홍길동 / onos

Go to a project
Toggle navigation Toggle navigation pinning
Heedo Kang
Committed by Gerrit Code Review
4a47a304 1 parent 661d4100

More APIs permission for new ONOS APIs 

Change-Id: I43fee65254adca451f77431bfbf5accdf95b81ab
Expand all
Inline Side-by-side
Showing 26 changed files with 170 additions and 18 deletions
...@@ -29,11 +29,16 @@ public class AppPermission extends BasicPermission { ...@@ -29,11 +29,16 @@ public class AppPermission extends BasicPermission {
29 public enum Type { 29 public enum Type {
30 APP_READ, 30 APP_READ,
31 APP_EVENT, 31 APP_EVENT,
32 + APP_WRITE,
32 CONFIG_READ, 33 CONFIG_READ,
33 CONFIG_WRITE, 34 CONFIG_WRITE,
35 + CONFIG_EVENT,
34 CLUSTER_READ, 36 CLUSTER_READ,
35 CLUSTER_WRITE, 37 CLUSTER_WRITE,
36 CLUSTER_EVENT, 38 CLUSTER_EVENT,
39 + CODEC_READ,
40 + CODEC_WRITE,
41 + CLOCK_WRITE,
37 DEVICE_KEY_EVENT, 42 DEVICE_KEY_EVENT,
38 DEVICE_KEY_READ, 43 DEVICE_KEY_READ,
39 DEVICE_KEY_WRITE, 44 DEVICE_KEY_WRITE,
...@@ -41,6 +46,8 @@ public class AppPermission extends BasicPermission { ...@@ -41,6 +46,8 @@ public class AppPermission extends BasicPermission {
41 DEVICE_EVENT, 46 DEVICE_EVENT,
42 DRIVER_READ, 47 DRIVER_READ,
43 DRIVER_WRITE, 48 DRIVER_WRITE,
49 + EVENT_READ,
50 + EVENT_WRITE,
44 FLOWRULE_READ, 51 FLOWRULE_READ,
45 FLOWRULE_WRITE, 52 FLOWRULE_WRITE,
46 FLOWRULE_EVENT, 53 FLOWRULE_EVENT,
...@@ -56,16 +63,26 @@ public class AppPermission extends BasicPermission { ...@@ -56,16 +63,26 @@ public class AppPermission extends BasicPermission {
56 LINK_READ, 63 LINK_READ,
57 LINK_WRITE, 64 LINK_WRITE,
58 LINK_EVENT, 65 LINK_EVENT,
66 + MUTEX_WRITE,
59 PACKET_READ, 67 PACKET_READ,
60 PACKET_WRITE, 68 PACKET_WRITE,
61 PACKET_EVENT, 69 PACKET_EVENT,
70 + PERSISTENCE_WRITE,
71 + PARTITION_READ,
72 + PARTITION_EVENT,
73 + RESOURCE_READ,
74 + RESOURCE_WRITE,
75 + RESOURCE_EVENT,
76 + REGION_READ,
62 STATISTIC_READ, 77 STATISTIC_READ,
78 + STORAGE_WRITE,
63 TOPOLOGY_READ, 79 TOPOLOGY_READ,
64 TOPOLOGY_EVENT, 80 TOPOLOGY_EVENT,
65 TUNNEL_READ, 81 TUNNEL_READ,
66 TUNNEL_WRITE, 82 TUNNEL_WRITE,
67 TUNNEL_EVENT, 83 TUNNEL_EVENT,
68 - STORAGE_WRITE 84 + UI_READ,
85 + UI_WRITE
69 } 86 }
70 87
71 protected Type type; 88 protected Type type;
......
...@@ -69,6 +69,9 @@ import java.util.Map; ...@@ -69,6 +69,9 @@ import java.util.Map;
69 import java.util.Set; 69 import java.util.Set;
70 import java.util.concurrent.ConcurrentHashMap; 70 import java.util.concurrent.ConcurrentHashMap;
71 71
72 +import static org.onosproject.security.AppGuard.checkPermission;
73 +import static org.onosproject.security.AppPermission.Type.*;
74 +
72 /** 75 /**
73 * Implementation of the JSON codec brokering service. 76 * Implementation of the JSON codec brokering service.
74 */ 77 */
...@@ -134,22 +137,26 @@ public class CodecManager implements CodecService { ...@@ -134,22 +137,26 @@ public class CodecManager implements CodecService {
134 137
135 @Override 138 @Override
136 public Set<Class<?>> getCodecs() { 139 public Set<Class<?>> getCodecs() {
140 + checkPermission(CODEC_READ);
137 return ImmutableSet.copyOf(codecs.keySet()); 141 return ImmutableSet.copyOf(codecs.keySet());
138 } 142 }
139 143
140 @Override 144 @Override
141 @SuppressWarnings("unchecked") 145 @SuppressWarnings("unchecked")
142 public <T> JsonCodec<T> getCodec(Class<T> entityClass) { 146 public <T> JsonCodec<T> getCodec(Class<T> entityClass) {
147 + checkPermission(CODEC_READ);
143 return codecs.get(entityClass); 148 return codecs.get(entityClass);
144 } 149 }
145 150
146 @Override 151 @Override
147 public <T> void registerCodec(Class<T> entityClass, JsonCodec<T> codec) { 152 public <T> void registerCodec(Class<T> entityClass, JsonCodec<T> codec) {
153 + checkPermission(CODEC_WRITE);
148 codecs.putIfAbsent(entityClass, codec); 154 codecs.putIfAbsent(entityClass, codec);
149 } 155 }
150 156
151 @Override 157 @Override
152 public void unregisterCodec(Class<?> entityClass) { 158 public void unregisterCodec(Class<?> entityClass) {
159 + checkPermission(CODEC_WRITE);
153 codecs.remove(entityClass); 160 codecs.remove(entityClass);
154 } 161 }
155 162
......
...@@ -41,6 +41,8 @@ import org.slf4j.Logger; ...@@ -41,6 +41,8 @@ import org.slf4j.Logger;
41 41
42 import java.util.Set; 42 import java.util.Set;
43 43
44 +import static org.onosproject.security.AppGuard.checkPermission;
45 +import static org.onosproject.security.AppPermission.Type.*;
44 import static org.slf4j.LoggerFactory.getLogger; 46 import static org.slf4j.LoggerFactory.getLogger;
45 47
46 /** 48 /**
...@@ -119,21 +121,25 @@ public class SimpleClusterStore ...@@ -119,21 +121,25 @@ public class SimpleClusterStore
119 121
120 @Override 122 @Override
121 public boolean isMine(Key intentKey) { 123 public boolean isMine(Key intentKey) {
124 + checkPermission(INTENT_READ);
122 return true; 125 return true;
123 } 126 }
124 127
125 @Override 128 @Override
126 public NodeId getLeader(Key intentKey) { 129 public NodeId getLeader(Key intentKey) {
130 + checkPermission(INTENT_READ);
127 return instance.id(); 131 return instance.id();
128 } 132 }
129 133
130 @Override 134 @Override
131 public void addListener(IntentPartitionEventListener listener) { 135 public void addListener(IntentPartitionEventListener listener) {
136 + checkPermission(INTENT_EVENT);
132 listenerRegistry.addListener(listener); 137 listenerRegistry.addListener(listener);
133 } 138 }
134 139
135 @Override 140 @Override
136 public void removeListener(IntentPartitionEventListener listener) { 141 public void removeListener(IntentPartitionEventListener listener) {
142 + checkPermission(INTENT_EVENT);
137 listenerRegistry.removeListener(listener); 143 listenerRegistry.removeListener(listener);
138 } 144 }
139 } 145 }
......
