserManager userManager = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, this);
+ if (userManager != null) {
+ final List<String> roles = userManager.getUserRoles(username);
+ return new GenericPrincipal(username, getPassword(username), roles);
+ } else
+ throw new RuntimeException("User Manager reference is null");
+
+ }
+
+ @Override
+ public Principal authenticate(String username, String credentials) {
+
+ IUserManager userManager = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, this);
+ if (userManager != null) {
+ AuthResultEnum result = userManager.authenticate(username,
+ credentials);
+ if (result.equals(AuthResultEnum.AUTHOR_PASS)
+ || result.equals(AuthResultEnum.AUTH_ACCEPT_LOC)
+ || result.equals(AuthResultEnum.AUTH_ACCEPT)) {
+ return this.getPrincipal(username);
+ } else {
+ logger.error("Authentication failed for user " + username);
+ return null;
+ }
+ } else
+ throw new RuntimeException("User Manager reference is null");
+ }
+
+}
// Session manager to implement session mgmt across web-apps
public ISessionManager getSessionManager();
+
+
+ public String getPassword(String username);
}
public void setSessionMgr(ISessionManager sessionMgr) {
this.sessionMgr = sessionMgr;
}
+
+ public String getPassword(String username) {
+ return localUserConfigList.get(username).getPassword();
+ }
}
import org.opendaylight.controller.usermanager.ISessionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.core.context.SecurityContext;
public class SessionManager implements ISessionManager {
.getLogger(SessionManager.class);
private Map<ServletContext, Set<HttpSession>> sessionMap = new HashMap<ServletContext, Set<HttpSession>>();
- public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
@Override
public void sessionCreated(HttpSessionEvent se) {
while (sessIterator.hasNext()) {
HttpSession session = sessIterator.next();
if (session != null && sessionId != null && session.getId() != null && !session.getId().equals(sessionId)) {
- Object contextFromSession = session
- .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
- if (contextFromSession != null
- && contextFromSession instanceof SecurityContext) {
- String storedUserName = ((SecurityContext) contextFromSession)
- .getAuthentication().getName();
- if (storedUserName != null && storedUserName.equals(username)) {
- sessionsList.add(session);
- sessIterator.remove();
- }
- else {
- logger.debug("storedUserName is null or did not match username " + username);
- }
- } else {
- logger.debug("contextFromSession is null or not instance of SecurityContext");
- }
+ sessionsList.add(session);
+ sessIterator.remove();
}
else {
logger.debug(" session or sessionId is null ");
org.springframework.web.servlet,
org.springframework.web.servlet.config,
org.springframework.web.servlet.view,
-
org.springframework.web.filter,
- org.springframework.web.context,
- org.springframework.security.core,
- org.springframework.security.core.userdetails,
- org.springframework.security.core.authority,
- org.springframework.security.core.context,
- org.springframework.security.authentication,
- org.springframework.security.config,
- org.springframework.security.config.authentication,
- org.springframework.security.taglibs.authz,
- org.springframework.security.web,
- org.springframework.security.web.context,
- org.springframework.security.web.authentication,
- org.springframework.security.web.authentication.www,
- org.springframework.security.provisioning,
- org.springframework.security.web.util,
- org.springframework.security.web.authentication.rememberme,
- org.springframework.security.web.authentication.logout,
- org.springframework.dao
+ org.springframework.web.context
</Import-Package>
<Web-ContextPath>/controller/web/devices</Web-ContextPath>
</instructions>
import java.util.Set;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentMap;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.codehaus.jackson.map.ObjectMapper;
import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.web.IDaylightWeb;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
Map<Short, String> portList = new HashMap<Short, String>();
for (NodeConnector nodeConnector : nodeConnectorSet) {
nodeConnectorNumberToStr = nodeConnector.getID().toString();
- Name ncName = ((Name) switchManager
- .getNodeConnectorProp(nodeConnector,
- Name.NamePropName));
- nodeConnectorName = (ncName != null) ? ncName.getValue() : "";
+ Name ncName = ((Name) switchManager.getNodeConnectorProp(
+ nodeConnector, Name.NamePropName));
+ nodeConnectorName = (ncName != null) ? ncName.getValue()
+ : "";
portList.put(Short.parseShort(nodeConnectorNumberToStr),
nodeConnectorName);
}
columnNames.add("Tier");
columnNames.add("Mac Address");
columnNames.add("Ports");
-
+
result.setColumnNames(columnNames);
return result;
}
public List<String> getTiers() {
return TierHelper.getTiers();
}
-
+
@RequestMapping(value = "/nodesLearnt/update", method = RequestMethod.GET)
@ResponseBody
public StatusJsonBean updateLearntNode(
@RequestParam("nodeName") String nodeName,
@RequestParam("nodeId") String nodeId,
@RequestParam("tier") String tier,
- @RequestParam("operationMode") String operationMode) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
-
- StatusJsonBean resultBean = new StatusJsonBean();
+ @RequestParam("operationMode") String operationMode,
+ HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
+
+ StatusJsonBean resultBean = new StatusJsonBean();
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
public DevicesJsonBean getStaticRoutes() {
Gson gson = new Gson();
IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
- .getInstance(IForwardingStaticRouting.class, containerName, this);
+ .getInstance(IForwardingStaticRouting.class, containerName,
+ this);
List<Map<String, String>> staticRoutes = new ArrayList<Map<String, String>>();
ConcurrentMap<String, StaticRouteConfig> routeConfigs = staticRouting
.getStaticRouteConfigs();
public StatusJsonBean addStaticRoute(
@RequestParam("routeName") String routeName,
@RequestParam("staticRoute") String staticRoute,
- @RequestParam("nextHop") String nextHop) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
-
+ @RequestParam("nextHop") String nextHop, HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
+
StatusJsonBean result = new StatusJsonBean();
try {
IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
@RequestMapping(value = "/staticRoute/delete", method = RequestMethod.GET)
@ResponseBody
public StatusJsonBean deleteStaticRoute(
- @RequestParam("routesToDelete") String routesToDelete) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
-
+ @RequestParam("routesToDelete") String routesToDelete,
+ HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
+
StatusJsonBean resultBean = new StatusJsonBean();
try {
IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
result.setNodeData(subnets);
return result;
}
-
+
@RequestMapping(value = "/subnetGateway/add", method = RequestMethod.GET)
@ResponseBody
public StatusJsonBean addSubnetGateways(
@RequestParam("gatewayName") String gatewayName,
- @RequestParam("gatewayIPAddress") String gatewayIPAddress) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
+ @RequestParam("gatewayIPAddress") String gatewayIPAddress,
+ HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
StatusJsonBean resultBean = new StatusJsonBean();
try {
@RequestMapping(value = "/subnetGateway/delete", method = RequestMethod.GET)
@ResponseBody
public StatusJsonBean deleteSubnetGateways(
- @RequestParam("gatewaysToDelete") String gatewaysToDelete) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
-
+ @RequestParam("gatewaysToDelete") String gatewaysToDelete,
+ HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
+
StatusJsonBean resultBean = new StatusJsonBean();
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
public StatusJsonBean addSubnetGatewayPort(
@RequestParam("portsName") String portsName,
@RequestParam("ports") String ports,
- @RequestParam("nodeId") String nodeId) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
-
+ @RequestParam("nodeId") String nodeId, HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
+
StatusJsonBean resultBean = new StatusJsonBean();
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
@ResponseBody
public StatusJsonBean deleteSubnetGatewayPort(
@RequestParam("gatewayName") String gatewayName,
- @RequestParam("nodePort") String nodePort) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
-
+ @RequestParam("nodePort") String nodePort,
+ HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
+
StatusJsonBean resultBean = new StatusJsonBean();
try {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
@RequestMapping(value = "/spanPorts/add", method = RequestMethod.GET)
@ResponseBody
- public StatusJsonBean addSpanPort(@RequestParam("jsonData") String jsonData) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
-
+ public StatusJsonBean addSpanPort(
+ @RequestParam("jsonData") String jsonData,
+ HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
+
StatusJsonBean resultBean = new StatusJsonBean();
try {
Gson gson = new Gson();
@RequestMapping(value = "/spanPorts/delete", method = RequestMethod.GET)
@ResponseBody
public StatusJsonBean deleteSpanPorts(
- @RequestParam("spanPortsToDelete") String spanPortsToDelete) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
- return unauthorizedMessage();
- }
-
+ @RequestParam("spanPortsToDelete") String spanPortsToDelete,
+ HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return unauthorizedMessage();
+ }
+
StatusJsonBean resultBean = new StatusJsonBean();
try {
Gson gson = new Gson();
.getInstance(ISwitchManager.class, containerName, this);
String description = "";
if (switchManager != null) {
- description = switchManager
- .getNodeDescription(Node.fromString(nodeId));
+ description = switchManager.getNodeDescription(Node
+ .fromString(nodeId));
}
- return (description.isEmpty() || description.equalsIgnoreCase("none"))?
