sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml

   1 <?xml version="1.0" ?>
   2 <!--
   3      Copyright (c) 2017 Inocybe Technologies and others.  All rights reserved.
   4
   5      This program and the accompanying materials are made available under the
   6      terms of the Eclipse Public License v1.0 which accompanies this distribution,
   7      and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License,
   8      Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0
   9
  10      SPDX-License-Identifier: EPL-1.0 OR Apache-2.0
  11 -->
  12
  13 <!--
  14   ///////////////////////////////////////////////////////////////////////////////////////
  15   // clustered-app-config instance responsible for AAA configuration.  In the future,  //
  16   // this will contain all AAA related configuration.                                  //
  17   ///////////////////////////////////////////////////////////////////////////////////////
  18 -->
  19
  20
  21 <shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
  22
  23
  24     <main>
  25         <pair-key>tokenAuthRealm</pair-key>
  26         <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
  27     </main>
  28
  29     <main>
  30         <pair-key>securityManager.realms</pair-key>
  31         <pair-value>$tokenAuthRealm</pair-value>
  32     </main>
  33     <!-- Used to support OAuth2 use case. -->
  34     <main>
  35         <pair-key>authcBasic</pair-key>
  36         <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
  37     </main>
  38     <main>
  39         <pair-key>anyroles</pair-key>
  40         <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value>
  41     </main>
  42     <main>
  43         <pair-key>authcBearer</pair-key>
  44         <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
  45     </main>
  46
  47     <!-- in order to track AAA challenge attempts -->
  48     <main>
  49         <pair-key>accountingListener</pair-key>
  50         <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
  51     </main>
  52     <main>
  53         <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
  54         <pair-value>$accountingListener</pair-value>
  55     </main>
  56
  57     <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
  58     <main>
  59         <pair-key>dynamicAuthorization</pair-key>
  60         <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
  61     </main>
  62
  63
  64     <urls>
  65         <pair-key>/**/operations/cluster-admin**</pair-key>
  66         <pair-value>dynamicAuthorization</pair-value>
  67     </urls>
  68     <urls>
  69         <pair-key>/**/v1/**</pair-key>
  70         <pair-value>authcBearer, roles[admin]</pair-value>
  71     </urls>
  72     <urls>
  73         <pair-key>/**/config/aaa*/**</pair-key>
  74         <pair-value>authcBearer, roles[admin]</pair-value>
  75     </urls>
  76      <urls>
  77         <pair-key>/oauth/**</pair-key>
  78         <pair-value>anon</pair-value>
  79     </urls>
  80     <urls>
  81         <pair-key>/odlux/**</pair-key>
  82         <pair-value>anon</pair-value>
  83     </urls>
  84     <urls>
  85         <pair-key>/apidoc/**</pair-key>
  86         <pair-value>authcBasic, roles[admin]</pair-value>
  87     </urls>
  88      <urls>
  89         <pair-key>/test123/**</pair-key>
  90         <pair-value>authcBasic</pair-value>
  91     </urls>
  92     <urls>
  93         <pair-key>/rests/**</pair-key>
  94         <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
  95     </urls>
  96     <urls>
  97         <pair-key>/**</pair-key>
  98         <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
  99     </urls>
 100 </shiro-configuration>
 101