...@@ -15,17 +15,6 @@ ...@@ -15,17 +15,6 @@
15 */ 15 */
16 package org.onosproject.cluster.impl; 16 package org.onosproject.cluster.impl;
17 17
18 -import static com.google.common.base.Preconditions.checkNotNull;
19 -import static org.slf4j.LoggerFactory.getLogger;
20 -
21 -import java.net.InetAddress;
22 -import java.net.MalformedURLException;
23 -import java.net.NetworkInterface;
24 -import java.net.SocketException;
25 -import java.net.URL;
26 -import java.util.Collection;
27 -import java.util.Enumeration;
28 -
29 import org.apache.felix.scr.annotations.Activate; 18 import org.apache.felix.scr.annotations.Activate;
30 import org.apache.felix.scr.annotations.Component; 19 import org.apache.felix.scr.annotations.Component;
31 import org.apache.felix.scr.annotations.Deactivate; 20 import org.apache.felix.scr.annotations.Deactivate;
...@@ -47,6 +36,19 @@ import org.onosproject.net.provider.AbstractProviderService; ...@@ -47,6 +36,19 @@ import org.onosproject.net.provider.AbstractProviderService;
47 import org.onosproject.store.service.Versioned; 36 import org.onosproject.store.service.Versioned;
48 import org.slf4j.Logger; 37 import org.slf4j.Logger;
49 38
39 +import java.net.InetAddress;
40 +import java.net.MalformedURLException;
41 +import java.net.NetworkInterface;
42 +import java.net.SocketException;
43 +import java.net.URL;
44 +import java.util.Collection;
45 +import java.util.Enumeration;
46 +
47 +import static com.google.common.base.Preconditions.checkNotNull;
48 +import static org.onosproject.security.AppGuard.checkPermission;
49 +import static org.onosproject.security.AppPermission.Type.CLUSTER_READ;
50 +import static org.slf4j.LoggerFactory.getLogger;
51 +
50 /** 52 /**
51 * Implementation of ClusterMetadataService. 53 * Implementation of ClusterMetadataService.
52 */ 54 */
...@@ -77,6 +79,7 @@ public class ClusterMetadataManager ...@@ -77,6 +79,7 @@ public class ClusterMetadataManager
77 79
78 @Override 80 @Override
79 public ClusterMetadata getClusterMetadata() { 81 public ClusterMetadata getClusterMetadata() {
82 + checkPermission(CLUSTER_READ);
80 Versioned<ClusterMetadata> metadata = getProvider().getClusterMetadata(); 83 Versioned<ClusterMetadata> metadata = getProvider().getClusterMetadata();
81 return metadata.value(); 84 return metadata.value();
82 } 85 }
...@@ -85,11 +88,13 @@ public class ClusterMetadataManager ...@@ -85,11 +88,13 @@ public class ClusterMetadataManager
85 @Override 88 @Override
86 protected ClusterMetadataProviderService createProviderService( 89 protected ClusterMetadataProviderService createProviderService(
87 ClusterMetadataProvider provider) { 90 ClusterMetadataProvider provider) {
91 + checkPermission(CLUSTER_READ);
88 return new InternalClusterMetadataProviderService(provider); 92 return new InternalClusterMetadataProviderService(provider);
89 } 93 }
90 94
91 @Override 95 @Override
92 public ControllerNode getLocalNode() { 96 public ControllerNode getLocalNode() {
97 + checkPermission(CLUSTER_READ);
93 if (localNode == null) { 98 if (localNode == null) {
94 establishSelfIdentity(); 99 establishSelfIdentity();
95 } 100 }
......
...@@ -187,6 +187,7 @@ public class MastershipManager ...@@ -187,6 +187,7 @@ public class MastershipManager
187 187
188 @Override 188 @Override
189 public MastershipTerm getMastershipTerm(DeviceId deviceId) { 189 public MastershipTerm getMastershipTerm(DeviceId deviceId) {
190 + checkPermission(CLUSTER_READ);
190 return store.getTermFor(deviceId); 191 return store.getTermFor(deviceId);
191 } 192 }
192 193
......
...@@ -50,8 +50,7 @@ import java.util.Set; ...@@ -50,8 +50,7 @@ import java.util.Set;
50 import static com.google.common.base.Preconditions.checkNotNull; 50 import static com.google.common.base.Preconditions.checkNotNull;
51 import static com.google.common.base.Strings.isNullOrEmpty; 51 import static com.google.common.base.Strings.isNullOrEmpty;
52 import static org.onosproject.security.AppGuard.checkPermission; 52 import static org.onosproject.security.AppGuard.checkPermission;
53 -import static org.onosproject.security.AppPermission.Type.APP_READ; 53 +import static org.onosproject.security.AppPermission.Type.*;
54 -
55 54
56 55
57 /** 56 /**
...@@ -149,12 +148,14 @@ public class CoreManager implements CoreService { ...@@ -149,12 +148,14 @@ public class CoreManager implements CoreService {
149 148
150 @Override 149 @Override
151 public ApplicationId registerApplication(String name) { 150 public ApplicationId registerApplication(String name) {
151 + checkPermission(APP_WRITE);
152 checkNotNull(name, "Application ID cannot be null"); 152 checkNotNull(name, "Application ID cannot be null");
153 return applicationIdStore.registerApplication(name); 153 return applicationIdStore.registerApplication(name);
154 } 154 }
155 155
156 @Override 156 @Override
157 public ApplicationId registerApplication(String name, Runnable preDeactivate) { 157 public ApplicationId registerApplication(String name, Runnable preDeactivate) {
158 + checkPermission(APP_WRITE);
158 ApplicationId id = registerApplication(name); 159 ApplicationId id = registerApplication(name);
159 appService.registerDeactivateHook(id, preDeactivate); 160 appService.registerDeactivateHook(id, preDeactivate);
160 return id; 161 return id;
...@@ -162,6 +163,7 @@ public class CoreManager implements CoreService { ...@@ -162,6 +163,7 @@ public class CoreManager implements CoreService {
162 163
163 @Override 164 @Override
164 public IdGenerator getIdGenerator(String topic) { 165 public IdGenerator getIdGenerator(String topic) {
166 + checkPermission(APP_READ);
165 IdBlockAllocator allocator = new StoreBasedIdBlockAllocator(topic, idBlockStore); 167 IdBlockAllocator allocator = new StoreBasedIdBlockAllocator(topic, idBlockStore);
166 return new BlockAllocatorBasedIdGenerator(allocator); 168 return new BlockAllocatorBasedIdGenerator(allocator);
167 } 169 }
......
