From 47e63471b8432d700739f01a5fac03a979928450 Mon Sep 17 00:00:00 2001
From: demx8as6 <martin.skorupski@highstreet-technologies.com>
Date: Fri, 28 Jan 2022 14:49:04 +0100
Subject: [PATCH] Modify docker-compose configuration

- update on ODL shiro configuration (bearer instead of basic)

IssueID: OAM-246
Change-Id: I47b29b976c000da38df550fb8f5d6509c06b1feb
Signed-off-by: demx8as6 <martin.skorupski@highstreet-technologies.com>
---
 solution/integration/smo/oam/docker-compose.yml    |  1 +
 .../smo/oam/sdnr/oauth-aaa-app-config.xml          | 99 ++++++++++++++++++++++
 2 files changed, 100 insertions(+)
 create mode 100644 solution/integration/smo/oam/sdnr/oauth-aaa-app-config.xml

diff --git a/solution/integration/smo/oam/docker-compose.yml b/solution/integration/smo/oam/docker-compose.yml
index c73471a..2929fd3 100755
--- a/solution/integration/smo/oam/docker-compose.yml
+++ b/solution/integration/smo/oam/docker-compose.yml
@@ -66,6 +66,7 @@ services:
       - IDENTITY_PROVIDER_URL=${IDENTITY_PROVIDER_URL}
       - SDNC_WEB_URL=https://sdnc-web:${SDNC_WEB_PORT}
     volumes:
+      - ./sdnr/oauth-aaa-app-config.xml:/opt/opendaylight/current/system/org/opendaylight/aaa/aaa-shiro/0.13.3/aaa-shiro-0.13.3-aaa-app-config.xml
       - ./sdnr/oauth-provider.config.json:/opt/opendaylight/etc/oauth-provider.config.json
       - ./sdnr/devicemanager.properties:/opt/opendaylight/etc/devicemanager.properties
       - ./sdnr/mountpoint-registrar.properties:/opt/opendaylight/etc/mountpoint-registrar.properties
diff --git a/solution/integration/smo/oam/sdnr/oauth-aaa-app-config.xml b/solution/integration/smo/oam/sdnr/oauth-aaa-app-config.xml
new file mode 100644
index 0000000..28a79f6
--- /dev/null
+++ b/solution/integration/smo/oam/sdnr/oauth-aaa-app-config.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" ?>
+<!--
+  ~ ============LICENSE_START=======================================================
+  ~ ONAP : ccsdk features
+  ~ ================================================================================
+  ~ Copyright (C) 2021 highstreet technologies GmbH Intellectual Property.
+  ~ All rights reserved.
+  ~ ================================================================================
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~ ============LICENSE_END=======================================================
+  ~
+  -->
+
+<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+
+
+    <main>
+        <pair-key>tokenAuthRealm</pair-key>
+        <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
+    </main>
+
+    <main>
+        <pair-key>securityManager.realms</pair-key>
+        <pair-value>$tokenAuthRealm</pair-value>
+    </main>
+    <!-- Used to support OAuth2 use case. -->
+    <main>
+        <pair-key>authcBasic</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
+    </main>
+    <main>
+        <pair-key>anyroles</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value>
+    </main>
+    <main>
+        <pair-key>authcBearer</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
+    </main>
+
+    <!-- in order to track AAA challenge attempts -->
+    <main>
+        <pair-key>accountingListener</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
+    </main>
+    <main>
+        <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
+        <pair-value>$accountingListener</pair-value>
+    </main>
+
+    <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
+    <main>
+        <pair-key>dynamicAuthorization</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
+    </main>
+
+
+    <urls>
+        <pair-key>/**/operations/cluster-admin**</pair-key>
+        <pair-value>authcBearer, roles[admin]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/**/v1/**</pair-key>
+        <pair-value>authcBearer, roles[admin]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/**/config/aaa*/**</pair-key>
+        <pair-value>authcBearer, roles[admin]</pair-value>
+    </urls>
+     <urls>
+        <pair-key>/oauth/**</pair-key>
+        <pair-value>anon</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/odlux/**</pair-key>
+        <pair-value>anon</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/apidoc/**</pair-key>
+        <pair-value>authcBasic</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/rests/**</pair-key>
+        <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/**</pair-key>
+        <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
+    </urls>
+</shiro-configuration>
-- 
2.16.6