- nodeId : description;
+ return (description.isEmpty() || description.equalsIgnoreCase("none")) ? nodeId
+ : description;
}
-
/**
* Is the operation permitted for the given level
*
* @param level
*/
- private boolean authorize(UserLevel level) {
- IUserManager userManager = (IUserManager) ServiceHelper
+ private boolean authorize(UserLevel level, HttpServletRequest request) {
+ IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
- return false;
+ return false;
}
-
- String username = SecurityContextHolder.getContext().getAuthentication().getName();
+
+ String username = request.getUserPrincipal().getName();
UserLevel userLevel = userManager.getUserLevel(username);
if (userLevel.toNumber() <= level.toNumber()) {
- return true;
+ return true;
}
return false;
}
-
+
private StatusJsonBean unauthorizedMessage() {
- StatusJsonBean message = new StatusJsonBean();
- message.setStatus(false);
- message.setMessage("Operation not authorized");
- return message;
+ StatusJsonBean message = new StatusJsonBean();
+ message.setStatus(false);
+ message.setMessage("Operation not authorized");
+ return message;
+ }
+
+ @RequestMapping(value = "login")
+ public String login(final HttpServletRequest request,
+ final HttpServletResponse response) {
+ // response.setHeader("X-Page-Location", "/login");
+ /*
+ * IUserManager userManager = (IUserManager) ServiceHelper
+ * .getGlobalInstance(IUserManager.class, this); if (userManager ==
+ * null) { return "User Manager is not available"; }
+ *
+ * String username = request.getUserPrincipal().getName();
+ *
+ *
+ * model.addAttribute("username", username); model.addAttribute("role",
+ * userManager.getUserLevel(username).toNumber());
+ */
+ return "forward:" + "/";
}
}
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
- <import resource="servlet/security.xml"/>
-
-</beans>
+++ /dev/null
-<beans:beans xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
- <http pattern="/css/**" security="none" />
- <http pattern="/js/**" security="none" />
- <http pattern="/images/**" security="none" />
- <http pattern="/favicon.ico" security="none" />
- <http pattern="/controller/web/css/**" security="none" />
- <http pattern="/controller/web/js/**" security="none" />
- <http pattern="/controller/web/images/**" security="none" />
-
-
- <http auto-config="false" authentication-manager-ref="authenticationManager"
- security-context-repository-ref="securityContextRepo" entry-point-ref="loginUrlAuthenticationEntryPoint">
- <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
- <intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-
- <intercept-url pattern="/**"
- access="ROLE_SYSTEM-ADMIN, ROLE_NETWORK-ADMIN, ROLE_NETWORK-OPERATOR, ROLE_CONTAINER-USER" />
- <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
- <custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
- <custom-filter position="LAST" ref="controllerFilter" />
- <remember-me services-ref="rememberMeServices" key="SDN" />
- </http>
-
- <beans:bean id="controllerFilter"
- class="org.opendaylight.controller.web.ControllerCustomFilter" />
-
- <authentication-manager id="authenticationManager">
- <authentication-provider ref="authenticationProviderWrapper" />
- </authentication-manager>
-
- <beans:bean id="authenticationFilter"
- class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
- <beans:property name="authenticationManager" ref="authenticationManager" />
- <beans:property name="authenticationFailureHandler"
- ref="authenticationFailureHandler" />
- <beans:property name="authenticationSuccessHandler">
- <beans:bean
- class="org.opendaylight.controller.web.ControllerAuthenticationSuccessHandler">
- <beans:property name="targetUrlParameter" value="x-page-url" />
- <beans:property name="defaultTargetUrl" value="/" />
- </beans:bean>
- </beans:property>
- <beans:property name="rememberMeServices" ref="rememberMeServices" />
- </beans:bean>
-
- <beans:bean id="securityContextRepo"
- class="org.opendaylight.controller.web.ControllerWebSecurityContextRepository" />
-
- <beans:bean id="authenticationFailureHandler"
- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <beans:property name="useForward" value="false" />
- <beans:property name="defaultFailureUrl" value="/login" />
- </beans:bean>
-
- <beans:bean id="loginUrlAuthenticationEntryPoint"
- class="org.opendaylight.controller.web.ControllerLoginUrlAuthEntryPoint">
- <beans:property name="loginFormUrl" value="/login" />
- </beans:bean>
-
- <beans:bean id="authenticationProviderWrapper"
- class="org.opendaylight.controller.web.AuthenticationProviderWrapper" />
-
- <!-- logout related -->
-
- <beans:bean id="logoutHandler"
- class="org.opendaylight.controller.web.ControllerLogoutHandler" />
-
- <beans:bean id="securityContextLogoutHandler"
- class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
-
-
- <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
- <!-- if logout succeed then this is the URL -->
- <beans:constructor-arg value="/login" />
- <beans:constructor-arg>
- <beans:list>
- <beans:ref bean="logoutHandler"/>
- <beans:ref bean="rememberMeServices"/>
- <beans:ref bean="securityContextLogoutHandler"/>
- </beans:list>
- </beans:constructor-arg>
- <beans:property name="filterProcessesUrl" value="/logout" />
- </beans:bean>
-
-
-
-
- <!-- remember me related -->
- <beans:bean id="rememberMeFilter"
- class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
- <beans:property name="rememberMeServices" ref="rememberMeServices" />
- <beans:property name="authenticationManager" ref="authenticationManager" />
- </beans:bean>
-
- <beans:bean id="rememberMeServices"
- class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
- <beans:property name="userDetailsService" ref="userDetailsServiceRef" />
- <beans:property name="key" value="SDN" />
- <beans:property name="alwaysRemember" value="true"></beans:property>
- <beans:property name="tokenValiditySeconds" value="3600" />
- <beans:property name="cookieName" value="SDN-Controller" />
- </beans:bean>
-
- <beans:bean id="userDetailsServiceRef" class="org.opendaylight.controller.web.ControllerUserDetailsService" />
-
-
- <beans:bean id="rememberMeAuthenticationProvider"
- class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
- <beans:property name="key" value="SDN" />
- </beans:bean>
-
-</beans:beans>
<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
- version="2.4">
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>free access</web-resource-name>
+ <url-pattern>/js/*</url-pattern>
+ <url-pattern>/images/*</url-pattern>
+ <url-pattern>/css/*</url-pattern>
+ <url-pattern>/favicon.ico</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring/*.xml</param-value>
- </context-param>
+ <security-constraint>
+ <display-name>DevicesApp</display-name>
+ <web-resource-collection>
+ <web-resource-name>DevicesGUI</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>System-Admin</role-name>
+ <role-name>Network-Admin</role-name>
+ <role-name>Network-Operator</role-name>
+ <role-name>Container-User</role-name>
+ </auth-constraint>
+ </security-constraint>
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
+ <security-role>
+ <role-name>System-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Operator</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Container-User</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+ <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
<servlet>
<servlet-name>Devices</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
<listener>
<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
</listener>
+ <session-config>
+ <cookie-config>
+ <path>/</path>
+ </cookie-config>
+ </session-config>
+
</web-app>
org.springframework.web.servlet,
org.springframework.web.servlet.config,
org.springframework.web.servlet.view,
-
org.springframework.web.filter,
- org.springframework.web.context,
- org.springframework.security.core,
- org.springframework.security.core.userdetails,
- org.springframework.security.core.authority,
- org.springframework.security.core.context,
- org.springframework.security.authentication,
- org.springframework.security.config,
- org.springframework.security.config.authentication,
- org.springframework.security.taglibs.authz,
- org.springframework.security.web,
- org.springframework.security.web.context,
- org.springframework.security.web.authentication,
- org.springframework.security.web.authentication.www,
- org.springframework.security.provisioning,
- org.springframework.security.web.util,
- org.springframework.security.web.authentication.rememberme,
- org.springframework.security.web.authentication.logout,
- org.springframework.dao\r
+ org.springframework.web.context \r
</Import-Package>
<Web-ContextPath>/controller/web/flows</Web-ContextPath>
</instructions>
-
/*
* Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
*
import java.util.Map;
import java.util.Set;
+import javax.servlet.http.HttpServletRequest;
+
import org.opendaylight.controller.forwardingrulesmanager.FlowConfig;
import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager;
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.switchmanager.SwitchConfig;
import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.web.IDaylightWeb;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping("/")
public class Flows implements IDaylightWeb {
- private static final UserLevel AUTH_LEVEL = UserLevel.CONTAINERUSER;
+ private static final UserLevel AUTH_LEVEL = UserLevel.CONTAINERUSER;
private static final String WEB_NAME = "Flows";
private static final String WEB_ID = "flows";
private static final short WEB_ORDER = 2;
return WEB_ORDER;
}
- @Override
- public boolean isAuthorized(UserLevel userLevel) {
- return userLevel.ordinal() <= AUTH_LEVEL.ordinal();
- }
-
+ @Override
+ public boolean isAuthorized(UserLevel userLevel) {
+ return userLevel.ordinal() <= AUTH_LEVEL.ordinal();
+ }
+
@RequestMapping(value = "/main")
@ResponseBody
public Set<Map<String, Object>> getFlows() {
// fetch frm
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
- if (frm == null) { return null; }
+ if (frm == null) {
+ return null;
+ }
// fetch sm
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
- if (switchManager == null) { return null; }
-
+ if (switchManager == null) {
+ return null;
+ }
+
// get static flow list
List<FlowConfig> staticFlowList = frm.getStaticFlows();
Set<Map<String, Object>> output = new HashSet<Map<String, Object>>();
for (FlowConfig flowConfig : staticFlowList) {
- Map<String, Object> entry = new HashMap<String, Object>();
- entry.put("flow", flowConfig);
- entry.put("name", flowConfig.getName());
- Node node = flowConfig.getNode();
- String description = switchManager.getNodeDescription(node);
- entry.put("node",
- (description.isEmpty() ||
- description.equalsIgnoreCase("none"))?
