Added RBAC for REST APIs.
- admin role required for POST, PUT, DELETE & PATCH
- viewer role required for all other requests
- cleaned up all web.xml files for consistency and correctness
Change-Id: I33bad5cec0fb0f4285eed84173025b0a107b5aec
diff --git a/apps/acl/src/main/webapp/WEB-INF/web.xml b/apps/acl/src/main/webapp/WEB-INF/web.xml
index 27d9cc7..68b2485 100644
--- a/apps/acl/src/main/webapp/WEB-INF/web.xml
+++ b/apps/acl/src/main/webapp/WEB-INF/web.xml
@@ -31,11 +31,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/castor/src/main/webapp/WEB-INF/web.xml b/apps/castor/src/main/webapp/WEB-INF/web.xml
index 1c8762e..8ce51f7 100644
--- a/apps/castor/src/main/webapp/WEB-INF/web.xml
+++ b/apps/castor/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/cfm/src/main/webapp/WEB-INF/web.xml b/apps/cfm/src/main/webapp/WEB-INF/web.xml
index b4fb8f0..f8355c7 100644
--- a/apps/cfm/src/main/webapp/WEB-INF/web.xml
+++ b/apps/cfm/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/cord-support/src/main/webapp/WEB-INF/web.xml b/apps/cord-support/src/main/webapp/WEB-INF/web.xml
index caf7a5d..c204451 100644
--- a/apps/cord-support/src/main/webapp/WEB-INF/web.xml
+++ b/apps/cord-support/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/cpman/app/src/main/webapp/WEB-INF/web.xml b/apps/cpman/app/src/main/webapp/WEB-INF/web.xml
index dceaf96..74e321e 100644
--- a/apps/cpman/app/src/main/webapp/WEB-INF/web.xml
+++ b/apps/cpman/app/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/dhcp/app/src/main/webapp/WEB-INF/web.xml b/apps/dhcp/app/src/main/webapp/WEB-INF/web.xml
index 30bd186..257119e 100644
--- a/apps/dhcp/app/src/main/webapp/WEB-INF/web.xml
+++ b/apps/dhcp/app/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/faultmanagement/fmweb/src/main/webapp/WEB-INF/web.xml b/apps/faultmanagement/fmweb/src/main/webapp/WEB-INF/web.xml
index 9430499..6a172d0 100644
--- a/apps/faultmanagement/fmweb/src/main/webapp/WEB-INF/web.xml
+++ b/apps/faultmanagement/fmweb/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>FM2 REST API v1.0</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/imr/api/src/main/webapp/WEB-INF/web.xml b/apps/imr/api/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..2288b7f
--- /dev/null
+++ b/apps/imr/api/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2017-present Open Networking Foundation
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ id="ONOS" version="2.5">
+ <display-name>Intent Monitor and Reroute REST API</display-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
+ <servlet>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
+ <init-param>
+ <param-name>javax.ws.rs.Application</param-name>
+ <param-value>org.onosproject.imr.rest.ImrWebApplication</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+</web-app>
diff --git a/apps/kafka-integration/web/src/main/webapp/WEB-INF/web.xml b/apps/kafka-integration/web/src/main/webapp/WEB-INF/web.xml
index 3ad1602..d30a300 100644
--- a/apps/kafka-integration/web/src/main/webapp/WEB-INF/web.xml
+++ b/apps/kafka-integration/web/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>Event Exporter REST API</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/mappingmanagement/web/src/main/webapp/WEB-INF/web.xml b/apps/mappingmanagement/web/src/main/webapp/WEB-INF/web.xml
index 8fe0170..800f523 100644
--- a/apps/mappingmanagement/web/src/main/webapp/WEB-INF/web.xml
+++ b/apps/mappingmanagement/web/src/main/webapp/WEB-INF/web.xml
@@ -27,11 +27,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/mcast/web/src/main/webapp/WEB-INF/web.xml b/apps/mcast/web/src/main/webapp/WEB-INF/web.xml
index d1f8718..b382fb6 100644
--- a/apps/mcast/web/src/main/webapp/WEB-INF/web.xml
+++ b/apps/mcast/web/src/main/webapp/WEB-INF/web.xml
@@ -27,11 +27,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/mfwd/src/main/webapp/WEB-INF/web.xml b/apps/mfwd/src/main/webapp/WEB-INF/web.xml
index 9757ff4..19afe5e 100644
--- a/apps/mfwd/src/main/webapp/WEB-INF/web.xml
+++ b/apps/mfwd/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>ONOS APP MFWD</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/ofagent/src/main/webapp/WEB-INF/web.xml b/apps/ofagent/src/main/webapp/WEB-INF/web.xml
index cc3d463..b71cf1d 100644
--- a/apps/ofagent/src/main/webapp/WEB-INF/web.xml
+++ b/apps/ofagent/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/openstacknetworking/src/main/webapp/WEB-INF/web.xml b/apps/openstacknetworking/src/main/webapp/WEB-INF/web.xml
