From: dibhatia Date: Thu, 18 Apr 2013 19:55:33 +0000 (-0700) Subject: - Added the username/password criteria in usermanager X-Git-Tag: releasepom-0.1.0~557^2 X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=commitdiff_plain;h=02a8da716c26a23011cfb230e05a6a7616bdd7d5 - Added the username/password criteria in usermanager - Relaxed the criteria for nodename/gateway name in devices Change-Id: Id476f2d99e7dbaf285df761ff7e756d3d592cce3 Signed-off-by: dibhatia --- diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/AuthorizationConfig.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/AuthorizationConfig.java index 3eafe2b75b..2474eec6d9 100644 --- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/AuthorizationConfig.java +++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/AuthorizationConfig.java @@ -8,36 +8,36 @@ package org.opendaylight.controller.usermanager.internal; +import org.opendaylight.controller.sal.utils.Status; /** * Configuration Java Object which represents a Local configured Authorization * for a remote authenticated user for User Manager. */ public class AuthorizationConfig extends UserConfig { - private static final long serialVersionUID = 1L; - - public AuthorizationConfig() { - super(); - } - - // Constructor may be needed for autocontainer logic - public AuthorizationConfig(String user, String role) { - super(); - this.user = user; - this.role = role; - } - - @Override - public boolean isValid() { - return (user != null && !user.isEmpty() && role != null && !role - .isEmpty()); - } - - public String getRolesData() { - return (role.replace(",", " ")); - } - - public String toString() { - return "AuthorizationConfig=[user: " + user + ", role: " + role + "]"; - } + private static final long serialVersionUID = 1L; + + public AuthorizationConfig() { + super(); + } + + // Constructor may be needed for autocontainer logic + public AuthorizationConfig(String user, String role) { + super(); + this.user = user; + this.role = role; + } + + @Override + public Status validate() { + return (!isRoleValid().isSuccess() ? isRoleValid() : isUsernameValid()); + } + + public String getRolesData() { + return (role.replace(",", " ")); + } + + public String toString() { + return "AuthorizationConfig=[user: " + user + ", role: " + role + "]"; + } } diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserConfig.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserConfig.java index 884ab8708c..cedae6c918 100644 --- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserConfig.java +++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserConfig.java @@ -9,47 +9,56 @@ package org.opendaylight.controller.usermanager.internal; import java.io.Serializable; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import org.apache.commons.lang3.builder.EqualsBuilder; import org.apache.commons.lang3.builder.HashCodeBuilder; import org.opendaylight.controller.sal.authorization.AuthResultEnum; +import org.opendaylight.controller.sal.utils.Status; +import org.opendaylight.controller.sal.utils.StatusCode; import org.opendaylight.controller.usermanager.AuthResponse; /** - * Configuration Java Object which represents a Local AAA user - * configuration information for User Manager. + * Configuration Java Object which represents a Local AAA user configuration + * information for User Manager. */ public class UserConfig implements Serializable { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 1L; - /* - * Clear text password as we are moving to some MD5 digest - * for when saving configurations - */ - protected String user; - protected String role; - private String password; + /* + * Clear text password as we are moving to some MD5 digest for when saving + * configurations + */ + protected String user; + protected String role; + private String password; + private static final int USERNAME_MAXLENGTH = 32; + private static final int PASSWORD_MINLENGTH = 5; + private static final int PASSWORD_MAXLENGTH = 256; + private static final Pattern INVALID_USERNAME_CHARACTERS = Pattern + .compile("([/\\s\\.\\?