- node.toString() : description);
- entry.put("nodeId", node.toString());
- output.add(entry);
- }
-
+ Map<String, Object> entry = new HashMap<String, Object>();
+ entry.put("flow", flowConfig);
+ entry.put("name", flowConfig.getName());
+ Node node = flowConfig.getNode();
+ String description = switchManager.getNodeDescription(node);
+ entry.put("node", (description.isEmpty() || description
+ .equalsIgnoreCase("none")) ? node.toString() : description);
+ entry.put("nodeId", node.toString());
+ output.add(entry);
+ }
+
return output;
}
public Map<String, Object> getNodePorts() {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
- if (switchManager == null) { return null; }
+ if (switchManager == null) {
+ return null;
+ }
Map<String, Object> nodes = new HashMap<String, Object>();
Map<Short, String> port;
String nodeConnectorName = ((Name) switchManager
.getNodeConnectorProp(nodeConnector,
Name.NamePropName)).getValue();
- port.put((Short) nodeConnector.getID(),
- nodeConnectorName + "("
- + nodeConnector.getNodeConnectorIDString() + ")");
+ port.put((Short) nodeConnector.getID(), nodeConnectorName
+ + "(" + nodeConnector.getNodeConnectorIDString()
+ + ")");
}
}
-
+
// add ports
Map<String, Object> entry = new HashMap<String, Object>();
entry.put("ports", port);
-
+
// add name
- String description = switchManager
- .getNodeDescription(node.getNode());
- entry.put("name", (description.isEmpty() ||
- description.equalsIgnoreCase("none"))?
- node.getNode().toString() : description);
-
+ String description = switchManager.getNodeDescription(node
+ .getNode());
+ entry.put("name", (description.isEmpty() || description
+ .equalsIgnoreCase("none")) ? node.getNode().toString()
+ : description);
+
// add to the node
nodes.put(node.getNode().toString(), entry);
}
return nodes;
}
-
+
@RequestMapping(value = "/node-flows")
@ResponseBody
public Map<String, Object> getNodeFlows() {
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
- if (switchManager == null) { return null; }
+ if (switchManager == null) {
+ return null;
+ }
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, "default", this);
- if (frm == null) { return null; }
+ if (frm == null) {
+ return null;
+ }
Map<String, Object> nodes = new HashMap<String, Object>();
for (Switch sw : switchManager.getNetworkDevices()) {
Node node = sw.getNode();
-
+
List<FlowConfig> flows = frm.getStaticFlows(node);
-
+
String nodeDesc = node.toString();
- SwitchConfig config = switchManager.getSwitchConfig(node.getNodeIDString());
+ SwitchConfig config = switchManager.getSwitchConfig(node
+ .getNodeIDString());
if (config != null) {
- nodeDesc = config.getNodeDescription();
+ nodeDesc = config.getNodeDescription();
}
-
+
nodes.put(nodeDesc, flows.size());
}
@RequestMapping(value = "/flow", method = RequestMethod.POST)
@ResponseBody
public String actionFlow(@RequestParam(required = true) String action,
- @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId) {
- if (!isUserAuthorized(UserLevel.NETWORKADMIN)) {
- return "Operation not authorized";
- }
-
+ @RequestParam(required = false) String body,
+ @RequestParam(required = true) String nodeId,
+ HttpServletRequest request) {
+ if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+ return "Operation not authorized";
+ }
+
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
- if (frm == null) { return null; }
+ if (frm == null) {
+ return null;
+ }
Gson gson = new Gson();
FlowConfig flow = gson.fromJson(body, FlowConfig.class);
result = frm.addStaticFlow(flow, false);
}
- return (result.isSuccess())? StatusCode.SUCCESS.toString(): result.getDescription();
+ return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result
+ .getDescription();
}
-
+
@RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
@ResponseBody
- public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name,
- @RequestParam(required = true) String action) {
- if (!isUserAuthorized(UserLevel.NETWORKADMIN)) { return "Operation not authorized"; }
-
- IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
+ public String removeFlow(@PathVariable("nodeId") String nodeId,
+ @PathVariable("name") String name,
+ @RequestParam(required = true) String action,
+ HttpServletRequest request) {
+ if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+
+ return "Operation not authorized";
+ }
+
+ IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
- if (frm == null) { return null; }
-
+ if (frm == null) {
+ return null;
+ }
+
Status result = null;
Node node = Node.fromString(nodeId);
- if (node == null) { return null; }
+ if (node == null) {
+ return null;
+ }
if (action.equals("remove")) {
- result = frm.removeStaticFlow(name, node);
+ result = frm.removeStaticFlow(name, node);
} else if (action.equals("toggle")) {
- result = frm.toggleStaticFlowStatus(name, node);
+ result = frm.toggleStaticFlowStatus(name, node);
} else {
- result = new Status(StatusCode.BADREQUEST, "Unknown action");
+ result = new Status(StatusCode.BADREQUEST, "Unknown action");
}
-
- return (result.isSuccess())? StatusCode.SUCCESS.toString(): result.getDescription();
+
+ return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result
+ .getDescription();
}
-
+
/**
- * Returns whether the current user's level is same or above
- * the required authorization level.
+ * Returns whether the current user's level is same or above the required
+ * authorization level.