...@@ -38,6 +38,8 @@ import static java.util.concurrent.Executors.newSingleThreadExecutor; ...@@ -38,6 +38,8 @@ import static java.util.concurrent.Executors.newSingleThreadExecutor;
38 import static org.onlab.util.Tools.groupedThreads; 38 import static org.onlab.util.Tools.groupedThreads;
39 import static org.slf4j.LoggerFactory.getLogger; 39 import static org.slf4j.LoggerFactory.getLogger;
40 40
41 +import static org.onosproject.security.AppGuard.checkPermission;
42 +import static org.onosproject.security.AppPermission.Type.*;
41 /** 43 /**
42 * Simple implementation of an event dispatching service. 44 * Simple implementation of an event dispatching service.
43 */ 45 */
...@@ -96,6 +98,7 @@ public class CoreEventDispatcher extends DefaultEventSinkRegistry ...@@ -96,6 +98,7 @@ public class CoreEventDispatcher extends DefaultEventSinkRegistry
96 98
97 @Override 99 @Override
98 public void setDispatchTimeLimit(long millis) { 100 public void setDispatchTimeLimit(long millis) {
101 + checkPermission(EVENT_WRITE);
99 checkArgument(millis >= WATCHDOG_MS, 102 checkArgument(millis >= WATCHDOG_MS,
100 "Time limit must be greater than %s", WATCHDOG_MS); 103 "Time limit must be greater than %s", WATCHDOG_MS);
101 maxProcessMillis = millis; 104 maxProcessMillis = millis;
...@@ -103,6 +106,7 @@ public class CoreEventDispatcher extends DefaultEventSinkRegistry ...@@ -103,6 +106,7 @@ public class CoreEventDispatcher extends DefaultEventSinkRegistry
103 106
104 @Override 107 @Override
105 public long getDispatchTimeLimit() { 108 public long getDispatchTimeLimit() {
109 + checkPermission(EVENT_READ);
106 return maxProcessMillis; 110 return maxProcessMillis;
107 } 111 }
108 112
......
...@@ -42,6 +42,8 @@ import java.util.Objects; ...@@ -42,6 +42,8 @@ import java.util.Objects;
42 import java.util.Set; 42 import java.util.Set;
43 43
44 import static com.google.common.base.Preconditions.checkNotNull; 44 import static com.google.common.base.Preconditions.checkNotNull;
45 +import static org.onosproject.security.AppGuard.checkPermission;
46 +import static org.onosproject.security.AppPermission.Type.*;
45 47
46 /** 48 /**
47 * Implementation of the network configuration subsystem. 49 * Implementation of the network configuration subsystem.
...@@ -142,6 +144,7 @@ public class NetworkConfigManager ...@@ -142,6 +144,7 @@ public class NetworkConfigManager
142 144
143 @Override 145 @Override
144 public Set<Class> getSubjectClasses() { 146 public Set<Class> getSubjectClasses() {
147 + checkPermission(CONFIG_READ);
145 ImmutableSet.Builder<Class> builder = ImmutableSet.builder(); 148 ImmutableSet.Builder<Class> builder = ImmutableSet.builder();
146 factories.forEach((k, v) -> builder.add(k.subjectClass)); 149 factories.forEach((k, v) -> builder.add(k.subjectClass));
147 return builder.build(); 150 return builder.build();
...@@ -149,16 +152,19 @@ public class NetworkConfigManager ...@@ -149,16 +152,19 @@ public class NetworkConfigManager
149 152
150 @Override 153 @Override
151 public SubjectFactory getSubjectFactory(String subjectClassKey) { 154 public SubjectFactory getSubjectFactory(String subjectClassKey) {
155 + checkPermission(CONFIG_READ);
152 return subjectClasses.get(subjectClassKey); 156 return subjectClasses.get(subjectClassKey);
153 } 157 }
154 158
155 @Override 159 @Override
156 public SubjectFactory getSubjectFactory(Class subjectClass) { 160 public SubjectFactory getSubjectFactory(Class subjectClass) {
161 + checkPermission(CONFIG_READ);
157 return subjectClassKeys.get(subjectClass); 162 return subjectClassKeys.get(subjectClass);
158 } 163 }
159 164
160 @Override 165 @Override
161 public Class<? extends Config> getConfigClass(String subjectClassKey, String configKey) { 166 public Class<? extends Config> getConfigClass(String subjectClassKey, String configKey) {
167 + checkPermission(CONFIG_READ);
162 checkNotNull(subjectClassKey, NULL_SCKEY_MSG); 168 checkNotNull(subjectClassKey, NULL_SCKEY_MSG);
163 checkNotNull(configKey, NULL_CKEY_MSG); 169 checkNotNull(configKey, NULL_CKEY_MSG);
164 return configClasses.get(new ConfigIdentifier(subjectClassKey, configKey)); 170 return configClasses.get(new ConfigIdentifier(subjectClassKey, configKey));
...@@ -166,12 +172,14 @@ public class NetworkConfigManager ...@@ -166,12 +172,14 @@ public class NetworkConfigManager
166 172
167 @Override 173 @Override
168 public <S> Set<S> getSubjects(Class<S> subjectClass) { 174 public <S> Set<S> getSubjects(Class<S> subjectClass) {
175 + checkPermission(CONFIG_READ);
169 checkNotNull(subjectClass, NULL_SCLASS_MSG); 176 checkNotNull(subjectClass, NULL_SCLASS_MSG);
170 return store.getSubjects(subjectClass); 177 return store.getSubjects(subjectClass);
171 } 178 }
172 179
173 @Override 180 @Override
174 public <S, C extends Config<S>> Set<S> getSubjects(Class<S> subjectClass, Class<C> configClass) { 181 public <S, C extends Config<S>> Set<S> getSubjects(Class<S> subjectClass, Class<C> configClass) {
182 + checkPermission(CONFIG_READ);
175 checkNotNull(subjectClass, NULL_SCLASS_MSG); 183 checkNotNull(subjectClass, NULL_SCLASS_MSG);