index 89f5be2..4dcd52e 100644
--- a/apps/openstacknetworking/src/main/webapp/WEB-INF/web.xml
+++ b/apps/openstacknetworking/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>Openstack Switching REST API v1.0</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/openstacknetworkingui/src/main/webapp/WEB-INF/web.xml b/apps/openstacknetworkingui/src/main/webapp/WEB-INF/web.xml
index 616ad86..d5d4006 100644
--- a/apps/openstacknetworkingui/src/main/webapp/WEB-INF/web.xml
+++ b/apps/openstacknetworkingui/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>SONA GUI REST API v1.0</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/openstacknode/app/src/main/webapp/WEB-INF/web.xml b/apps/openstacknode/app/src/main/webapp/WEB-INF/web.xml
index 689c8ec..0cb2f91 100644
--- a/apps/openstacknode/app/src/main/webapp/WEB-INF/web.xml
+++ b/apps/openstacknode/app/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>Openstack Node REST API v1.0</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/openstacktelemetry/app/src/main/webapp/WEB-INF/web.xml b/apps/openstacktelemetry/app/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..1181c43
--- /dev/null
+++ b/apps/openstacktelemetry/app/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2018-present Open Networking Foundation
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ id="ONOS" version="2.5">
+ <display-name>Openstack Telemetry REST API v1.0</display-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
+ <servlet>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
+ <init-param>
+ <param-name>javax.ws.rs.Application</param-name>
+ <param-value>org.onosproject.openstacktelemetry.web.OpenstackTelemetryWebApplication</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+</web-app>
diff --git a/apps/openstackvtap/app/src/main/webapp/WEB-INF/web.xml b/apps/openstackvtap/app/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..8b44537
--- /dev/null
+++ b/apps/openstackvtap/app/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2018-present Open Networking Foundation
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ id="ONOS" version="2.5">
+ <display-name>Openstack vTap REST API v1.0</display-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
+ <servlet>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
+ <init-param>
+ <param-name>javax.ws.rs.Application</param-name>
+ <param-value>org.onosproject.openstackvtap.web.OpenstackVtapWebApplication</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+</web-app>
diff --git a/apps/optical-rest/src/main/webapp/WEB-INF/web.xml b/apps/optical-rest/src/main/webapp/WEB-INF/web.xml
index 1437d86..a55f02b 100644
--- a/apps/optical-rest/src/main/webapp/WEB-INF/web.xml
+++ b/apps/optical-rest/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/pce/pcerest/pom.xml b/apps/pce/pcerest/pom.xml
index ed7939e..c44b05e 100644
--- a/apps/pce/pcerest/pom.xml
+++ b/apps/pce/pcerest/pom.xml
@@ -97,7 +97,18 @@
<artifactId>onos-apps-pce-app</artifactId>
<version>${project.version}</version>
</dependency>
-
+ <dependency>
+ <groupId>org.onosproject</groupId>
+ <artifactId>onos-rest</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.onosproject</groupId>
+ <artifactId>onos-rest</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ <classifier>tests</classifier>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git a/apps/pce/pcerest/src/main/resources/WEB-INF/web.xml b/apps/pce/pcerest/src/main/resources/WEB-INF/web.xml
index ae129fc..388044a 100644
--- a/apps/pce/pcerest/src/main/resources/WEB-INF/web.xml
+++ b/apps/pce/pcerest/src/main/resources/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>PCE REST API v1.0</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/pce/pcerest/src/test/java/org/onosproject/pcerest/PceResourceTest.java b/apps/pce/pcerest/src/test/java/org/onosproject/pcerest/PceResourceTest.java
index 1f69801..a24c874 100644
--- a/apps/pce/pcerest/src/test/java/org/onosproject/pcerest/PceResourceTest.java
+++ b/apps/pce/pcerest/src/test/java/org/onosproject/pcerest/PceResourceTest.java
@@ -18,6 +18,7 @@
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;
import org.glassfish.jersey.test.TestProperties;
+import org.onlab.rest.AuthorizationFilter;
/**
* Base class for pce rest api tests. Performs common configuration operations.