*
- * @param requiredLevel the authorization level required
+ * @param requiredLevel
+ * the authorization level required
*/
- private boolean isUserAuthorized(UserLevel requiredLevel) {
- IUserManager userManager = (IUserManager) ServiceHelper
+ private boolean isUserAuthorized(UserLevel requiredLevel,
+ HttpServletRequest request) {
+ IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
- if (userManager == null) { return false; }
-
- String username = SecurityContextHolder.getContext().getAuthentication().getName();
+ if (userManager == null) {
+ return false;
+ }
+
+ String username = request.getUserPrincipal().getName();
UserLevel userLevel = userManager.getUserLevel(username);
return (userLevel.ordinal() <= requiredLevel.ordinal());
}
--- /dev/null
+***************
+*** 29,35 ****
+ import org.opendaylight.controller.switchmanager.SwitchConfig;
+ import org.opendaylight.controller.usermanager.IUserManager;
+ import org.opendaylight.controller.web.IOneWeb;
+- import org.springframework.security.core.context.SecurityContextHolder;
+ import org.springframework.stereotype.Controller;
+ import org.springframework.web.bind.annotation.PathVariable;
+ import org.springframework.web.bind.annotation.RequestMapping;
+--- 31,36 ----
+ import org.opendaylight.controller.switchmanager.SwitchConfig;
+ import org.opendaylight.controller.usermanager.IUserManager;
+ import org.opendaylight.controller.web.IOneWeb;
+ import org.springframework.stereotype.Controller;
+ import org.springframework.web.bind.annotation.PathVariable;
+ import org.springframework.web.bind.annotation.RequestMapping;
+***************
+*** 182,189 ****
+ @RequestMapping(value = "/flow", method = RequestMethod.POST)
+ @ResponseBody
+ public String actionFlow(@RequestParam(required = true) String action,
+- @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId) {
+- if (!authorize(UserLevel.NETWORKADMIN)) {
+ return "Operation not authorized";
+ }
+
+--- 183,190 ----
+ @RequestMapping(value = "/flow", method = RequestMethod.POST)
+ @ResponseBody
+ public String actionFlow(@RequestParam(required = true) String action,
++ @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId, HttpServletRequest request) {
++ if (!authorize(UserLevel.NETWORKADMIN, request)) {
+ return "Operation not authorized";
+ }
+
+***************
+*** 206,213 ****
+ @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
+ @ResponseBody
+ public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name,
+- @RequestParam(required = true) String action) {
+- if (!authorize(UserLevel.NETWORKADMIN)) { return "Operation not authorized"; }
+
+ IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
+ .getInstance(IForwardingRulesManager.class, "default", this);
+--- 207,214 ----
+ @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
+ @ResponseBody
+ public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name,
++ @RequestParam(required = true) String action, HttpServletRequest request) {
++ if (!authorize(UserLevel.NETWORKADMIN, request)) { return "Operation not authorized"; }
+
+ IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
+ .getInstance(IForwardingRulesManager.class, "default", this);
+***************
+*** 235,248 ****
+ *
+ * @param level
+ */
+- private boolean authorize(UserLevel level) {
+ IUserManager userManager = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, this);
+ if (userManager == null) {
+ return false;
+ }
+
+- String username = SecurityContextHolder.getContext().getAuthentication().getName();
+ UserLevel userLevel = userManager.getUserLevel(username);
+ if (userLevel.toNumber() <= level.toNumber()) {
+ return true;
+--- 236,249 ----
+ *
+ * @param level
+ */
++ private boolean authorize(UserLevel level, HttpServletRequest request) {
+ IUserManager userManager = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, this);
+ if (userManager == null) {
+ return false;
+ }
+
++ String username = request.getUserPrincipal().getName();
+ UserLevel userLevel = userManager.getUserLevel(username);
+ if (userLevel.toNumber() <= level.toNumber()) {
+ return true;
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
- <import resource="servlet/security.xml"/>
-
-</beans>
+++ /dev/null
-<beans:beans xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
- <http pattern="/css/**" security="none" />
- <http pattern="/js/**" security="none" />
- <http pattern="/images/**" security="none" />
- <http pattern="/favicon.ico" security="none" />
- <http pattern="/controller/web/css/**" security="none" />
- <http pattern="/controller/web/js/**" security="none" />
- <http pattern="/controller/web/images/**" security="none" />
-
-
- <http auto-config="false" authentication-manager-ref="authenticationManager"
- security-context-repository-ref="securityContextRepo" entry-point-ref="loginUrlAuthenticationEntryPoint">
- <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
- <intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-
- <intercept-url pattern="/**"
- access="ROLE_SYSTEM-ADMIN, ROLE_NETWORK-ADMIN, ROLE_NETWORK-OPERATOR, ROLE_CONTAINER-USER" />
- <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
- <custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
- <custom-filter position="LAST" ref="controllerFilter" />
- <remember-me services-ref="rememberMeServices" key="SDN" />
- </http>
-
- <beans:bean id="controllerFilter"
- class="org.opendaylight.controller.web.ControllerCustomFilter" />
-
- <authentication-manager id="authenticationManager">
- <authentication-provider ref="authenticationProviderWrapper" />
- </authentication-manager>
-
- <beans:bean id="authenticationFilter"
- class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
- <beans:property name="authenticationManager" ref="authenticationManager" />
- <beans:property name="authenticationFailureHandler"
- ref="authenticationFailureHandler" />
- <beans:property name="authenticationSuccessHandler">
- <beans:bean
- class="org.opendaylight.controller.web.ControllerAuthenticationSuccessHandler">
- <beans:property name="targetUrlParameter" value="x-page-url" />
- <beans:property name="defaultTargetUrl" value="/" />
- </beans:bean>
- </beans:property>
- <beans:property name="rememberMeServices" ref="rememberMeServices" />
- </beans:bean>
-
- <beans:bean id="securityContextRepo"
- class="org.opendaylight.controller.web.ControllerWebSecurityContextRepository" />
-
- <beans:bean id="authenticationFailureHandler"
- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <beans:property name="useForward" value="false" />
- <beans:property name="defaultFailureUrl" value="/login" />
- </beans:bean>
-
- <beans:bean id="loginUrlAuthenticationEntryPoint"
- class="org.opendaylight.controller.web.ControllerLoginUrlAuthEntryPoint">
- <beans:property name="loginFormUrl" value="/login" />
- </beans:bean>
-
- <beans:bean id="authenticationProviderWrapper"
- class="org.opendaylight.controller.web.AuthenticationProviderWrapper" />
-
- <!-- logout related -->
-
- <beans:bean id="logoutHandler"
- class="org.opendaylight.controller.web.ControllerLogoutHandler" />
-
- <beans:bean id="securityContextLogoutHandler"
- class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
-
-
- <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
- <!-- if logout succeed then this is the URL -->
- <beans:constructor-arg value="/login" />
- <beans:constructor-arg>
- <beans:list>
- <beans:ref bean="logoutHandler"/>
- <beans:ref bean="rememberMeServices"/>
- <beans:ref bean="securityContextLogoutHandler"/>
- </beans:list>
- </beans:constructor-arg>
- <beans:property name="filterProcessesUrl" value="/logout" />
- </beans:bean>
-
-
-
-
- <!-- remember me related -->
- <beans:bean id="rememberMeFilter"
- class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
- <beans:property name="rememberMeServices" ref="rememberMeServices" />
- <beans:property name="authenticationManager" ref="authenticationManager" />
- </beans:bean>
-
- <beans:bean id="rememberMeServices"
- class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
- <beans:property name="userDetailsService" ref="userDetailsServiceRef" />
- <beans:property name="key" value="SDN" />
- <beans:property name="alwaysRemember" value="true"></beans:property>
- <beans:property name="tokenValiditySeconds" value="3600" />
- <beans:property name="cookieName" value="SDN-Controller" />
- </beans:bean>
-
- <beans:bean id="userDetailsServiceRef" class="org.opendaylight.controller.web.ControllerUserDetailsService" />
-
-
- <beans:bean id="rememberMeAuthenticationProvider"
- class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
- <beans:property name="key" value="SDN" />
- </beans:bean>
-
-</beans:beans>
<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
- version="2.4">