176 checkNotNull(configClass, NULL_CCLASS_MSG); 184 checkNotNull(configClass, NULL_CCLASS_MSG);
177 return store.getSubjects(subjectClass, configClass); 185 return store.getSubjects(subjectClass, configClass);
...@@ -179,6 +187,7 @@ public class NetworkConfigManager ...@@ -179,6 +187,7 @@ public class NetworkConfigManager
179 187
180 @Override 188 @Override
181 public <S> Set<Config<S>> getConfigs(S subject) { 189 public <S> Set<Config<S>> getConfigs(S subject) {
190 + checkPermission(CONFIG_READ);
182 checkNotNull(subject, NULL_SUBJECT_MSG); 191 checkNotNull(subject, NULL_SUBJECT_MSG);
183 Set<Class<? extends Config<S>>> configClasses = store.getConfigClasses(subject); 192 Set<Class<? extends Config<S>>> configClasses = store.getConfigClasses(subject);
184 ImmutableSet.Builder<Config<S>> cfg = ImmutableSet.builder(); 193 ImmutableSet.Builder<Config<S>> cfg = ImmutableSet.builder();
...@@ -188,6 +197,7 @@ public class NetworkConfigManager ...@@ -188,6 +197,7 @@ public class NetworkConfigManager
188 197
189 @Override 198 @Override
190 public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) { 199 public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) {
200 + checkPermission(CONFIG_READ);
191 checkNotNull(subject, NULL_SUBJECT_MSG); 201 checkNotNull(subject, NULL_SUBJECT_MSG);
192 checkNotNull(configClass, NULL_CCLASS_MSG); 202 checkNotNull(configClass, NULL_CCLASS_MSG);
193 return store.getConfig(subject, configClass); 203 return store.getConfig(subject, configClass);
...@@ -196,6 +206,7 @@ public class NetworkConfigManager ...@@ -196,6 +206,7 @@ public class NetworkConfigManager
196 206
197 @Override 207 @Override
198 public <S, C extends Config<S>> C addConfig(S subject, Class<C> configClass) { 208 public <S, C extends Config<S>> C addConfig(S subject, Class<C> configClass) {
209 + checkPermission(CONFIG_WRITE);
199 checkNotNull(subject, NULL_SUBJECT_MSG); 210 checkNotNull(subject, NULL_SUBJECT_MSG);
200 checkNotNull(configClass, NULL_CCLASS_MSG); 211 checkNotNull(configClass, NULL_CCLASS_MSG);
201 return store.createConfig(subject, configClass); 212 return store.createConfig(subject, configClass);
...@@ -203,6 +214,7 @@ public class NetworkConfigManager ...@@ -203,6 +214,7 @@ public class NetworkConfigManager
203 214
204 @Override 215 @Override
205 public <S, C extends Config<S>> C applyConfig(S subject, Class<C> configClass, JsonNode json) { 216 public <S, C extends Config<S>> C applyConfig(S subject, Class<C> configClass, JsonNode json) {
217 + checkPermission(CONFIG_WRITE);
206 checkNotNull(subject, NULL_SUBJECT_MSG); 218 checkNotNull(subject, NULL_SUBJECT_MSG);
207 checkNotNull(configClass, NULL_CCLASS_MSG); 219 checkNotNull(configClass, NULL_CCLASS_MSG);
208 checkNotNull(json, NULL_JSON_MSG); 220 checkNotNull(json, NULL_JSON_MSG);
...@@ -213,6 +225,7 @@ public class NetworkConfigManager ...@@ -213,6 +225,7 @@ public class NetworkConfigManager
213 @SuppressWarnings("unchecked") 225 @SuppressWarnings("unchecked")
214 public <S, C extends Config<S>> C applyConfig(String subjectClassKey, S subject, 226 public <S, C extends Config<S>> C applyConfig(String subjectClassKey, S subject,
215 String configKey, JsonNode json) { 227 String configKey, JsonNode json) {
228 + checkPermission(CONFIG_WRITE);
216 checkNotNull(subjectClassKey, NULL_SCKEY_MSG); 229 checkNotNull(subjectClassKey, NULL_SCKEY_MSG);
217 checkNotNull(subject, NULL_SUBJECT_MSG); 230 checkNotNull(subject, NULL_SUBJECT_MSG);
218 checkNotNull(configKey, NULL_CKEY_MSG); 231 checkNotNull(configKey, NULL_CKEY_MSG);
...@@ -229,6 +242,7 @@ public class NetworkConfigManager ...@@ -229,6 +242,7 @@ public class NetworkConfigManager
229 242
230 @Override 243 @Override
231 public <S, C extends Config<S>> void removeConfig(S subject, Class<C> configClass) { 244 public <S, C extends Config<S>> void removeConfig(S subject, Class<C> configClass) {
245 + checkPermission(CONFIG_WRITE);
232 checkNotNull(subject, NULL_SUBJECT_MSG); 246 checkNotNull(subject, NULL_SUBJECT_MSG);
233 checkNotNull(configClass, NULL_CCLASS_MSG); 247 checkNotNull(configClass, NULL_CCLASS_MSG);
234 store.clearConfig(subject, configClass); 248 store.clearConfig(subject, configClass);
......
...@@ -56,6 +56,8 @@ import static org.onosproject.net.device.DeviceEvent.Type.*; ...@@ -56,6 +56,8 @@ import static org.onosproject.net.device.DeviceEvent.Type.*;
56 import static org.onosproject.net.edge.EdgePortEvent.Type.EDGE_PORT_ADDED; 56 import static org.onosproject.net.edge.EdgePortEvent.Type.EDGE_PORT_ADDED;
57 import static org.onosproject.net.edge.EdgePortEvent.Type.EDGE_PORT_REMOVED; 57 import static org.onosproject.net.edge.EdgePortEvent.Type.EDGE_PORT_REMOVED;
58 import static org.slf4j.LoggerFactory.getLogger; 58 import static org.slf4j.LoggerFactory.getLogger;
59 +import static org.onosproject.security.AppGuard.checkPermission;
60 +import static org.onosproject.security.AppPermission.Type.*;
59 61
60 /** 62 /**
61 * This is an implementation of the edge net service. 63 * This is an implementation of the edge net service.