#%;\\\\]+)"); - public UserConfig() { - } + public UserConfig() { + } - public UserConfig(String user, String password, String role) { - this.user = user; - this.password = password; - this.role = role; - } + public UserConfig(String user, String password, String role) { + this.user = user; + this.password = password; + this.role = role; + } - public String getUser() { - return user; - } + public String getUser() { + return user; + } - public String getPassword() { - return password; - } + public String getPassword() { + return password; + } - public String getRole() { - return role; - } + public String getRole() { + return role; + } @Override public int hashCode() { @@ -60,41 +69,86 @@ public class UserConfig implements Serializable { public boolean equals(Object obj) { return EqualsBuilder.reflectionEquals(this, obj); } - + @Override public String toString() { - return "UserConfig[user="+ user + ", password=" + password + "]"; + return "UserConfig[user=" + user + ", password=" + password + "]"; + } + + public Status validate() { + Status validCheck = new Status(StatusCode.SUCCESS, null); + validCheck = isRoleValid(); + + if (validCheck.isSuccess()) + validCheck = isUsernameValid(); + if (validCheck.isSuccess()) + validCheck = isPasswordValid(); + + return validCheck; + } + + protected Status isUsernameValid() { + if (user == null || user.isEmpty()) { + return new Status(StatusCode.BADREQUEST, "Username cannot be empty"); + } + + Matcher mUser = UserConfig.INVALID_USERNAME_CHARACTERS.matcher(user); + if (user.length() > UserConfig.USERNAME_MAXLENGTH + || mUser.find() == true) { + return new Status(StatusCode.BADREQUEST, + "Username can have 1-32 non-whitespace " + + "alphanumeric characters and any special " + + "characters except ./#%;?\\"); + } + + return new Status(StatusCode.SUCCESS, null); + } + + private Status isPasswordValid() { + if (password == null || password.isEmpty()) { + return new Status(StatusCode.BADREQUEST, "Password cannot be empty"); + } + + if (password.length() < UserConfig.PASSWORD_MINLENGTH + || password.length() > UserConfig.PASSWORD_MAXLENGTH) { + return new Status(StatusCode.BADREQUEST, + "Password should have 5-256 characters"); + } + return new Status(StatusCode.SUCCESS, null); } - public boolean isValid() { - return (user != null && !user.isEmpty() && role != null - && !role.isEmpty() && password != null && !password.isEmpty()); - } - - public boolean update(String currentPassword, String newPassword, - String newRole) { - // To make any changes to a user configured profile, current password - // must always be provided - if (!this.password.equals(currentPassword)) { - return false; - } - if (newPassword != null) { - this.password = newPassword; - } - if (newRole != null) { - this.role = newRole; - } - return true; - } - - public AuthResponse authenticate(String clearTextPass) { - AuthResponse locResponse = new AuthResponse(); - if (password.equals(clearTextPass)) { - locResponse.setStatus(AuthResultEnum.AUTH_ACCEPT_LOC); - locResponse.addData(role.replace(",", " ")); - } else { - locResponse.setStatus(AuthResultEnum.AUTH_REJECT_LOC); - } - return locResponse; - } + protected Status isRoleValid() { + if (role == null || role.isEmpty()) { + return new Status(StatusCode.BADREQUEST, + "Role name cannot be empty"); + } + return new Status(StatusCode.SUCCESS, null); + } + + public boolean update(String currentPassword, String newPassword, + String newRole) { + // To make any changes to a user configured profile, current password + // must always be provided + if (!this.password.equals(currentPassword)) { + return false; + } + if (newPassword != null) { + this.password = newPassword; + } + if (newRole != null) { + this.role = newRole; + } + return true; + } + + public AuthResponse authenticate(String clearTextPass) { + AuthResponse locResponse = new AuthResponse(); + if (password.equals(clearTextPass)) { + locResponse.setStatus(AuthResultEnum.AUTH_ACCEPT_LOC); + locResponse.addData(role.replace(",", " ")); + } else { + locResponse.setStatus(AuthResultEnum.AUTH_REJECT_LOC); + } + return locResponse; + } } diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java index 3e57ed846c..1b9c749163 100644 --- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java +++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java @@ -82,7 +82,13 @@ public class UserManagerImpl implements IUserManager, IObjectReader, private static final String authFileName = ROOT + "authorization.conf"; private ConcurrentMap localUserConfigList; private ConcurrentMap remoteServerConfigList; - private ConcurrentMap authorizationConfList; // local authorization info for remotely authenticated users + private ConcurrentMap authorizationConfList; // local + // authorization + // info + // for + // remotely + // authenticated + // users private ConcurrentMap activeUsers; private ConcurrentMap authProviders; private ConcurrentMap localUserListSaveConfigEvent, @@ -94,8 +100,7 @@ public class UserManagerImpl implements IUserManager, IObjectReader, private ISessionManager sessionMgr = new SessionManager(); public boolean addAAAProvider(IAAAProvider provider) { - if (provider == null - || provider.getName() == null + if (provider == null || provider.getName() == null || provider.getName().trim().isEmpty()) { return false; } @@ -124,8 +129,7 @@ public class UserManagerImpl implements IUserManager, IObjectReader, this.applicationAuthorizationClients = Collections .synchronizedSet(new HashSet()); if (clusterGlobalService == null) { - logger - .error("un-initialized clusterGlobalService, can't create cache"); + logger.error("un-initialized clusterGlobalService, can't create cache"); return; } @@ -134,36 +138,35 @@ public class UserManagerImpl implements IUserManager, IObjectReader, EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); clusterGlobalService.createCache( - "usermanager.remoteServerConfigList", EnumSet - .of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); + "usermanager.remoteServerConfigList", + EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); clusterGlobalService.createCache( - "usermanager.authorizationConfList", EnumSet - .of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); + "usermanager.authorizationConfList", + EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); - clusterGlobalService.createCache("usermanager.activeUsers", EnumSet - .of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); + clusterGlobalService.createCache("usermanager.activeUsers", + EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); clusterGlobalService.createCache( - "usermanager.localUserSaveConfigEvent", EnumSet - .of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); + "usermanager.localUserSaveConfigEvent", + EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); clusterGlobalService.createCache( - "usermanager.remoteServerSaveConfigEvent", EnumSet - .of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); + "usermanager.remoteServerSaveConfigEvent", + EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); clusterGlobalService.createCache( - "usermanager.authorizationSaveConfigEvent", EnumSet - .of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); + "usermanager.authorizationSaveConfigEvent", + EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); } catch (CacheConfigException cce) { logger.error("\nCache configuration invalid - check cache mode"); } catch (CacheExistException ce) { - logger - .error("\nCache already exits - destroy and recreate if needed"); + logger.error("\nCache already exits - destroy and recreate if needed"); } } - @SuppressWarnings( { "unchecked", "deprecation" }) + @SuppressWarnings({ "unchecked", "deprecation" }) private void retrieveCaches() { if (clusterGlobalService == null) { logger.error("un-initialized clusterService, can't retrieve cache"); @@ -203,25 +206,23 @@ public class UserManagerImpl implements IUserManager, IObjectReader, remoteServerSaveConfigEvent = (ConcurrentMap) clusterGlobalService .getCache("usermanager.remoteServerSaveConfigEvent"); if (remoteServerSaveConfigEvent == null) { - logger - .error("\nFailed to get cache for remoteServerSaveConfigEvent"); + logger.error("\nFailed to get cache for remoteServerSaveConfigEvent"); } authorizationSaveConfigEvent = (ConcurrentMap) clusterGlobalService .getCache("usermanager.authorizationSaveConfigEvent"); if (authorizationSaveConfigEvent == null) { - logger - .error("\nFailed to get cache for authorizationSaveConfigEvent"); + logger.error("\nFailed to get cache for authorizationSaveConfigEvent"); } } private void loadConfigurations() { - // To encode and decode user and server configuration objects - loadSecurityKeys(); - + // To encode and decode user and server configuration objects + loadSecurityKeys(); + /* - * Do not load local startup file if we already got the - * configurations synced from another cluster node + * Do not load local startup file if we already got the configurations + * synced from another cluster node */ if (localUserConfigList.isEmpty()) { loadUserConfig(); @@ -235,17 +236,15 @@ public class UserManagerImpl implements IUserManager, IObjectReader, } private void loadSecurityKeys() { - - } - private void checkDefaultNetworkAdmin() { - // If startup config is not there, it's old or it was deleted, - // need to add Default Admin + } + + private void checkDefaultNetworkAdmin() { + // If startup config is not there, it's old or it was deleted, + // need to add Default Admin if (!localUserConfigList.containsKey(defaultAdmin)) { - localUserConfigList.put(defaultAdmin, - new UserConfig(defaultAdmin, - defaultAdminPassword, - defaultAdminRole)); + localUserConfigList.put(defaultAdmin, new UserConfig(defaultAdmin, + defaultAdminPassword, defaultAdminRole)); } } @@ -269,10 +268,9 @@ public class UserManagerImpl implements IUserManager, IObjectReader, rcResponse = aaaClient.authService(userName, password, aaaServer.getAddress(), aaaServer.getSecret()); if (rcResponse.getStatus() == AuthResultEnum.AUTH_ACCEPT) { - logger - .info( - "Remote Authentication Succeeded for User: \"{}\", by Server: {}", - userName, aaaServer.getAddress()); + logger.info( + "Remote