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring/*.xml</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
<servlet>
<servlet-name>Flows</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>free access</web-resource-name>
+ <url-pattern>/js/*</url-pattern>
+ <url-pattern>/images/*</url-pattern>
+ <url-pattern>/css/*</url-pattern>
+ <url-pattern>/favicon.ico</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+
+ <security-constraint>
+ <display-name>FlowApp</display-name>
+ <web-resource-collection>
+ <web-resource-name>FlowMgrGUI</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>System-Admin</role-name>
+ <role-name>Network-Admin</role-name>
+ <role-name>Network-Operator</role-name>
+ <role-name>Container-User</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-role>
+ <role-name>System-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Operator</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Container-User</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+ <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
<listener>
<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
</listener>
+ <session-config>
+ <cookie-config>
+ <path>/</path>
+ </cookie-config>
+ </session-config>
+
+
+
</web-app>
org.springframework.web.servlet.config,
org.springframework.web.servlet.view,
org.springframework.web.servlet.view.json,
-
org.springframework.web.filter,
org.springframework.web.context,
- org.springframework.security.core,
- org.springframework.security.core.userdetails,
- org.springframework.security.core.authority,
- org.springframework.security.core.context,
- org.springframework.security.authentication,
- org.springframework.security.config,
- org.springframework.security.config.authentication,
- org.springframework.security.taglibs.authz,
- org.springframework.security.web,
- org.springframework.security.web.context,
- org.springframework.security.web.authentication,
- org.springframework.security.web.authentication.www,
- org.springframework.security.provisioning,
- org.springframework.security.web.util,
- org.springframework.security.web.authentication.rememberme,
- org.springframework.security.web.authentication.logout,
- org.springframework.dao,
- org.springframework.security.web.savedrequest,
- org.springframework.security.access,
org.springframework.util
-
-
</Import-Package>
<Export-Package>
org.opendaylight.controller.web
+++ /dev/null
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-
-
-public class AuthenticationProviderWrapper implements
- AuthenticationProvider {
-
- private static final Logger logger = LoggerFactory
- .getLogger(AuthenticationProviderWrapper.class);
-
- @Override
- public Authentication authenticate(Authentication authentication)
- throws AuthenticationException {
- return ((AuthenticationProvider) getUserManagerRef())
- .authenticate(authentication);
- }
-
- @Override
- public boolean supports(Class<?> authentication) {
- return ((AuthenticationProvider) getUserManagerRef())
- .supports(authentication);
- }
-
- private IUserManager getUserManagerRef() {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager != null) {
- return userManager;
- } else {
- logger.error("UserManager Ref is null. ");
- throw new RuntimeException("UserManager Ref is null. ");
- }
- }
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
-import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
-import org.springframework.security.web.savedrequest.RequestCache;
-import org.springframework.security.web.savedrequest.SavedRequest;
-import org.springframework.util.StringUtils;
-
-public class ControllerAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
- private RequestCache requestCache = new HttpSessionRequestCache();
-
- @Override
- public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
- Authentication authentication) throws ServletException, IOException {
- SavedRequest savedRequest = requestCache.getRequest(request, response);
-
- if (savedRequest == null) {
- super.onAuthenticationSuccess(request, response, authentication);
-
- return;
- }
- String targetUrlParameter = getTargetUrlParameter();
- if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
- requestCache.removeRequest(request, response);
- super.onAuthenticationSuccess(request, response, authentication);
-
- return;
- }
-
- clearAuthenticationAttributes(request);
-
- // Use the DefaultSavedRequest URL
-
- String targetUrl = savedRequest.getRedirectUrl();
- //workaround to avoid being redirected to ajax calls
- Map<String, String[]> m = savedRequest.getParameterMap();
- if(m!= null)
- {
- String[] value = m.get("x-page-url");
- if(value != null && value.length > 0)
- targetUrl = request.getContextPath() + "#" + value[0];
- }
- logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
-
-
-
- getRedirectStrategy().sendRedirect(request, response, targetUrl);
- }
-
- public void setRequestCache(RequestCache requestCache) {
- this.requestCache = requestCache;
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.controller.web;
-
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.filter.GenericFilterBean;
-
-public class ControllerCustomFilter extends GenericFilterBean {
-
- private static final Logger logger = LoggerFactory
- .getLogger(ControllerCustomFilter.class);
-
-
- @Override
- public void doFilter(ServletRequest req, ServletResponse resp,
- FilterChain chain) throws IOException, ServletException {
- //custom filter to handle logged out users
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) resp;
-
- String url = request.getRequestURL().toString();
-
- //skip anonymous auth
- if (!(url.indexOf("login") > -1) && !(url.indexOf("logout") > -1)) {
- if (SecurityContextHolder.getContext().getAuthentication() != null
- && SecurityContextHolder.getContext().getAuthentication()
- .isAuthenticated()) {
-
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager != null) {
- Map<String, List<String>> activeUsers = userManager
- .getUserLoggedIn();
- if (activeUsers != null && activeUsers.size() > 0) {
-
- String username = SecurityContextHolder.getContext()
- .getAuthentication().getName();
- if (!activeUsers.containsKey(username)) {
- throw new AccessDeniedException(
- "UserManager activeUserList does not contain user "
- + username);
- }
- } else {
- logger.error("UserManager return empty activeusers");
- throw new AccessDeniedException(
- "UserManager activeUserList is empty. ");
- }
- } else {
- logger.error("UserManager Ref is null. ");
- throw new RuntimeException("UserManager Ref is null. ");
- }
-
- } else {
- logger.error("SecurityContextHolder getAuthentication is null");
- throw new AccessDeniedException(
- "SecurityContextHolder is not populated");
- }
- }
-
- chain.doFilter(request, response);
- }
-
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.DefaultRedirectStrategy;
-import org.springframework.security.web.RedirectStrategy;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-import org.springframework.security.web.util.RedirectUrlBuilder;
-
-@SuppressWarnings("deprecation")
-public class ControllerLoginUrlAuthEntryPoint extends
- LoginUrlAuthenticationEntryPoint {
-
- private String loginFormUrl = "/login";
- private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
-
- //This entry point always re-directs to root login page.
-
- @Override
- public void commence(HttpServletRequest request,
- HttpServletResponse response, AuthenticationException authException)
- throws IOException, ServletException {
-
- String redirectUrl = request.getRequestURL().toString();
- RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
- urlBuilder.setScheme(request.getScheme());
- urlBuilder.setServerName(request.getServerName());
- urlBuilder.setPort(getPortResolver().getServerPort(request));
- // urlBuilder.setContextPath(request.getContextPath());
- urlBuilder.setPathInfo(loginFormUrl);
- redirectUrl = urlBuilder.getUrl();
- redirectStrategy.sendRedirect(request, response, redirectUrl);
-
- }
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.LogoutHandler;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-
-public class ControllerLogoutHandler implements LogoutHandler {
-
- private static final Logger logger = LoggerFactory
- .getLogger(ControllerLogoutHandler.class);
-
- @Override
- public void logout(HttpServletRequest request,
- HttpServletResponse response, Authentication authentication) {
- if (authentication != null) {
- String userName = authentication.getName();
- if (userName != null) {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager != null) {
- userManager.userLogout(userName);
- HttpSession session = request.getSession();
- userManager.getSessionManager().invalidateSessions(userName, session.getId());
-
- } else
- logger
- .error("UserMgr ref is null. Logout is not done cleanly");
-
- } else
- logger
