Added RBAC for REST APIs.
- admin role required for POST, PUT, DELETE & PATCH
- viewer role required for all other requests
- cleaned up all web.xml files for consistency and correctness
Change-Id: I33bad5cec0fb0f4285eed84173025b0a107b5aec
diff --git a/web/api/src/main/webapp/WEB-INF/web.xml b/web/api/src/main/webapp/WEB-INF/web.xml
index 381868e..324d46d 100644
--- a/web/api/src/main/webapp/WEB-INF/web.xml
+++ b/web/api/src/main/webapp/WEB-INF/web.xml
@@ -29,11 +29,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/web/api/src/test/java/org/onosproject/rest/resources/ResourceTest.java b/web/api/src/test/java/org/onosproject/rest/resources/ResourceTest.java
index 24036f6..9f809f3 100644
--- a/web/api/src/test/java/org/onosproject/rest/resources/ResourceTest.java
+++ b/web/api/src/test/java/org/onosproject/rest/resources/ResourceTest.java
@@ -23,6 +23,7 @@
import org.glassfish.jersey.test.spi.TestContainerFactory;
import org.onlab.junit.TestUtils;
import org.onlab.osgi.ServiceDirectory;
+import org.onlab.rest.AuthorizationFilter;
import org.onlab.rest.BaseResource;
/**
@@ -49,6 +50,7 @@
private void configureProperties() {
set(TestProperties.CONTAINER_PORT, 0);
+ AuthorizationFilter.disableForTests();
}
/**