...@@ -107,11 +109,13 @@ public class EdgeManager ...@@ -107,11 +109,13 @@ public class EdgeManager
107 109
108 @Override 110 @Override
109 public boolean isEdgePoint(ConnectPoint point) { 111 public boolean isEdgePoint(ConnectPoint point) {
112 + checkPermission(TOPOLOGY_READ);
110 return !topologyService.isInfrastructure(topologyService.currentTopology(), point); 113 return !topologyService.isInfrastructure(topologyService.currentTopology(), point);
111 } 114 }
112 115
113 @Override 116 @Override
114 public Iterable<ConnectPoint> getEdgePoints() { 117 public Iterable<ConnectPoint> getEdgePoints() {
118 + checkPermission(TOPOLOGY_READ);
115 ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder(); 119 ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder();
116 connectionPoints.forEach((k, v) -> v.forEach(builder::add)); 120 connectionPoints.forEach((k, v) -> v.forEach(builder::add));
117 return builder.build(); 121 return builder.build();
...@@ -119,6 +123,7 @@ public class EdgeManager ...@@ -119,6 +123,7 @@ public class EdgeManager
119 123
120 @Override 124 @Override
121 public Iterable<ConnectPoint> getEdgePoints(DeviceId deviceId) { 125 public Iterable<ConnectPoint> getEdgePoints(DeviceId deviceId) {
126 + checkPermission(TOPOLOGY_READ);
122 ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder(); 127 ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder();
123 Set<ConnectPoint> set = connectionPoints.get(deviceId); 128 Set<ConnectPoint> set = connectionPoints.get(deviceId);
124 if (set != null) { 129 if (set != null) {
...@@ -129,6 +134,7 @@ public class EdgeManager ...@@ -129,6 +134,7 @@ public class EdgeManager
129 134
130 @Override 135 @Override
131 public void emitPacket(ByteBuffer data, Optional<TrafficTreatment> treatment) { 136 public void emitPacket(ByteBuffer data, Optional<TrafficTreatment> treatment) {
137 + checkPermission(PACKET_WRITE);
132 TrafficTreatment.Builder builder = treatment.map(DefaultTrafficTreatment::builder) 138 TrafficTreatment.Builder builder = treatment.map(DefaultTrafficTreatment::builder)
133 .orElse(DefaultTrafficTreatment.builder()); 139 .orElse(DefaultTrafficTreatment.builder());
134 getEdgePoints().forEach(p -> packetService.emit(packet(builder, p, data))); 140 getEdgePoints().forEach(p -> packetService.emit(packet(builder, p, data)));
......
...@@ -272,6 +272,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -272,6 +272,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
272 272
273 @Override 273 @Override
274 public void initPolicy(String policy) { 274 public void initPolicy(String policy) {
275 + checkPermission(FLOWRULE_WRITE);
275 this.policy = policy; 276 this.policy = policy;
276 deviceService.getDevices().forEach(device -> 277 deviceService.getDevices().forEach(device ->
277 this.deviceCompositionTreeMap.put(device.id(), FlowObjectiveCompositionUtil.parsePolicyString(policy))); 278 this.deviceCompositionTreeMap.put(device.id(), FlowObjectiveCompositionUtil.parsePolicyString(policy)));
......
...@@ -282,16 +282,19 @@ public class IntentManager ...@@ -282,16 +282,19 @@ public class IntentManager
282 282
283 @Override 283 @Override
284 public <T extends Intent> void registerCompiler(Class<T> cls, IntentCompiler<T> compiler) { 284 public <T extends Intent> void registerCompiler(Class<T> cls, IntentCompiler<T> compiler) {
285 + checkPermission(INTENT_WRITE);
285 compilerRegistry.registerCompiler(cls, compiler); 286 compilerRegistry.registerCompiler(cls, compiler);
286 } 287 }
287 288
288 @Override 289 @Override
289 public <T extends Intent> void unregisterCompiler(Class<T> cls) { 290 public <T extends Intent> void unregisterCompiler(Class<T> cls) {
291 + checkPermission(INTENT_WRITE);
290 compilerRegistry.unregisterCompiler(cls); 292 compilerRegistry.unregisterCompiler(cls);
291 } 293 }
292 294
293 @Override 295 @Override
294 public Map<Class<? extends Intent>, IntentCompiler<? extends Intent>> getCompilers() { 296 public Map<Class<? extends Intent>, IntentCompiler<? extends Intent>> getCompilers() {
297 + checkPermission(INTENT_READ);
295 return compilerRegistry.getCompilers(); 298 return compilerRegistry.getCompilers();
296 } 299 }
297 300
......
...@@ -38,7 +38,6 @@ import java.util.Collection; ...@@ -38,7 +38,6 @@ import java.util.Collection;
38 import static com.google.common.base.Preconditions.checkNotNull; 38 import static com.google.common.base.Preconditions.checkNotNull;
39 import static org.onosproject.security.AppGuard.checkPermission; 39 import static org.onosproject.security.AppGuard.checkPermission;
40 import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_READ; 40 import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_READ;
41 -import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_WRITE;
42 import static org.slf4j.LoggerFactory.getLogger; 41 import static org.slf4j.LoggerFactory.getLogger;
43 42
44 /** 43 /**
...@@ -72,14 +71,12 @@ public class DeviceKeyManager extends AbstractListenerManager<DeviceKeyEvent, De ...@@ -72,14 +71,12 @@ public class DeviceKeyManager extends AbstractListenerManager<DeviceKeyEvent, De
72 71
73 @Override 72 @Override
74 public void addKey(DeviceKey deviceKey) { 73 public void addKey(DeviceKey deviceKey) {
75 - checkPermission(DEVICE_KEY_WRITE);
76 checkNotNull(deviceKey, "Device key cannot be null"); 74 checkNotNull(deviceKey, "Device key cannot be null");
77 store.createOrUpdateDeviceKey(deviceKey); 75 store.createOrUpdateDeviceKey(deviceKey);
78 } 76 }
79 77
80 @Override 78 @Override
81 public void removeKey(DeviceKeyId deviceKeyId) { 79 public void removeKey(DeviceKeyId deviceKeyId) {
82 - checkPermission(DEVICE_KEY_WRITE);
83 checkNotNull(deviceKeyId, "Device key identifier cannot be null"); 80 checkNotNull(deviceKeyId, "Device key identifier cannot be null");
84 store.deleteDeviceKey(deviceKeyId); 81 store.deleteDeviceKey(deviceKeyId);
85 } 82 }
......