@@ -29,6 +30,7 @@
*/
public PceResourceTest() {
super(ResourceConfig.forApplicationClass(PceWebApplication.class));
+ AuthorizationFilter.disableForTests();
set(TestProperties.CONTAINER_PORT, 0);
}
}
diff --git a/apps/powermanagement/src/main/webapp/WEB-INF/web.xml b/apps/powermanagement/src/main/webapp/WEB-INF/web.xml
index f3440ee..7a6e3be 100644
--- a/apps/powermanagement/src/main/webapp/WEB-INF/web.xml
+++ b/apps/powermanagement/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/route-service/app/src/main/webapp/WEB-INF/web.xml b/apps/route-service/app/src/main/webapp/WEB-INF/web.xml
index 6b1d27a..1c3d2b0 100644
--- a/apps/route-service/app/src/main/webapp/WEB-INF/web.xml
+++ b/apps/route-service/app/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/segmentrouting/web/src/main/webapp/WEB-INF/web.xml b/apps/segmentrouting/web/src/main/webapp/WEB-INF/web.xml
index 73154e3..1362728 100644
--- a/apps/segmentrouting/web/src/main/webapp/WEB-INF/web.xml
+++ b/apps/segmentrouting/web/src/main/webapp/WEB-INF/web.xml
@@ -28,11 +28,13 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
diff --git a/apps/simplefabric/src/main/webapp/WEB-INF/web.xml b/apps/simplefabric/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..e136671
--- /dev/null
+++ b/apps/simplefabric/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2017-present Open Networking Foundation
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ id="ONOS" version="2.5">
+ <display-name>Simple Fabric application REST API</display-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
+ <servlet>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
+ <init-param>
+ <param-name>javax.ws.rs.Application</param-name>
+ <param-value>org.onosproject.simplefabric.SimpleFabricWebApplication</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+</web-app>
diff --git a/apps/t3/web/src/main/webapp/WEB-INF/web.xml b/apps/t3/web/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..9bed969
--- /dev/null
+++ b/apps/t3/web/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2018-present Open Networking Foundation
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ id="ONOS" version="2.5">
+ <display-name>T3 REST API v1.0</display-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
+ <servlet>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
+ <init-param>
+ <param-name>javax.ws.rs.Application</param-name>
+ <param-value>org.onosproject.t3.rest.T3WebApplication</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>JAX-RS Service</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+</web-app>
diff --git a/apps/test/demo/src/main/webapp/WEB-INF/web.xml b/apps/test/demo/src/main/webapp/WEB-INF/web.xml
index acc738e..04701ab 100644
--- a/apps/test/demo/src/main/webapp/WEB-INF/web.xml
+++ b/apps/test/demo/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>ONOS DEMO APP API v1.0</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/virtualbng/src/main/webapp/WEB-INF/web.xml b/apps/virtualbng/src/main/webapp/WEB-INF/web.xml
index b66d9bf..d395d3d 100644
--- a/apps/virtualbng/src/main/webapp/WEB-INF/web.xml
+++ b/apps/virtualbng/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,27 @@
id="ONOS" version="2.5">
<display-name>ONOS Virtual BNG APP REST API</display-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
+
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
diff --git a/apps/vtn/vtnweb/src/main/webapp/WEB-INF/web.xml b/apps/vtn/vtnweb/src/main/webapp/WEB-INF/web.xml
index f83ad87..8c368d9 100644
--- a/apps/vtn/vtnweb/src/main/webapp/WEB-INF/web.xml
+++ b/apps/vtn/vtnweb/src/main/webapp/WEB-INF/web.xml
@@ -20,7 +20,6 @@
id="ONOS" version="2.5">
<display-name>VTNRSC REST API v1.0</display-name>
- <!-- TODO: this should be uncommented
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured</web-resource-name>
@@ -28,18 +27,19 @@
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
+ <role-name>viewer</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>karaf</realm-name>
</login-config>
- -->
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
diff --git a/apps/yang/web/src/main/webapp/WEB-INF/web.xml b/apps/yang/web/src/main/webapp/WEB-INF/web.xml
index 90f85fd..063aa5c 100644
--- a/apps/yang/web/src/main/webapp/WEB-INF/web.xml
+++ b/apps/yang/web/src/main/webapp/WEB-INF/web.xml
@@ -15,19 +15,38 @@
~ limitations under the License.
-->
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="ONOS" version="2.5">
- <display-name>YANG LIVE COMPILER REST API v1.0</display-name>
+ <display-name>YANG Live Compiler REST API v1.0</display-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secured</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>admin</role-name>
+ <role-name>viewer</role-name>
+ </security-role>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>karaf</realm-name>
+ </login-config>
<servlet>
<servlet-name>JAX-RS Service</servlet-name>
- <servlet-class>org.glassfish.jersey.servlet.ServletContainer
- </servlet-class>
+ <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
- <param-value>org.onosproject.yang.web.YangWebApplication
- </param-value>
+ <param-value>org.onosproject.yang.web.YangWebApplication</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>