Authentication Succeeded for User: \"{}\", by Server: {}", + userName, aaaServer.getAddress()); remotelyAuthenticated = true; break; } else if (rcResponse.getStatus() == AuthResultEnum.AUTH_REJECT) { @@ -299,9 +297,10 @@ public class UserManagerImpl implements IUserManager, IObjectReader, } rcResponse = localUser.authenticate(password); if (rcResponse.getStatus() != AuthResultEnum.AUTH_ACCEPT_LOC) { - logger.info("Local Authentication Failed for User: \"{}\", Reason: {}", - userName, rcResponse.getStatus().toString()); - + logger.info( + "Local Authentication Failed for User: \"{}\", Reason: {}", + userName, rcResponse.getStatus().toString()); + return (rcResponse.getStatus()); } logger.info("Local Authentication Succeeded for User: \"{}\"", @@ -314,8 +313,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader, result = new AuthenticatedUser(userName); /* - * Extract attributes from response - * All the information we are interested in is in the first Cisco VSA (vendor specific attribute). + * Extract attributes from response All the information we are + * interested in is in the first Cisco VSA (vendor specific attribute). * Just process the first VSA and return */ String attributes = (rcResponse.getData() != null && !rcResponse @@ -327,15 +326,14 @@ public class UserManagerImpl implements IUserManager, IObjectReader, authorizationInfoIsPresent = checkAuthorizationInfo(attributes); /* - * The AAA server was only used to perform the authentication - * Look for locally stored authorization info for this user - * If found, add the data to the rcResponse + * The AAA server was only used to perform the authentication Look for + * locally stored authorization info for this user If found, add the + * data to the rcResponse */ if (remotelyAuthenticated && !authorizationInfoIsPresent) { - logger - .info( - "No Remote Authorization Info provided by Server for User: \"{}\"", - userName); + logger.info( + "No Remote Authorization Info provided by Server for User: \"{}\"", + userName); logger.info( "Looking for Local Authorization Info for User: \"{}\"", userName); @@ -351,11 +349,11 @@ public class UserManagerImpl implements IUserManager, IObjectReader, } /* - * Common response parsing for local & remote authenticated user - * Looking for authorized resources, detecting attributes' validity + * Common response parsing for local & remote authenticated user Looking + * for authorized resources, detecting attributes' validity */ if (authorizationInfoIsPresent) { - // Identifying the administrative role + // Identifying the administrative role adminRoles = attributes.split(" "); result.setRoleList(adminRoles); authorized = true; @@ -378,7 +376,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader, return rcResponse.getStatus(); } - // Check in the attributes string whether or not authorization information is present + // Check in the attributes string whether or not authorization information + // is present private boolean checkAuthorizationInfo(String attributes) { return (attributes != null && !attributes.isEmpty()); } @@ -389,7 +388,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader, private void removeUserFromActiveList(String user) { if (!activeUsers.containsKey(user)) { - // as cookie persists in cache, we can get logout for unexisting active users + // as cookie persists in cache, we can get logout for unexisting + // active users return; } activeUsers.remove(user); @@ -435,7 +435,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader, @Override public Object readObject(ObjectInputStream ois) throws FileNotFoundException, IOException, ClassNotFoundException { - // Perform the class deserialization locally, from inside the package where the class is defined + // Perform the class deserialization locally, from inside the package + // where the class is defined return ois.readObject(); } @@ -488,29 +489,28 @@ public class UserManagerImpl implements IUserManager, IObjectReader, * Interaction with GUI START */ public Status addRemoveLocalUser(UserConfig AAAconf, boolean delete) { - // Validation check - if (!AAAconf.isValid()) { - String msg = "Invalid Local User configuration"; - logger.warn(msg); - return new Status(StatusCode.BADREQUEST, msg); + // UserConfig Validation check + Status validCheck = AAAconf.validate(); + if (!validCheck.isSuccess()) { + return validCheck; } // Update Config database if (delete) { - if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) { - String msg = "Invalid Request: Default Network Admin User " + - "cannot be deleted"; - logger.debug(msg); - return new Status(StatusCode.NOTALLOWED, msg); - } + if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) { + String msg = "Invalid Request: Default Network Admin User " + + "cannot be deleted"; + logger.debug(msg); + return new Status(StatusCode.NOTALLOWED, msg); + } localUserConfigList.remove(AAAconf.getUser()); } else { - if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) { - String msg = "Invalid Request: Default Network Admin User " + - "cannot be added"; - logger.debug(msg); - return new Status(StatusCode.NOTALLOWED, msg); - } + if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) { + String msg = "Invalid Request: Default Network Admin User " + + "cannot be added"; + logger.debug(msg); + return new Status(StatusCode.NOTALLOWED, msg); + } localUserConfigList.put(AAAconf.getUser(), AAAconf); } @@ -520,7 +520,7 @@ public class UserManagerImpl implements IUserManager, IObjectReader, private Status addRemoveAAAServer(ServerConfig AAAconf, boolean delete) { // Validation check if (!AAAconf.isValid()) { - String msg = "Invalid Server configuration"; + String msg = "Invalid Server configuration"; logger.warn(msg); return new Status(StatusCode.BADREQUEST, msg); } @@ -535,10 +535,11 @@ public class UserManagerImpl implements IUserManager, IObjectReader, return new Status(StatusCode.SUCCESS, null); } - private Status addRemoveAuthInfo(AuthorizationConfig AAAconf, - boolean delete) { - if (!AAAconf.isValid()) { - String msg = "Invalid Authorization configuration"; + private Status addRemoveAuthInfo(AuthorizationConfig AAAconf, boolean delete) { + Status configCheck = AAAconf.validate(); + if (!configCheck.isSuccess()) { + String msg = "Invalid Authorization configuration: " + + configCheck.getDescription(); logger.warn(msg); return new Status(StatusCode.BADREQUEST, msg); } @@ -565,14 +566,15 @@ public class UserManagerImpl implements IUserManager, IObjectReader, @Override public Status removeLocalUser(String userName) { - if (userName == null || userName.trim().isEmpty()) { - return new Status(StatusCode.BADREQUEST, "Invalid user name"); - } - if (!localUserConfigList.containsKey(userName)) { - return new Status(StatusCode.NOTFOUND, "User does not exist"); - } + if (userName == null || userName.trim().isEmpty()) { + return new Status(StatusCode.BADREQUEST, "Invalid user name"); + } + if (!localUserConfigList.containsKey(userName)) { + return new Status(StatusCode.NOTFOUND, "User does not exist"); + } return addRemoveLocalUser(localUserConfigList.get(userName), true); } + @Override public Status addAAAServer(ServerConfig AAAconf) { return addRemoveAAAServer(AAAconf, false); @@ -605,8 +607,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader, @Override public List getAuthorizationList() { - return new ArrayList(authorizationConfList - .values()); + return new ArrayList( + authorizationConfList.values()); } @Override @@ -617,12 +619,14 @@ public class UserManagerImpl implements IUserManager, IObjectReader, // update configuration entry targetConfigEntry = localUserConfigList.get(user); if (targetConfigEntry == null) { - return new Status(StatusCode.NOTFOUND, "User not found"); + return new Status(StatusCode.NOTFOUND, "User not found"); } if (false == targetConfigEntry.update(curPassword, newPassword, null)) { - return new Status(StatusCode.BADREQUEST, "Current password is incorrect"); + return new Status(StatusCode.BADREQUEST, + "Current password is incorrect"); } - localUserConfigList.put(user, targetConfigEntry); // trigger cluster update + localUserConfigList.put(user, targetConfigEntry); // trigger cluster + // update logger.info("Password changed for User \"{}\"", user); @@ -631,7 +635,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader, @Override public void userLogout(String userName) { - // TODO: if user was authenticated through AAA server, send Acct-Status-Type=stop message to server with logout as reason + // TODO: if user was authenticated through AAA server, send + // Acct-Status-Type=stop message to server with logout as reason removeUserFromActiveList(userName); logger.info("User \"{}\" logged out", userName); } @@ -641,7 +646,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader, */ @Override public void userTimedOut(String userName) { - // TODO: if user was authenticated through AAA server, send Acct-Status-Type=stop message to server with timeout as reason + // TODO: if user was authenticated through AAA server, send + // Acct-Status-Type=stop message to server with timeout as reason removeUserFromActiveList(userName); logger.info("User \"{}\" timed out", userName); } @@ -726,34 +732,34 @@ public class UserManagerImpl implements IUserManager, IObjectReader, ci.println(conf.getUser() + " " + conf.getRole()); } } - - public void _addAAAServer (CommandInterpreter ci) { + + public void _addAAAServer(CommandInterpreter ci) { String server = ci.nextArgument(); String secret = ci.nextArgument(); String