...@@ -45,6 +45,9 @@ import java.util.Set; ...@@ -45,6 +45,9 @@ import java.util.Set;
45 import java.util.stream.Collectors; 45 import java.util.stream.Collectors;
46 46
47 import static com.google.common.base.Preconditions.checkNotNull; 47 import static com.google.common.base.Preconditions.checkNotNull;
48 +import static org.onosproject.security.AppGuard.checkPermission;
49 +import static org.onosproject.security.AppPermission.Type.RESOURCE_WRITE;
50 +import static org.onosproject.security.AppPermission.Type.RESOURCE_READ;
48 import static org.slf4j.LoggerFactory.getLogger; 51 import static org.slf4j.LoggerFactory.getLogger;
49 52
50 /** 53 /**
...@@ -82,6 +85,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -82,6 +85,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
82 @Override 85 @Override
83 public List<ResourceAllocation> allocate(ResourceConsumer consumer, 86 public List<ResourceAllocation> allocate(ResourceConsumer consumer,
84 List<Resource> resources) { 87 List<Resource> resources) {
88 + checkPermission(RESOURCE_WRITE);
85 checkNotNull(consumer); 89 checkNotNull(consumer);
86 checkNotNull(resources); 90 checkNotNull(resources);
87 91
...@@ -97,6 +101,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -97,6 +101,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
97 101
98 @Override 102 @Override
99 public boolean release(List<ResourceAllocation> allocations) { 103 public boolean release(List<ResourceAllocation> allocations) {
104 + checkPermission(RESOURCE_WRITE);
100 checkNotNull(allocations); 105 checkNotNull(allocations);
101 106
102 return store.release(allocations); 107 return store.release(allocations);
...@@ -112,6 +117,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -112,6 +117,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
112 117
113 @Override 118 @Override
114 public List<ResourceAllocation> getResourceAllocations(ResourceId id) { 119 public List<ResourceAllocation> getResourceAllocations(ResourceId id) {
120 + checkPermission(RESOURCE_READ);
115 checkNotNull(id); 121 checkNotNull(id);
116 122
117 return store.getResourceAllocations(id); 123 return store.getResourceAllocations(id);
...@@ -119,6 +125,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -119,6 +125,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
119 125
120 @Override 126 @Override
121 public <T> Collection<ResourceAllocation> getResourceAllocations(DiscreteResourceId parent, Class<T> cls) { 127 public <T> Collection<ResourceAllocation> getResourceAllocations(DiscreteResourceId parent, Class<T> cls) {
128 + checkPermission(RESOURCE_READ);
122 checkNotNull(parent); 129 checkNotNull(parent);
123 checkNotNull(cls); 130 checkNotNull(cls);
124 131
...@@ -131,6 +138,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -131,6 +138,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
131 138
132 @Override 139 @Override
133 public Collection<ResourceAllocation> getResourceAllocations(ResourceConsumer consumer) { 140 public Collection<ResourceAllocation> getResourceAllocations(ResourceConsumer consumer) {
141 + checkPermission(RESOURCE_READ);
134 checkNotNull(consumer); 142 checkNotNull(consumer);
135 143
136 Collection<Resource> resources = store.getResources(consumer); 144 Collection<Resource> resources = store.getResources(consumer);
...@@ -141,6 +149,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -141,6 +149,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
141 149
142 @Override 150 @Override
143 public Set<Resource> getAvailableResources(DiscreteResourceId parent) { 151 public Set<Resource> getAvailableResources(DiscreteResourceId parent) {
152 + checkPermission(RESOURCE_READ);
144 checkNotNull(parent); 153 checkNotNull(parent);
145 154
146 Set<Resource> children = store.getChildResources(parent); 155 Set<Resource> children = store.getChildResources(parent);
...@@ -152,6 +161,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -152,6 +161,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
152 161
153 @Override 162 @Override
154 public <T> Set<Resource> getAvailableResources(DiscreteResourceId parent, Class<T> cls) { 163 public <T> Set<Resource> getAvailableResources(DiscreteResourceId parent, Class<T> cls) {
164 + checkPermission(RESOURCE_READ);
155 checkNotNull(parent); 165 checkNotNull(parent);
156 checkNotNull(cls); 166 checkNotNull(cls);
157 167
...@@ -163,6 +173,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -163,6 +173,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
163 173
164 @Override 174 @Override
165 public <T> Set<T> getAvailableResourceValues(DiscreteResourceId parent, Class<T> cls) { 175 public <T> Set<T> getAvailableResourceValues(DiscreteResourceId parent, Class<T> cls) {
176 + checkPermission(RESOURCE_READ);
166 checkNotNull(parent); 177 checkNotNull(parent);
167 checkNotNull(cls); 178 checkNotNull(cls);
168 179
...@@ -174,6 +185,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -174,6 +185,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
174 185
175 @Override 186 @Override
176 public Set<Resource> getRegisteredResources(DiscreteResourceId parent) { 187 public Set<Resource> getRegisteredResources(DiscreteResourceId parent) {
188 + checkPermission(RESOURCE_READ);
177 checkNotNull(parent); 189 checkNotNull(parent);
178 190
179 return store.getChildResources(parent); 191 return store.getChildResources(parent);
...@@ -181,6 +193,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -181,6 +193,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
181 193
182 @Override 194 @Override
183 public boolean isAvailable(Resource resource) { 195 public boolean isAvailable(Resource resource) {
196 + checkPermission(RESOURCE_READ);
184 checkNotNull(resource); 197 checkNotNull(resource);
185 198
186 return store.isAvailable(resource); 199 return store.isAvailable(resource);
......
...@@ -175,6 +175,7 @@ public class PacketManager ...@@ -175,6 +175,7 @@ public class PacketManager
175 175
176 @Override 176 @Override
177 public List<PacketProcessorEntry> getProcessors() { 177 public List<PacketProcessorEntry> getProcessors() {
178 + checkPermission(PACKET_READ);
178 return ImmutableList.copyOf(processors); 179 return ImmutableList.copyOf(processors);
179 } 180 }
180 181
...@@ -233,6 +234,7 @@ public class PacketManager ...@@ -233,6 +234,7 @@ public class PacketManager
233 234
234 @Override 235 @Override
235 public List<PacketRequest> getRequests() { 236 public List<PacketRequest> getRequests() {
237 + checkPermission(PACKET_READ);
236 return store.existingRequests(); 238 return store.existingRequests();
237 } 239 }
238 240
......
...@@ -43,6 +43,8 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -43,6 +43,8 @@ import static com.google.common.base.Preconditions.checkNotNull;
43 import static com.google.common.base.Preconditions.checkState; 43 import static com.google.common.base.Preconditions.checkState;
44 import static com.google.common.collect.ImmutableList.of; 44 import static com.google.common.collect.ImmutableList.of;
45 import static org.slf4j.LoggerFactory.getLogger; 45 import static org.slf4j.LoggerFactory.getLogger;
46 +import static org.onosproject.security.AppGuard.checkPermission;
47 +import static org.onosproject.security.AppPermission.Type.REGION_READ;
46 48
47 /** 49 /**
48 * Provides implementation of the region service APIs. 50 * Provides implementation of the region service APIs.
