ONOS-1993 Implement API-level permission checking + security util code location replacement
Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2
diff --git a/core/net/src/main/java/org/onosproject/net/flowobjective/impl/FlowObjectiveManager.java b/core/net/src/main/java/org/onosproject/net/flowobjective/impl/FlowObjectiveManager.java
index f84c24f..4c64784 100644
--- a/core/net/src/main/java/org/onosproject/net/flowobjective/impl/FlowObjectiveManager.java
+++ b/core/net/src/main/java/org/onosproject/net/flowobjective/impl/FlowObjectiveManager.java
@@ -27,6 +27,7 @@
import org.onlab.osgi.ServiceDirectory;
import org.onlab.util.ItemNotFoundException;
import org.onosproject.cluster.ClusterService;
+import org.onosproject.core.Permission;
import org.onosproject.mastership.MastershipEvent;
import org.onosproject.mastership.MastershipListener;
import org.onosproject.mastership.MastershipService;
@@ -59,6 +60,8 @@
import static java.util.concurrent.Executors.newFixedThreadPool;
import static org.onlab.util.Tools.groupedThreads;
+import static org.onosproject.security.AppGuard.checkPermission;
+
/**
* Provides implementation of the flow objective programming service.
@@ -212,11 +215,15 @@
@Override
public void filter(DeviceId deviceId, FilteringObjective filteringObjective) {
+ checkPermission(Permission.FLOWRULE_WRITE);
+
executorService.submit(new ObjectiveInstaller(deviceId, filteringObjective));
}
@Override
public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) {
+ checkPermission(Permission.FLOWRULE_WRITE);
+
if (queueObjective(deviceId, forwardingObjective)) {
return;
}
@@ -225,11 +232,15 @@
@Override
public void next(DeviceId deviceId, NextObjective nextObjective) {
+ checkPermission(Permission.FLOWRULE_WRITE);
+
executorService.submit(new ObjectiveInstaller(deviceId, nextObjective));
}
@Override
public int allocateNextId() {
+ checkPermission(Permission.FLOWRULE_WRITE);
+
return flowObjectiveStore.allocateNextId();
}