You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The ODL Nitrogen release no longer utilizes the shiro.ini file and has replaced it with aaa-app-config.xml.  The aaa-app-config.xml file is created using a python script provided by ODL.  ODL instructions can be found at http://docs.opendaylight.org/en/stable-nitrogen/release-notes/projects/aaa.html.

Example conversion:

root@07bdfeb292d5:/opt/opendaylight/current/etc# python ../bin/upgrade/convert-shiro-ini-to-rest-payload shiro.ini opendaylight/datastore/initial/config/aaa-app-config.xml

Resultant aaa-app-config.xml:

<?xml version="1.0" ?>
<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
    <main>
        <pair-key>tokenAuthRealm</pair-key>
        <pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value>
    </main>
    <main>
        <pair-key>securityManager.realms</pair-key>
        <pair-value>$tokenAuthRealm</pair-value>
    </main>
    <main>
        <pair-key>authcBasic</pair-key>
        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
    </main>
    <main>
        <pair-key>accountingListener</pair-key>
        <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
    </main>
    <main>
        <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
        <pair-value>$accountingListener</pair-value>
    </main>
    <main>
        <pair-key>dynamicAuthorization</pair-key>
        <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
    </main>
    <urls>
        <pair-key>/v1/**</pair-key>
        <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value>
    </urls>
    <urls>
        <pair-key>/config/aaa-cert-mdsal**</pair-key>
        <pair-value>authcBasic, roles[admin]</pair-value>
    </urls>
    <urls>
        <pair-key>/operational/aaa-cert-mdsal**</pair-key>
        <pair-value>authcBasic, roles[admin]</pair-value>
    </urls>
    <urls>
        <pair-key>/operations/aaa-cert-rpc**</pair-key>
        <pair-value>authcBasic, roles[admin]</pair-value>
    </urls>
    <urls>
        <pair-key>/config/aaa-authn-model**</pair-key>
        <pair-value>authcBasic, roles[admin]</pair-value>
    </urls>
    <urls>
        <pair-key>/operational/aaa-authn-model**</pair-key>
        <pair-value>authcBasic, roles[admin]</pair-value>
    </urls>
    <urls>
        <pair-key>/**</pair-key>
        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
    </urls>
</shiro-configuration>
  • No labels