- .error("User name is null in authentication. Logout is not done cleanly");
- }
-
- }
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-
-
-public class ControllerUserDetailsService implements UserDetailsService {
-
- private static final Logger logger = LoggerFactory
- .getLogger(ControllerUserDetailsService.class);
-
- ControllerUserDetailsService() {
- }
-
- @Override
- public UserDetails loadUserByUsername(String username)
- throws UsernameNotFoundException {
- return getUserManagerRef().loadUserByUsername(username);
- }
-
- private IUserManager getUserManagerRef() {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager != null) {
- return userManager;
- } else {
- logger.error("UserManager Ref is null. ");
- throw new RuntimeException("UserManager Ref is null. ");
- }
- }
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.web.context.HttpRequestResponseHolder;
-import org.springframework.security.web.context.SecurityContextRepository;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-
-
-public class ControllerWebSecurityContextRepository implements
- SecurityContextRepository {
-
- private static final Logger logger = LoggerFactory
- .getLogger(ControllerWebSecurityContextRepository.class);
-
- ControllerWebSecurityContextRepository() {
- }
-
- @Override
- public SecurityContext loadContext(
- HttpRequestResponseHolder requestResponseHolder) {
-
- SecurityContextRepository contextRepo = (SecurityContextRepository) getUserManagerRef()
- .getSecurityContextRepo();
- return contextRepo.loadContext(requestResponseHolder);
- }
-
- @Override
- public void saveContext(SecurityContext context,
- HttpServletRequest request, HttpServletResponse response) {
- SecurityContextRepository contextRepo = (SecurityContextRepository) getUserManagerRef()
- .getSecurityContextRepo();
- contextRepo.saveContext(context, request, response);
- }
-
- private IUserManager getUserManagerRef() {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager != null) {
- return userManager;
- } else {
- logger.error("UserManager Ref is null. ");
- throw new RuntimeException("UserManager Ref is null. ");
- }
- }
-
- @Override
- public boolean containsContext(HttpServletRequest request) {
- SecurityContextRepository contextRepo = (SecurityContextRepository) getUserManagerRef()
- .getSecurityContextRepo();
- return contextRepo.containsContext(request);
- }
-
-}
-
/*
* Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
*
import java.util.HashMap;
import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.opendaylight.controller.configuration.IConfigurationService;
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.usermanager.IUserManager;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@RequestMapping("/")
public class DaylightWeb {
@RequestMapping(value = "")
- public String index(Model model) {
- IUserManager userManager = (IUserManager) ServiceHelper
+ public String index(Model model, HttpServletRequest request) {
+ IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
- return "User Manager is not available";
+ return "User Manager is not available";
}
-
- String username = SecurityContextHolder.getContext().getAuthentication().getName();
+
+ String username = request.getUserPrincipal().getName();
+
model.addAttribute("username", username);
- model.addAttribute("role", userManager.getUserLevel(username).toNumber());
-
+ model.addAttribute("role", userManager.getUserLevel(username)
+ .toNumber());
+
return "main";
}
@RequestMapping(value = "web.json")
@ResponseBody
- public Map<String, Map<String, Object>> bundles() {
- Object[] instances = ServiceHelper.getGlobalInstances(IDaylightWeb.class,
- this, null);
+ public Map<String, Map<String, Object>> bundles(HttpServletRequest request) {
+ Object[] instances = ServiceHelper.getGlobalInstances(
+ IDaylightWeb.class, this, null);
Map<String, Map<String, Object>> bundles = new HashMap<String, Map<String, Object>>();
Map<String, Object> entry;
IDaylightWeb bundle;
- String userName = SecurityContextHolder.getContext().getAuthentication().getName();
- IUserManager userManger = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
+ String username = request.getUserPrincipal().getName();
+ IUserManager userManger = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, this);
for (Object instance : instances) {
bundle = (IDaylightWeb) instance;
- if (userManger != null &&
- bundle.isAuthorized(userManger.getUserLevel(userName))) {
- entry = new HashMap<String, Object>();
- entry.put("name", bundle.getWebName());
- entry.put("order", bundle.getWebOrder());
- bundles.put(bundle.getWebId(), entry);
+ if (userManger != null
+ && bundle.isAuthorized(userManger.getUserLevel(username))) {
+ entry = new HashMap<String, Object>();
+ entry.put("name", bundle.getWebName());
+ entry.put("order", bundle.getWebOrder());
+ bundles.put(bundle.getWebId(), entry);
}
}
return bundles;
}
-
+
@RequestMapping(value = "save", method = RequestMethod.POST)
@ResponseBody
- public String save() {
- String username = SecurityContextHolder.getContext().getAuthentication().getName();
- IUserManager userManager = (IUserManager) ServiceHelper
+ public String save(HttpServletRequest request) {
+ String username = request.getUserPrincipal().getName();
+ IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
- if (userManager == null) return "User Manager is not available";
-
+ if (userManager == null) {
+ return "User Manager is not available";
+ }
+
UserLevel level = userManager.getUserLevel(username);
if (level == UserLevel.NETWORKOPERATOR) {
- return "Save not permitted for Operator";
+ return "Save not permitted for Operator";
+ }
+
+ Status status = new Status(StatusCode.UNAUTHORIZED,
+ "Operation not allowed for current user");
+ if (level == UserLevel.NETWORKADMIN || level == UserLevel.SYSTEMADMIN) {
+ IConfigurationService configService = (IConfigurationService) ServiceHelper
+ .getGlobalInstance(IConfigurationService.class, this);
+ if (configService != null) {
+ status = configService.saveConfigurations();
+ }
}
-
- Status status = new Status(StatusCode.UNAUTHORIZED,
- "Operation not allowed for current user");
- if (level == UserLevel.NETWORKADMIN || level == UserLevel.SYSTEMADMIN) {
- IConfigurationService configService = (IConfigurationService) ServiceHelper
- .getGlobalInstance(IConfigurationService.class, this);
- if (configService != null) {
- status = configService.saveConfigurations();
- }
- }
-
+
return status.getDescription();
}
-
+
+ @RequestMapping(value = "logout")
+ public String login(Map<String, Object> model,
+ final HttpServletRequest request) {
+
+ IUserManager userManager = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, this);
+ if (userManager == null) {
+ return "User Manager is not available";
+ }
+ String username = request.getUserPrincipal().getName();
+ HttpSession session = request.getSession(false);
+ if (session != null) {
+ if (username != null) {
+ userManager.userLogout(username);
+ }
+ session.invalidate();
+
+ }
+ return "redirect:" + "/";
+ }
+
@RequestMapping(value = "login")
- public String login(Map<String, Object> model, final HttpServletResponse response) {
- response.setHeader("X-Page-Location", "/login");
- return "login";
- }
+ public String login(Model model, final HttpServletRequest request,
+ final HttpServletResponse response) {
+ // response.setHeader("X-Page-Location", "/login");
+ IUserManager userManager = (IUserManager) ServiceHelper
+ .getGlobalInstance(IUserManager.class, this);
+ if (userManager == null) {
+ return "User Manager is not available";
+ }
+
+ String username = request.getUserPrincipal().getName();
+
+ model.addAttribute("username", username);
+ model.addAttribute("role", userManager.getUserLevel(username)
+ .toNumber());
+ return "forward:" + "/";
+ }
-}
\ No newline at end of file
+}
-
/*
* Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
*
import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.sal.utils.ServiceHelper;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.usermanager.internal.UserConfig;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@ResponseBody
public String saveLocalUserConfig(
@RequestParam(required = true) String json,
- @RequestParam(required = true) String action) {
+ @RequestParam(required = true) String action,
+ HttpServletRequest request) {
- IUserManager userManager = (IUserManager) ServiceHelper
+ IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
- return "Internal Error";
+ return "Internal Error";
}
-
- if (!authorize(userManager, UserLevel.NETWORKADMIN)) {
- return "Operation not permitted";
+
+ if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
+ return "Operation not permitted";
}
-
+
Gson gson = new Gson();
UserConfig config = gson.fromJson(json, UserConfig.class);
-
- Status result = (action.equals("add")) ?