...@@ -122,23 +124,27 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi ...@@ -122,23 +124,27 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi
122 124
123 @Override 125 @Override
124 public Set<Region> getRegions() { 126 public Set<Region> getRegions() {
127 + checkPermission(REGION_READ);
125 return store.getRegions(); 128 return store.getRegions();
126 } 129 }
127 130
128 @Override 131 @Override
129 public Region getRegion(RegionId regionId) { 132 public Region getRegion(RegionId regionId) {
133 + checkPermission(REGION_READ);
130 checkNotNull(regionId, REGION_ID_NULL); 134 checkNotNull(regionId, REGION_ID_NULL);
131 return store.getRegion(regionId); 135 return store.getRegion(regionId);
132 } 136 }
133 137
134 @Override 138 @Override
135 public Region getRegionForDevice(DeviceId deviceId) { 139 public Region getRegionForDevice(DeviceId deviceId) {
140 + checkPermission(REGION_READ);
136 checkNotNull(deviceId, DEVICE_ID_NULL); 141 checkNotNull(deviceId, DEVICE_ID_NULL);
137 return store.getRegionForDevice(deviceId); 142 return store.getRegionForDevice(deviceId);
138 } 143 }
139 144
140 @Override 145 @Override
141 public Set<DeviceId> getRegionDevices(RegionId regionId) { 146 public Set<DeviceId> getRegionDevices(RegionId regionId) {
147 + checkPermission(REGION_READ);
142 checkNotNull(regionId, REGION_ID_NULL); 148 checkNotNull(regionId, REGION_ID_NULL);
143 return store.getRegionDevices(regionId); 149 return store.getRegionDevices(regionId);
144 } 150 }
......
...@@ -134,11 +134,13 @@ public class PathManager implements PathService { ...@@ -134,11 +134,13 @@ public class PathManager implements PathService {
134 134
135 @Override 135 @Override
136 public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst) { 136 public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst) {
137 + checkPermission(TOPOLOGY_READ);
137 return getDisjointPaths(src, dst, (LinkWeight) null); 138 return getDisjointPaths(src, dst, (LinkWeight) null);
138 } 139 }
139 140
140 @Override 141 @Override
141 public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, LinkWeight weight) { 142 public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, LinkWeight weight) {
143 + checkPermission(TOPOLOGY_READ);
142 checkNotNull(src, ELEMENT_ID_NULL); 144 checkNotNull(src, ELEMENT_ID_NULL);
143 checkNotNull(dst, ELEMENT_ID_NULL); 145 checkNotNull(dst, ELEMENT_ID_NULL);
144 146
...@@ -173,12 +175,14 @@ public class PathManager implements PathService { ...@@ -173,12 +175,14 @@ public class PathManager implements PathService {
173 @Override 175 @Override
174 public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, 176 public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst,
175 Map<Link, Object> riskProfile) { 177 Map<Link, Object> riskProfile) {
178 + checkPermission(TOPOLOGY_READ);
176 return getDisjointPaths(src, dst, null, riskProfile); 179 return getDisjointPaths(src, dst, null, riskProfile);
177 } 180 }
178 181
179 @Override 182 @Override
180 public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, LinkWeight weight, 183 public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, LinkWeight weight,
181 Map<Link, Object> riskProfile) { 184 Map<Link, Object> riskProfile) {
185 + checkPermission(TOPOLOGY_READ);
182 checkNotNull(src, ELEMENT_ID_NULL); 186 checkNotNull(src, ELEMENT_ID_NULL);
183 checkNotNull(dst, ELEMENT_ID_NULL); 187 checkNotNull(dst, ELEMENT_ID_NULL);
184 188
......
...@@ -166,6 +166,7 @@ public class TopologyManager ...@@ -166,6 +166,7 @@ public class TopologyManager
166 166
167 @Override 167 @Override
168 public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, DeviceId dst) { 168 public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, DeviceId dst) {
169 + checkPermission(TOPOLOGY_READ);
169 checkNotNull(topology, TOPOLOGY_NULL); 170 checkNotNull(topology, TOPOLOGY_NULL);
170 checkNotNull(src, DEVICE_ID_NULL); 171 checkNotNull(src, DEVICE_ID_NULL);
171 checkNotNull(dst, DEVICE_ID_NULL); 172 checkNotNull(dst, DEVICE_ID_NULL);
...@@ -175,6 +176,7 @@ public class TopologyManager ...@@ -175,6 +176,7 @@ public class TopologyManager
175 @Override 176 @Override
176 public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, 177 public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src,
177 DeviceId dst, LinkWeight weight) { 178 DeviceId dst, LinkWeight weight) {
179 + checkPermission(TOPOLOGY_READ);
178 checkNotNull(topology, TOPOLOGY_NULL); 180 checkNotNull(topology, TOPOLOGY_NULL);
179 checkNotNull(src, DEVICE_ID_NULL); 181 checkNotNull(src, DEVICE_ID_NULL);
180 checkNotNull(dst, DEVICE_ID_NULL); 182 checkNotNull(dst, DEVICE_ID_NULL);
...@@ -185,6 +187,7 @@ public class TopologyManager ...@@ -185,6 +187,7 @@ public class TopologyManager
185 @Override 187 @Override
186 public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, DeviceId dst, 188 public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, DeviceId dst,
187 Map<Link, Object> riskProfile) { 189 Map<Link, Object> riskProfile) {
190 + checkPermission(TOPOLOGY_READ);
188 checkNotNull(topology, TOPOLOGY_NULL); 191 checkNotNull(topology, TOPOLOGY_NULL);
189 checkNotNull(src, DEVICE_ID_NULL); 192 checkNotNull(src, DEVICE_ID_NULL);
190 checkNotNull(dst, DEVICE_ID_NULL); 193 checkNotNull(dst, DEVICE_ID_NULL);
...@@ -195,6 +198,7 @@ public class TopologyManager ...@@ -195,6 +198,7 @@ public class TopologyManager
195 public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, 198 public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src,
196 DeviceId dst, LinkWeight weight, 199 DeviceId dst, LinkWeight weight,
197 Map<Link, Object> riskProfile) { 200 Map<Link, Object> riskProfile) {
201 + checkPermission(TOPOLOGY_READ);
198 checkNotNull(topology, TOPOLOGY_NULL); 202 checkNotNull(topology, TOPOLOGY_NULL);
199 checkNotNull(src, DEVICE_ID_NULL); 203 checkNotNull(src, DEVICE_ID_NULL);
200 checkNotNull(dst, DEVICE_ID_NULL); 204 checkNotNull(dst, DEVICE_ID_NULL);
......
