3 Copyright (c) 2017 Inocybe Technologies and others. All rights reserved.
5 This program and the accompanying materials are made available under the
6 terms of the Eclipse Public License v1.0 which accompanies this distribution,
7 and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License,
8 Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0
10 SPDX-License-Identifier: EPL-1.0 OR Apache-2.0
14 ///////////////////////////////////////////////////////////////////////////////////////
15 // clustered-app-config instance responsible for AAA configuration. In the future, //
16 // this will contain all AAA related configuration. //
17 ///////////////////////////////////////////////////////////////////////////////////////
21 <shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
25 <pair-key>tokenAuthRealm</pair-key>
26 <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
30 <pair-key>securityManager.realms</pair-key>
31 <pair-value>$tokenAuthRealm</pair-value>
33 <!-- Used to support OAuth2 use case. -->
35 <pair-key>authcBasic</pair-key>
36 <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
39 <pair-key>anyroles</pair-key>
40 <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value>
43 <pair-key>authcBearer</pair-key>
44 <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
47 <!-- in order to track AAA challenge attempts -->
49 <pair-key>accountingListener</pair-key>
50 <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
53 <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
54 <pair-value>$accountingListener</pair-value>
57 <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
59 <pair-key>dynamicAuthorization</pair-key>
60 <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
65 <pair-key>/**/operations/cluster-admin**</pair-key>
66 <pair-value>dynamicAuthorization</pair-value>
69 <pair-key>/**/v1/**</pair-key>
70 <pair-value>authcBearer, roles[admin]</pair-value>
73 <pair-key>/**/config/aaa*/**</pair-key>
74 <pair-value>authcBearer, roles[admin]</pair-value>
77 <pair-key>/oauth/**</pair-key>
78 <pair-value>anon</pair-value>
81 <pair-key>/odlux/**</pair-key>
82 <pair-value>anon</pair-value>
85 <pair-key>/apidoc/**</pair-key>
86 <pair-value>authcBasic, roles[admin]</pair-value>
89 <pair-key>/test123/**</pair-key>
90 <pair-value>authcBasic</pair-value>
93 <pair-key>/rests/**</pair-key>
94 <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
97 <pair-key>/**</pair-key>
98 <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
100 </shiro-configuration>