- userManager.addLocalUser(config)
- : userManager.removeLocalUser(config);
+
+ Status result = (action.equals("add")) ? userManager
+ .addLocalUser(config) : userManager.removeLocalUser(config);
return result.getDescription();
}
-
+
@RequestMapping(value = "/users/{username}", method = RequestMethod.POST)
@ResponseBody
- public String removeLocalUser(@PathVariable("username") String userName) {
- if(SecurityContextHolder.getContext().getAuthentication()
- .getName().equals(userName)) {
- return "Invalid Request: User cannot delete itself";
- }
-
- IUserManager userManager = (IUserManager) ServiceHelper
+ public String removeLocalUser(@PathVariable("username") String userName,
+ HttpServletRequest request) {
+
+ String username = request.getUserPrincipal().getName();
+ if (username.equals(userName)) {
+ return "Invalid Request: User cannot delete itself";
+ }
+
+ IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
- return "Internal Error";
+ return "Internal Error";
}
-
- if (!authorize(userManager, UserLevel.NETWORKADMIN)) {
- return "Operation not permitted";
+
+ if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
+ return "Operation not permitted";
}
-
+
return userManager.removeLocalUser(userName).getDescription();
}
-
+
/**
* Is the operation permitted for the given level
*
* @param level
*/
- private boolean authorize(IUserManager userManager, UserLevel level) {
- String username = SecurityContextHolder.getContext().getAuthentication().getName();
+ private boolean authorize(IUserManager userManager, UserLevel level,
+ HttpServletRequest request) {
+ String username = request.getUserPrincipal().getName();
UserLevel userLevel = userManager.getUserLevel(username);
return userLevel.toNumber() <= level.toNumber();
}
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>OpenDaylight - Error</title>
+
+ <!-- Bootstrap CSS - 1 -->
+ <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+
+ <!-- Login CSS - 2 -->
+ <link rel="stylesheet/less" type="text/css" href="/css/login.less">
+
+ <!-- Bootstrap JS - 1 -->
+ <script src="/js/bootstrap.min.js"></script>
+
+ <!-- LESS - 2 -->
+ <script type="text/javascript">
+ less = {
+ env: "production"
+ };
+ </script>
+ <script src="/js/less-1.3.3.min.js"></script>
+</head>
+<body>
+ <form action="<c:url value='/' />" id="form" method="post">
+
+ <div class="container">
+ <div class="content">
+ <div class="login-form">
+ <div id="logo"></div>
+ <fieldset>
+ <p>Your session has timed out or there was an error.<p>
+ <p>Please go back to the login page and try again.</p>
+ <br/>
+ <button class="btn btn-primary" type="submit" value="Log In" >Go To Login Page</button>
+ </fieldset>
+ </div>
+ </div>
+ </div>
+ </form>
+</body>
+</html>
\ No newline at end of file
<script src="/js/less-1.3.3.min.js"></script>
</head>
<body>
- <form action="<c:url value='j_spring_security_check' />" id="form" method="post">
+ <form action="<c:url value='j_security_check' />" id="form" method="post">
<div class="container">
<div class="content">
</div>
</form>
</body>
-</html>
\ No newline at end of file
+</html>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
- <import resource="servlet/security.xml"/>
-
-</beans>
<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
- version="2.4">
+<!-- <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4"> -->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring/*.xml</param-value>
- </context-param>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>free access</web-resource-name>
+ <url-pattern>/js/*</url-pattern>
+ <url-pattern>/images/*</url-pattern>
+ <url-pattern>/css/*</url-pattern>
+ <url-pattern>/favicon.ico</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+
+ <security-constraint>
+ <display-name>RootApp</display-name>
+ <web-resource-collection>
+ <web-resource-name>RootGUI</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>System-Admin</role-name>
+ <role-name>Network-Admin</role-name>
+ <role-name>Network-Operator</role-name>
+ <role-name>Container-User</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>System-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Operator</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Container-User</role-name>
+ </security-role>
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+ <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
<servlet>
<servlet-name>RootGUI</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
<display-name>OpenDaylight Controller</display-name>
<description>OpenDaylight Controller</description>
<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
</listener>
+ <session-config>
+ <cookie-config>
+ <path>/</path>
+ </cookie-config>
+ </session-config>
+
</web-app>
$.ajaxSetup({
complete : function(xhr,textStatus) {
- var page = xhr.getResponseHeader('X-Page-Location');
- if(page == '/login') {
- location.href = '/login';
+ var mime = xhr.getResponseHeader('Content-Type');
+ if (mime.substring(0, 9) == 'text/html') {
+ location.href = '/';
}
}
});
org.springframework.web.servlet,
org.springframework.web.servlet.config,
org.springframework.web.servlet.view,
-
org.springframework.web.filter,
org.springframework.web.context,
- org.springframework.security.core,
- org.springframework.security.core.userdetails,
- org.springframework.security.core.authority,
- org.springframework.security.core.context,
- org.springframework.security.authentication,
- org.springframework.security.config,
- org.springframework.security.config.authentication,
- org.springframework.security.taglibs.authz,
- org.springframework.security.web,
- org.springframework.security.web.context,
- org.springframework.security.web.authentication,
- org.springframework.security.web.authentication.www,
- org.springframework.security.provisioning,
- org.springframework.security.web.util,
- org.springframework.security.web.authentication.rememberme,
- org.springframework.security.web.authentication.logout,
- org.springframework.dao
</Import-Package>
<Web-ContextPath>/controller/web/topology</Web-ContextPath>
</instructions>
import java.util.Map;
import java.util.Set;
+import javax.servlet.http.HttpServletRequest;
+
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.sal.core.Bandwidth;
import org.opendaylight.controller.sal.core.Edge;
import org.opendaylight.controller.switchmanager.SwitchConfig;
import org.opendaylight.controller.topologymanager.ITopologyManager;
import org.opendaylight.controller.usermanager.IUserManager;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@RequestMapping(value = "/node/{nodeId}", method = RequestMethod.POST)
@ResponseBody
public Map<String, Object> post(@PathVariable String nodeId, @RequestParam(required = true) String x,
- @RequestParam(required = true) String y) {
- if (!authorize(UserLevel.NETWORKADMIN)) {
+ @RequestParam(required = true) String y, HttpServletRequest request) {
+ if (!authorize(UserLevel.NETWORKADMIN, request)) {
return new HashMap<String, Object>(); // silently disregard new node position
}
public static final String HOST = "host";
}
- private boolean authorize(UserLevel level) {
+ private boolean authorize(UserLevel level, HttpServletRequest request) {
IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
return false;
}
- String username = SecurityContextHolder.getContext().getAuthentication().getName();
+ String username = request.getUserPrincipal().getName();
UserLevel userLevel = userManager.getUserLevel(username);
if (userLevel.toNumber() <= level.toNumber()) {
return true;
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
- <import resource="servlet/security.xml"/>
-
-</beans>
+++ /dev/null
-<beans:beans xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
- <http pattern="/css/**" security="none" />
- <http pattern="/js/**" security="none" />
- <http pattern="/images/**" security="none" />
- <http pattern="/favicon.ico" security="none" />
- <http pattern="/controller/web/css/**" security="none" />
- <http pattern="/controller/web/js/**" security="none" />
- <http pattern="/controller/web/images/**" security="none" />
-
-
- <http auto-config="false" authentication-manager-ref="authenticationManager"
- security-context-repository-ref="securityContextRepo" entry-point-ref="loginUrlAuthenticationEntryPoint">
- <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
- <intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-
- <intercept-url pattern="/**"
- access="ROLE_SYSTEM-ADMIN, ROLE_NETWORK-ADMIN, ROLE_NETWORK-OPERATOR, ROLE_CONTAINER-USER, ROLE_APP-USER" />
- <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
- <custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
- <custom-filter position="LAST" ref="controllerFilter" />
- <remember-me services-ref="rememberMeServices" key="SDN" />
- </http>
-
- <beans:bean id="controllerFilter"
- class="org.opendaylight.controller.web.ControllerCustomFilter" />
-
- <authentication-manager id="authenticationManager">
- <authentication-provider ref="authenticationProviderWrapper" />
- </authentication-manager>
-
- <beans:bean id="authenticationFilter"
- class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
- <beans:property name="authenticationManager" ref="authenticationManager" />
- <beans:property name="authenticationFailureHandler"
- ref="authenticationFailureHandler" />
- <beans:property name="authenticationSuccessHandler">
- <beans:bean
- class="org.opendaylight.controller.web.ControllerAuthenticationSuccessHandler">
- <beans:property name="targetUrlParameter" value="x-page-url" />
- <beans:property name="defaultTargetUrl" value="/" />
- </beans:bean>
- </beans:property>
- <beans:property name="rememberMeServices" ref="rememberMeServices" />
- </beans:bean>
-
- <beans:bean id="securityContextRepo"
- class="org.opendaylight.controller.web.ControllerWebSecurityContextRepository" />
-
- <beans:bean id="authenticationFailureHandler"
- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <beans:property name="useForward" value="false" />
- <beans:property name="defaultFailureUrl" value="/login" />
- </beans:bean>
-
- <beans:bean id="loginUrlAuthenticationEntryPoint"
- class="org.opendaylight.controller.web.ControllerLoginUrlAuthEntryPoint">
- <beans:property name="loginFormUrl" value="/login" />
- </beans:bean>
-
- <beans:bean id="authenticationProviderWrapper"
- class="org.opendaylight.controller.web.AuthenticationProviderWrapper" />
-
- <!-- logout related -->
-
