Bug 2942: odl-mdsal-apidocs feature is not protected through AAA 09/17709/2
authorRyan Goulding <ryandgoulding@gmail.com>
Fri, 3 Apr 2015 14:44:59 +0000 (10:44 -0400)
committerRyan Goulding <ryandgoulding@gmail.com>
Sat, 4 Apr 2015 10:25:07 +0000 (06:25 -0400)
This change enforces AAA on the URL endpoints supported by odl-mdsal-apidocs.
The security model prohibits any access to the controller without
authentication.  This change mandates AAA for odl-mdsal-apidocs URLs.

Change-Id: I74226e702568077d769353d5fe49fe21cd187266
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
opendaylight/md-sal/sal-rest-docgen/src/main/resources/WEB-INF/web.xml

index d777942..0e660ea 100644 (file)
             <param-name>javax.ws.rs.Application</param-name>
             <param-value>org.opendaylight.controller.sal.rest.doc.jaxrs.ApiDocApplication</param-value>
         </init-param>
+        <!-- AAA Auth Filter -->
+        <init-param>
+            <param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
+            <param-value> org.opendaylight.aaa.sts.TokenAuthFilter</param-value>
+        </init-param>
         <load-on-startup>1</load-on-startup>
     </servlet>
 
 
     <security-constraint>
       <web-resource-collection>
-        <web-resource-name>free access</web-resource-name>
-        <url-pattern>/explorer/css/*</url-pattern>
-        <url-pattern>/explorer/images/*</url-pattern>
-        <url-pattern>/explorer/lib/*</url-pattern>
-        <url-pattern>/explorer/*</url-pattern>
+        <web-resource-name>API Doc</web-resource-name>
+        <url-pattern>/*</url-pattern>
       </web-resource-collection>
     </security-constraint>
 

©2013 OpenDaylight, A Linux Foundation Collaborative Project. All Rights Reserved.
OpenDaylight is a registered trademark of The OpenDaylight Project, Inc.
Linux Foundation and OpenDaylight are registered trademarks of the Linux Foundation.
Linux is a registered trademark of Linus Torvalds.