protocol = ci.nextArgument(); - + if (server == null || secret == null || protocol == null) { - ci.println("Usage : addAAAServer "); - return; + ci.println("Usage : addAAAServer "); + return; } ServerConfig s = new ServerConfig(server, secret, protocol); addAAAServer(s); } - - public void _removeAAAServer (CommandInterpreter ci) { + + public void _removeAAAServer(CommandInterpreter ci) { String server = ci.nextArgument(); String secret = ci.nextArgument(); String protocol = ci.nextArgument(); - + if (server == null || secret == null || protocol == null) { - ci.println("Usage : addAAAServer "); - return; + ci.println("Usage : addAAAServer "); + return; } ServerConfig s = new ServerConfig(server, secret, protocol); removeAAAServer(s); } - public void _printAAAServers (CommandInterpreter ci) { + public void _printAAAServers(CommandInterpreter ci) { for (ServerConfig aaaServer : remoteServerConfigList.values()) { String protocol = aaaServer.getProtocol(); ci.println(aaaServer.getAddress() + "-" + aaaServer.getProtocol()); @@ -799,25 +805,24 @@ public class UserManagerImpl implements IUserManager, IObjectReader, /** * Function called by the dependency manager when all the required * dependencies are satisfied - * + * */ void init() { } /** - * Function called by the dependency manager when at least one - * dependency become unsatisfied or when the component is shutting - * down because for example bundle is being stopped. - * + * Function called by the dependency manager when at least one dependency + * become unsatisfied or when the component is shutting down because for + * example bundle is being stopped. + * */ void destroy() { } /** - * Function called by dependency manager after "init ()" is called - * and after the services provided by the class are registered in - * the service registry - * + * Function called by dependency manager after "init ()" is called and after + * the services provided by the class are registered in the service registry + * */ void start() { authProviders = new ConcurrentHashMap(); @@ -837,10 +842,10 @@ public class UserManagerImpl implements IUserManager, IObjectReader, } /** - * Function called by the dependency manager before the services - * exported by the component are unregistered, this will be - * followed by a "destroy ()" calls - * + * Function called by the dependency manager before the services exported by + * the component are unregistered, this will be followed by a "destroy ()" + * calls + * */ void stop() { } @@ -858,19 +863,19 @@ public class UserManagerImpl implements IUserManager, IObjectReader, @Override public UserLevel getUserLevel(String username) { // Returns the controller well-know user level for the passed user - String roleName = null; + String roleName = null; - // First check in active users then in local configured users + // First check in active users then in local configured users if (activeUsers.containsKey(username)) { - roleName = activeUsers.get(username).getUserRoles().get(0); + roleName = activeUsers.get(username).getUserRoles().get(0); } else if (localUserConfigList.containsKey(username)) { - roleName = localUserConfigList.get(username).getRole(); + roleName = localUserConfigList.get(username).getRole(); } - + if (roleName == null) { - return UserLevel.NOUSER; + return UserLevel.NOUSER; } - + // For now only one role per user is allowed if (roleName.equals(UserLevel.SYSTEMADMIN.toString())) { return UserLevel.SYSTEMADMIN; @@ -915,7 +920,7 @@ public class UserManagerImpl implements IUserManager, IObjectReader, } return new Status(StatusCode.INTERNALERROR, - "Failed to save user configurations"); + "Failed to save user configurations"); } @Override @@ -931,8 +936,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader, return new User(username, localUserConfigList.get(username) .getPassword(), enabled, accountNonExpired, - credentialsNonExpired, accountNonLocked, user - .getGrantedAuthorities(getUserLevel(username))); + credentialsNonExpired, accountNonLocked, + user.getGrantedAuthorities(getUserLevel(username))); } else throw new UsernameNotFoundException("User not found " + username); } @@ -964,8 +969,9 @@ public class UserManagerImpl implements IUserManager, IObjectReader, "Username or credentials did not match"); } - AuthResultEnum result = authenticate((String) authentication - .getPrincipal(), (String) authentication.getCredentials()); + AuthResultEnum result = authenticate( + (String) authentication.getPrincipal(), + (String) authentication.getCredentials()); if (result.equals(AuthResultEnum.AUTHOR_PASS) || result.equals(AuthResultEnum.AUTH_ACCEPT_LOC) || result.equals(AuthResultEnum.AUTH_ACCEPT)) { @@ -979,10 +985,10 @@ public class UserManagerImpl implements IUserManager, IObjectReader, } authentication = new UsernamePasswordAuthenticationToken( - authentication.getPrincipal(), authentication - .getCredentials(), user - .getGrantedAuthorities(getUserLevel(authentication - .getName()))); + authentication.getPrincipal(), + authentication.getCredentials(), + user.getGrantedAuthorities(getUserLevel(authentication + .getName()))); return authentication; } else @@ -991,34 +997,46 @@ public class UserManagerImpl implements IUserManager, IObjectReader, } - //following are setters for use in unit testing + // following are setters for use in unit testing void setLocalUserConfigList(ConcurrentMap ucl) { - if (ucl != null) { this.localUserConfigList = ucl; } + if (ucl != null) { + this.localUserConfigList = ucl; + } } - void setRemoteServerConfigList (ConcurrentMap scl) { - if (scl != null) { this.remoteServerConfigList = scl; } + + void setRemoteServerConfigList(ConcurrentMap scl) { + if (scl != null) { + this.remoteServerConfigList = scl; + } } - void setAuthorizationConfList (ConcurrentMap acl) { - if (acl != null) { this.authorizationConfList = acl; } + + void setAuthorizationConfList(ConcurrentMap acl) { + if (acl != null) { + this.authorizationConfList = acl; + } } - void setActiveUsers (ConcurrentMap au) { - if (au != null) { this.activeUsers = au; } + + void setActiveUsers(ConcurrentMap au) { + if (au != null) { + this.activeUsers = au; + } } - void setAuthProviders(ConcurrentMap ap ) { - if (ap != null){ + + void setAuthProviders(ConcurrentMap ap) { + if (ap != null) { this.authProviders = ap; } } - + @Override public ISessionManager getSessionManager() { return this.sessionMgr; } - + public void setSessionMgr(ISessionManager sessionMgr) { this.sessionMgr = sessionMgr; } - + public String getPassword(String username) { return localUserConfigList.get(username).getPassword(); } diff --git a/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/AuthorizationUserConfigTest.java b/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/AuthorizationUserConfigTest.java index 12c7690f86..d274da5248 100644 --- a/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/AuthorizationUserConfigTest.java +++ b/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/AuthorizationUserConfigTest.java @@ -21,82 +21,81 @@ import org.opendaylight.controller.usermanager.AuthResponse; */ public class AuthorizationUserConfigTest { - @Test - public void AuthorizationConfigTest() { - AuthorizationConfig authConfig; - - // test isValid - authConfig = new AuthorizationConfig(null, - UserLevel.SYSTEMADMIN.toString()); - assertFalse(authConfig.isValid()); - authConfig = new AuthorizationConfig("admin", ""); - assertFalse(authConfig.isValid()); - authConfig = new AuthorizationConfig("admin", - UserLevel.SYSTEMADMIN.toString()); - assertTrue(authConfig.isValid()); - } - - @Test - public void UserConfigTest() { - UserConfig userConfig; - - userConfig = new UserConfig(null, "cisco", - UserLevel.NETWORKOPERATOR.toString()); - assertFalse(userConfig.isValid()); - - userConfig = new UserConfig("uname", "", "cisco"); - assertFalse(userConfig.isValid()); - - userConfig = new UserConfig("uname", "ciscocisco", - UserLevel.NETWORKOPERATOR.toString()); - assertTrue(userConfig.isValid()); - - /* currentPassword mismatch */ - assertFalse(userConfig.update("Cisco", "cisco123", - UserLevel.NETWORKOPERATOR.toString())); - - assertTrue(userConfig.update("ciscocisco", null, - UserLevel.NETWORKOPERATOR.toString())); - /* New Password = null, No change in password */ - assertTrue(userConfig.getPassword().equals("ciscocisco")); - - /* Password changed successfully, no change in user role */ - assertTrue(userConfig.update("ciscocisco", "cisco123", - UserLevel.NETWORKOPERATOR.toString())); - assertTrue(userConfig.getPassword().equals("cisco123")); - assertTrue(userConfig.getRole().equals( - UserLevel.NETWORKOPERATOR.toString())); - - /* Password not changed, role changed successfully */ - assertTrue(userConfig.update("cisco123", "cisco123", - UserLevel.SYSTEMADMIN.toString())); - assertTrue(userConfig.getPassword().equals("cisco123")); - assertTrue(userConfig.getRole() - .equals(UserLevel.SYSTEMADMIN.toString())); - - /* Password and role changed successfully */ - assertTrue(userConfig.update("cisco123", "ciscocisco", - UserLevel.SYSTEMADMIN.toString())); - assertTrue(userConfig.getPassword().equals("ciscocisco")); - assertTrue(userConfig.getRole() - .equals(UserLevel.SYSTEMADMIN.toString())); - - String username = userConfig.getUser(); - assertTrue(username.equals("uname")); - - // test authenticate - AuthResponse authresp = userConfig.authenticate("ciscocisco"); - assertTrue(authresp.getStatus().equals(AuthResultEnum.AUTH_ACCEPT_LOC)); - authresp = userConfig.authenticate("wrongPassword"); - assertTrue(authresp.getStatus().equals(AuthResultEnum.AUTH_REJECT_LOC)); - - // test equals() - userConfig = new UserConfig("uname", "ciscocisco", - UserLevel.NETWORKOPERATOR.toString()); - assertEquals(userConfig, userConfig); - UserConfig userConfig2 = new UserConfig("uname", - "ciscocisco", - UserLevel.NETWORKOPERATOR.toString()); - assertEquals(userConfig, userConfig2); - } + @Test + public void AuthorizationConfigTest() { + AuthorizationConfig authConfig; + + // test isValid + authConfig = new AuthorizationConfig(null, + UserLevel.SYSTEMADMIN.toString()); + assertFalse(authConfig.validate().isSuccess()); + authConfig = new AuthorizationConfig("admin", ""); + assertFalse(authConfig.validate().isSuccess()); + authConfig = new AuthorizationConfig("admin", + UserLevel.SYSTEMADMIN.toString()); + assertTrue(authConfig.validate().isSuccess()); + } + + @Test + public void UserConfigTest() { + UserConfig userConfig; + + userConfig = new UserConfig(null, "cisco", + UserLevel.NETWORKOPERATOR.toString()); + assertFalse(userConfig.validate().isSuccess()); + + userConfig = new UserConfig("uname", "", "cisco"); + assertFalse(userConfig.validate().isSuccess()); + + userConfig = new UserConfig("uname", "ciscocisco", + UserLevel.NETWORKOPERATOR.toString()); + assertTrue(userConfig.validate().isSuccess()); + + /* currentPassword mismatch */ + assertFalse(userConfig.update("Cisco", "cisco123", + UserLevel.NETWORKOPERATOR.toString())); + + assertTrue(userConfig.update("ciscocisco", null, + UserLevel.NETWORKOPERATOR.toString())); + /* New Password = null, No change in password */ + assertTrue(userConfig.getPassword().equals("ciscocisco")); + + /* Password changed successfully, no change in user role */ + assertTrue(userConfig.update("ciscocisco", "cisco123", + UserLevel.NETWORKOPERATOR.toString())); + assertTrue(userConfig.getPassword().equals("cisco123")); + assertTrue(userConfig.getRole().equals( + UserLevel.NETWORKOPERATOR.toString())); + + /* Password not changed, role changed successfully */ + assertTrue(userConfig.update("cisco123", "cisco123", + UserLevel.SYSTEMADMIN.toString())); + assertTrue(userConfig.getPassword().equals("cisco123")); + assertTrue(userConfig.getRole() + .equals(UserLevel.SYSTEMADMIN.toString())); + + /* Password and role changed successfully */ + assertTrue(userConfig.update("cisco123", "ciscocisco", + UserLevel.SYSTEMADMIN.toString())); + assertTrue(userConfig.getPassword().equals("ciscocisco")); + assertTrue(userConfig.getRole() + .equals(UserLevel.SYSTEMADMIN.toString())); + + String username = userConfig.getUser(); + assertTrue(username.equals("uname")); + + // test authenticate + AuthResponse authresp = userConfig.authenticate("ciscocisco"); + assertTrue(authresp.getStatus().equals(AuthResultEnum.AUTH_ACCEPT_LOC)); + authresp = userConfig.authenticate("wrongPassword"); + assertTrue(authresp.getStatus().equals(AuthResultEnum.AUTH_REJECT_LOC)); + + // test equals() + userConfig = new UserConfig("uname", "ciscocisco", + UserLevel.NETWORKOPERATOR.toString()); + assertEquals(userConfig, userConfig); + UserConfig userConfig2 = new UserConfig("uname", "ciscocisco", + UserLevel.NETWORKOPERATOR.toString()); + assertEquals(userConfig, userConfig2); + } } diff --git a/opendaylight/web/devices/src/main/resources/js/page.js b/opendaylight/web/devices/src/main/resources/js/page.js index d21f8d83a7..7a2b579326 100644 --- a/opendaylight/web/devices/src/main/resources/js/page.js +++ b/opendaylight/web/devices/src/main/resources/js/page.js @@ -62,7 +62,7 @@ one.f.switchmanager = { return $table; }, validateName: function(name) { - return name.match(/^[a-zA-Z0-9][a-zA-Z0-9_\-\.]{1,31}$/g) == null ? false : true; + return (name.length < 256); } }; @@ -177,7 +177,7 @@ one.f.switchmanager.nodesLearnt = { var result = {}; result['nodeName'] = $('#' + one.f.switchmanager.nodesLearnt.id.modal.form.nodeName, $modal).val(); if(!one.f.switchmanager.validateName(result['nodeName'])) { - alert("Node name can contain alphabets numbers and characters _ - . upto 32 characters in length"); + alert("Node name can contain upto 255 characters"); return; } result['nodeId'] = $('#' + one.f.switchmanager.nodesLearnt.id.modal.form.nodeId, $modal).val(); @@ -386,7 +386,7 @@ one.f.switchmanager.subnetGatewayConfig = { var result = {}; result['gatewayName'] = $('#' + one.f.switchmanager.subnetGatewayConfig.id.modal.form.name, $modal).val(); if(!one.f.switchmanager.validateName(result['gatewayName'])) { - alert("Gateway name can contain alphabets numbers and characters _ - . upto 32 characters in length"); + alert("Gateway name can contain upto 255 characters"); return; } result['gatewayIPAddress'] = $('#' + one.f.switchmanager.subnetGatewayConfig.id.modal.form.gatewayIPAddress, $modal).val();