- <beans:bean id="logoutHandler"
- class="org.opendaylight.controller.web.ControllerLogoutHandler" />
-
- <beans:bean id="securityContextLogoutHandler"
- class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
-
-
- <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
- <!-- if logout succeed then this is the URL -->
- <beans:constructor-arg value="/login" />
- <beans:constructor-arg>
- <beans:list>
- <beans:ref bean="logoutHandler"/>
- <beans:ref bean="rememberMeServices"/>
- <beans:ref bean="securityContextLogoutHandler"/>
- </beans:list>
- </beans:constructor-arg>
- <beans:property name="filterProcessesUrl" value="/logout" />
- </beans:bean>
-
-
-
-
- <!-- remember me related -->
- <beans:bean id="rememberMeFilter"
- class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
- <beans:property name="rememberMeServices" ref="rememberMeServices" />
- <beans:property name="authenticationManager" ref="authenticationManager" />
- </beans:bean>
-
- <beans:bean id="rememberMeServices"
- class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
- <beans:property name="userDetailsService" ref="userDetailsServiceRef" />
- <beans:property name="key" value="SDN" />
- <beans:property name="alwaysRemember" value="true"></beans:property>
- <beans:property name="tokenValiditySeconds" value="3600" />
- <beans:property name="cookieName" value="SDN-Controller" />
- </beans:bean>
-
- <beans:bean id="userDetailsServiceRef" class="org.opendaylight.controller.web.ControllerUserDetailsService" />
-
-
- <beans:bean id="rememberMeAuthenticationProvider"
- class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
- <beans:property name="key" value="SDN" />
- </beans:bean>
-
-</beans:beans>
<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
- version="2.4">
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>free access</web-resource-name>
+ <url-pattern>/js/*</url-pattern>
+ <url-pattern>/images/*</url-pattern>
+ <url-pattern>/css/*</url-pattern>
+ <url-pattern>/favicon.ico</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring/*.xml</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
+ <security-constraint>
+ <display-name>TopologyApp</display-name>
+ <web-resource-collection>
+ <web-resource-name>TopoGUI</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>System-Admin</role-name>
+ <role-name>Network-Admin</role-name>
+ <role-name>Network-Operator</role-name>
+ <role-name>Container-User</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-role>
+ <role-name>System-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Operator</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Container-User</role-name>
+ </security-role>
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+ <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
<servlet>
<servlet-name>Topology</servlet-name>
<load-on-startup>1</load-on-startup>
</servlet>
+
+
<servlet-mapping>
<servlet-name>Topology</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
<listener>
<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
</listener>
+ <session-config>
+ <cookie-config>
+ <path>/</path>
+ </cookie-config>
+ </session-config>
+
+
</web-app>
org.springframework.web.servlet,
org.springframework.web.servlet.config,
org.springframework.web.servlet.view,
-
org.springframework.web.filter,
- org.springframework.web.context,
- org.springframework.security.core,
- org.springframework.security.core.userdetails,
- org.springframework.security.core.authority,
- org.springframework.security.core.context,
- org.springframework.security.authentication,
- org.springframework.security.config,
- org.springframework.security.config.authentication,
- org.springframework.security.taglibs.authz,
- org.springframework.security.web,
- org.springframework.security.web.context,
- org.springframework.security.web.authentication,
- org.springframework.security.web.authentication.www,
- org.springframework.security.provisioning,
- org.springframework.security.web.util,
- org.springframework.security.web.authentication.rememberme,
- org.springframework.security.web.authentication.logout,
- org.springframework.dao
+ org.springframework.web.context
</Import-Package>
<Web-ContextPath>/controller/web/troubleshoot</Web-ContextPath>
</instructions>
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
--- /dev/null
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
- <import resource="servlet/security.xml"/>
-
-</beans>
+++ /dev/null
-<beans:beans xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
- <http pattern="/css/**" security="none" />
- <http pattern="/js/**" security="none" />
- <http pattern="/images/**" security="none" />
- <http pattern="/favicon.ico" security="none" />
- <http pattern="/controller/web/css/**" security="none" />
- <http pattern="/controller/web/js/**" security="none" />
- <http pattern="/controller/web/images/**" security="none" />
-
-
- <http auto-config="false" authentication-manager-ref="authenticationManager"
- security-context-repository-ref="securityContextRepo" entry-point-ref="loginUrlAuthenticationEntryPoint">
- <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
- <intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-
- <intercept-url pattern="/**"
- access="ROLE_SYSTEM-ADMIN, ROLE_NETWORK-ADMIN, ROLE_NETWORK-OPERATOR, ROLE_CONTAINER-USER" />
- <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
- <custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
- <custom-filter position="LAST" ref="controllerFilter" />
- <remember-me services-ref="rememberMeServices" key="SDN" />
- </http>
-
- <beans:bean id="controllerFilter"
- class="org.opendaylight.controller.web.ControllerCustomFilter" />
-
- <authentication-manager id="authenticationManager">
- <authentication-provider ref="authenticationProviderWrapper" />
- </authentication-manager>
-
- <beans:bean id="authenticationFilter"
- class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
- <beans:property name="authenticationManager" ref="authenticationManager" />
- <beans:property name="authenticationFailureHandler"
- ref="authenticationFailureHandler" />
- <beans:property name="authenticationSuccessHandler">
- <beans:bean
- class="org.opendaylight.controller.web.ControllerAuthenticationSuccessHandler">
- <beans:property name="targetUrlParameter" value="x-page-url" />
- <beans:property name="defaultTargetUrl" value="/" />
- </beans:bean>
- </beans:property>
- <beans:property name="rememberMeServices" ref="rememberMeServices" />
- </beans:bean>
-
- <beans:bean id="securityContextRepo"
- class="org.opendaylight.controller.web.ControllerWebSecurityContextRepository" />
-
- <beans:bean id="authenticationFailureHandler"
- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <beans:property name="useForward" value="false" />
- <beans:property name="defaultFailureUrl" value="/login" />
- </beans:bean>
-
- <beans:bean id="loginUrlAuthenticationEntryPoint"
- class="org.opendaylight.controller.web.ControllerLoginUrlAuthEntryPoint">
- <beans:property name="loginFormUrl" value="/login" />
- </beans:bean>
-
- <beans:bean id="authenticationProviderWrapper"
- class="org.opendaylight.controller.web.AuthenticationProviderWrapper" />
-
- <!-- logout related -->
-
- <beans:bean id="logoutHandler"
- class="org.opendaylight.controller.web.ControllerLogoutHandler" />
-
- <beans:bean id="securityContextLogoutHandler"
- class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
-
-
- <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
- <!-- if logout succeed then this is the URL -->
- <beans:constructor-arg value="/login" />
- <beans:constructor-arg>
- <beans:list>
- <beans:ref bean="logoutHandler"/>
- <beans:ref bean="rememberMeServices"/>
- <beans:ref bean="securityContextLogoutHandler"/>
- </beans:list>
- </beans:constructor-arg>
- <beans:property name="filterProcessesUrl" value="/logout" />
- </beans:bean>
-
-
-
-
- <!-- remember me related -->
- <beans:bean id="rememberMeFilter"
- class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
- <beans:property name="rememberMeServices" ref="rememberMeServices" />
- <beans:property name="authenticationManager" ref="authenticationManager" />
- </beans:bean>
-
- <beans:bean id="rememberMeServices"
- class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
- <beans:property name="userDetailsService" ref="userDetailsServiceRef" />
- <beans:property name="key" value="SDN" />
- <beans:property name="alwaysRemember" value="true"></beans:property>
- <beans:property name="tokenValiditySeconds" value="3600" />
- <beans:property name="cookieName" value="SDN-Controller" />
- </beans:bean>
-
- <beans:bean id="userDetailsServiceRef" class="org.opendaylight.controller.web.ControllerUserDetailsService" />
-
-
- <beans:bean id="rememberMeAuthenticationProvider"
- class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
- <beans:property name="key" value="SDN" />
- </beans:bean>
-
-</beans:beans>
<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
- version="2.4">
-
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring/*.xml</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
-
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
<servlet>
<servlet-name>Troubleshoot</servlet-name>
</servlet-mapping>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>free access</web-resource-name>
+ <url-pattern>/js/*</url-pattern>
+ <url-pattern>/images/*</url-pattern>
+ <url-pattern>/css/*</url-pattern>
+ <url-pattern>/favicon.ico</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+
+ <security-constraint>
+ <display-name>TroubleShootApp</display-name>
+ <web-resource-collection>
+ <web-resource-name>TroubleShootGUI</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>System-Admin</role-name>
+ <role-name>Network-Admin</role-name>
+ <role-name>Network-Operator</role-name>
+ <role-name>Container-User</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>System-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Network-Operator</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Container-User</role-name>
+ </security-role>
+
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+ <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+
<listener>
<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
</listener>
+
+ <session-config>
+ <cookie-config>
+ <path>/</path>
+ </cookie-config>
+ </session-config>
+
+
+
</web-app>
Code Review / controller.git / commitdiff