Added RBAC for REST APIs.
- admin role required for POST, PUT, DELETE & PATCH
- viewer role required for all other requests
- cleaned up all web.xml files for consistency and correctness
Change-Id: I33bad5cec0fb0f4285eed84173025b0a107b5aec
diff --git a/apps/pce/pcerest/pom.xml b/apps/pce/pcerest/pom.xml
index 634ec38..c288e11 100644
--- a/apps/pce/pcerest/pom.xml
+++ b/apps/pce/pcerest/pom.xml
@@ -96,7 +96,18 @@
<artifactId>onos-apps-pce-app</artifactId>
<version>${project.version}</version>
</dependency>
-
+ <dependency>
+ <groupId>org.onosproject</groupId>
+ <artifactId>onos-rest</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.onosproject</groupId>
+ <artifactId>onos-rest</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ <classifier>tests</classifier>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git a/apps/pce/pcerest/src/main/resources/WEB-INF/web.xml b/apps/pce/pcerest/src/main/resources/WEB-INF/web.xml
index ae129fc..388044a 100644
--- a/apps/pce/pcerest/src/main/resources/WEB-INF/web.xml
+++ b/apps/pce/pcerest/src/main/resources/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>PCE REST API v1.0</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/pce/pcerest/src/test/java/org/onosproject/pcerest/PceResourceTest.java b/apps/pce/pcerest/src/test/java/org/onosproject/pcerest/PceResourceTest.java
index 1f69801..a24c874 100644
--- a/apps/pce/pcerest/src/test/java/org/onosproject/pcerest/PceResourceTest.java
+++ b/apps/pce/pcerest/src/test/java/org/onosproject/pcerest/PceResourceTest.java
@@ -18,6 +18,7 @@
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;
import org.glassfish.jersey.test.TestProperties;
+import org.onlab.rest.AuthorizationFilter;
/**
* Base class for pce rest api tests. Performs common configuration operations.
@@ -29,6 +30,7 @@
*/
public PceResourceTest() {
super(ResourceConfig.forApplicationClass(PceWebApplication.class));
+ AuthorizationFilter.disableForTests();
set(TestProperties.CONTAINER_PORT, 0);
}
}