3 ~ ============LICENSE_START=======================================================
4 ~ ONAP : ccsdk features
5 ~ ================================================================================
6 ~ Copyright (C) 2021 highstreet technologies GmbH Intellectual Property.
8 ~ ================================================================================
9 ~ Licensed under the Apache License, Version 2.0 (the "License");
10 ~ you may not use this file except in compliance with the License.
11 ~ You may obtain a copy of the License at
13 ~ http://www.apache.org/licenses/LICENSE-2.0
15 ~ Unless required by applicable law or agreed to in writing, software
16 ~ distributed under the License is distributed on an "AS IS" BASIS,
17 ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 ~ See the License for the specific language governing permissions and
19 ~ limitations under the License.
20 ~ ============LICENSE_END=======================================================
24 <shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
28 <pair-key>tokenAuthRealm</pair-key>
29 <!--<pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value>-->
30 <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
34 <pair-key>securityManager.realms</pair-key>
35 <pair-value>$tokenAuthRealm</pair-value>
37 <!-- Used to support OAuth2 use case. -->
39 <pair-key>anyroles</pair-key>
40 <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.AnyRoleHttpAuthenticationFilter</pair-value>
43 <pair-key>authcBearer</pair-key>
44 <!-- <pair-value>org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter</pair-value>-->
45 <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.BearerAndBasicHttpAuthenticationFilter</pair-value>
48 <!-- in order to track AAA challenge attempts -->
50 <pair-key>accountingListener</pair-key>
51 <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
54 <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
55 <pair-value>$accountingListener</pair-value>
58 <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
60 <pair-key>dynamicAuthorization</pair-key>
61 <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.CustomizedMDSALDynamicAuthorizationFilter</pair-value>
66 <pair-key>/**/operations/cluster-admin**</pair-key>
67 <pair-value>authcBearer, roles[admin]</pair-value>
70 <pair-key>/**/v1/**</pair-key>
71 <pair-value>authcBasic, roles[admin]</pair-value>
74 <pair-key>/**/config/aaa*/**</pair-key>
75 <pair-value>authcBasic, roles[admin]</pair-value>
78 <pair-key>/oauth/**</pair-key>
79 <pair-value>anon</pair-value>
82 <pair-key>/odlux/**</pair-key>
83 <pair-value>anon</pair-value>
86 <pair-key>/apidoc/**</pair-key>
87 <pair-value>authcBasic</pair-value>
90 <pair-key>/rests/**</pair-key>
91 <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
94 <pair-key>/**</pair-key>
95 <pair-value>authcBearer, roles[admin]</pair-value>
97 </shiro-configuration>