...@@ -50,6 +50,8 @@ import java.util.stream.Collectors; ...@@ -50,6 +50,8 @@ import java.util.stream.Collectors;
50 50
51 import static com.google.common.base.Preconditions.checkArgument; 51 import static com.google.common.base.Preconditions.checkArgument;
52 import static com.google.common.base.Preconditions.checkNotNull; 52 import static com.google.common.base.Preconditions.checkNotNull;
53 +import static org.onosproject.security.AppGuard.checkPermission;
54 +import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
53 55
54 @Component(immediate = true) 56 @Component(immediate = true)
55 @Service 57 @Service
...@@ -94,6 +96,7 @@ public class ClusterCommunicationManager ...@@ -94,6 +96,7 @@ public class ClusterCommunicationManager
94 public <M> void broadcast(M message, 96 public <M> void broadcast(M message,
95 MessageSubject subject, 97 MessageSubject subject,
96 Function<M, byte[]> encoder) { 98 Function<M, byte[]> encoder) {
99 + checkPermission(CLUSTER_WRITE);
97 multicast(message, 100 multicast(message,
98 subject, 101 subject,
99 encoder, 102 encoder,
...@@ -108,6 +111,7 @@ public class ClusterCommunicationManager ...@@ -108,6 +111,7 @@ public class ClusterCommunicationManager
108 public <M> void broadcastIncludeSelf(M message, 111 public <M> void broadcastIncludeSelf(M message,
109 MessageSubject subject, 112 MessageSubject subject,
110 Function<M, byte[]> encoder) { 113 Function<M, byte[]> encoder) {
114 + checkPermission(CLUSTER_WRITE);
111 multicast(message, 115 multicast(message,
112 subject, 116 subject,
113 encoder, 117 encoder,
...@@ -122,6 +126,7 @@ public class ClusterCommunicationManager ...@@ -122,6 +126,7 @@ public class ClusterCommunicationManager
122 MessageSubject subject, 126 MessageSubject subject,
123 Function<M, byte[]> encoder, 127 Function<M, byte[]> encoder,
124 NodeId toNodeId) { 128 NodeId toNodeId) {
129 + checkPermission(CLUSTER_WRITE);
125 try { 130 try {
126 byte[] payload = new ClusterMessage( 131 byte[] payload = new ClusterMessage(
127 localNodeId, 132 localNodeId,
...@@ -139,6 +144,7 @@ public class ClusterCommunicationManager ...@@ -139,6 +144,7 @@ public class ClusterCommunicationManager
139 MessageSubject subject, 144 MessageSubject subject,
140 Function<M, byte[]> encoder, 145 Function<M, byte[]> encoder,
141 Set<NodeId> nodes) { 146 Set<NodeId> nodes) {
147 + checkPermission(CLUSTER_WRITE);
142 byte[] payload = new ClusterMessage( 148 byte[] payload = new ClusterMessage(
143 localNodeId, 149 localNodeId,
144 subject, 150 subject,
...@@ -153,6 +159,7 @@ public class ClusterCommunicationManager ...@@ -153,6 +159,7 @@ public class ClusterCommunicationManager
153 Function<M, byte[]> encoder, 159 Function<M, byte[]> encoder,
154 Function<byte[], R> decoder, 160 Function<byte[], R> decoder,
155 NodeId toNodeId) { 161 NodeId toNodeId) {
162 + checkPermission(CLUSTER_WRITE);
156 try { 163 try {
157 ClusterMessage envelope = new ClusterMessage( 164 ClusterMessage envelope = new ClusterMessage(
158 clusterService.getLocalNode().id(), 165 clusterService.getLocalNode().id(),
...@@ -193,6 +200,7 @@ public class ClusterCommunicationManager ...@@ -193,6 +200,7 @@ public class ClusterCommunicationManager
193 public void addSubscriber(MessageSubject subject, 200 public void addSubscriber(MessageSubject subject,
194 ClusterMessageHandler subscriber, 201 ClusterMessageHandler subscriber,
195 ExecutorService executor) { 202 ExecutorService executor) {
203 + checkPermission(CLUSTER_WRITE);
196 messagingService.registerHandler(subject.value(), 204 messagingService.registerHandler(subject.value(),
197 new InternalClusterMessageHandler(subscriber), 205 new InternalClusterMessageHandler(subscriber),
198 executor); 206 executor);
...@@ -200,6 +208,7 @@ public class ClusterCommunicationManager ...@@ -200,6 +208,7 @@ public class ClusterCommunicationManager
200 208
201 @Override 209 @Override
202 public void removeSubscriber(MessageSubject subject) { 210 public void removeSubscriber(MessageSubject subject) {
211 + checkPermission(CLUSTER_WRITE);
203 messagingService.unregisterHandler(subject.value()); 212 messagingService.unregisterHandler(subject.value());
204 } 213 }
205 214
...@@ -209,6 +218,7 @@ public class ClusterCommunicationManager ...@@ -209,6 +218,7 @@ public class ClusterCommunicationManager
209 Function<M, R> handler, 218 Function<M, R> handler,
210 Function<R, byte[]> encoder, 219 Function<R, byte[]> encoder,
211 Executor executor) { 220 Executor executor) {
221 + checkPermission(CLUSTER_WRITE);
212 messagingService.registerHandler(subject.value(), 222 messagingService.registerHandler(subject.value(),
213 new InternalMessageResponder<M, R>(decoder, encoder, m -> { 223 new InternalMessageResponder<M, R>(decoder, encoder, m -> {
214 CompletableFuture<R> responseFuture = new CompletableFuture<>(); 224 CompletableFuture<R> responseFuture = new CompletableFuture<>();
...@@ -228,6 +238,7 @@ public class ClusterCommunicationManager ...@@ -228,6 +238,7 @@ public class ClusterCommunicationManager
228 Function<byte[], M> decoder, 238 Function<byte[], M> decoder,
229 Function<M, CompletableFuture<R>> handler, 239 Function<M, CompletableFuture<R>> handler,
230 Function<R, byte[]> encoder) { 240 Function<R, byte[]> encoder) {
241 + checkPermission(CLUSTER_WRITE);
231 messagingService.registerHandler(subject.value(), 242 messagingService.registerHandler(subject.value(),
232 new InternalMessageResponder<>(decoder, encoder, handler)); 243 new InternalMessageResponder<>(decoder, encoder, handler));
233 } 244 }
...@@ -237,6 +248,7 @@ public class ClusterCommunicationManager ...@@ -237,6 +248,7 @@ public class ClusterCommunicationManager
237 Function<byte[], M> decoder, 248 Function<byte[], M> decoder,
238 Consumer<M> handler, 249 Consumer<M> handler,
239 Executor executor) { 250 Executor executor) {
251 + checkPermission(CLUSTER_WRITE);
240 messagingService.registerHandler(subject.value(), 252 messagingService.registerHandler(subject.value(),
241 new InternalMessageConsumer<>(decoder, handler), 253 new InternalMessageConsumer<>(decoder, handler),
242 executor); 254 executor);
......
...@@ -82,6 +82,9 @@ import java.util.function.BiConsumer; ...@@ -82,6 +82,9 @@ import java.util.function.BiConsumer;
82 import java.util.function.BiFunction; 82 import java.util.function.BiFunction;
83 import java.util.function.Consumer; 83 import java.util.function.Consumer;
84 84
85 +import static org.onosproject.security.AppGuard.checkPermission;
86 +import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
87 +
85 /** 88 /**
86 * Netty based MessagingService. 89 * Netty based MessagingService.
87 */ 90 */
...@@ -213,6 +216,7 @@ public class NettyMessagingManager implements MessagingService { ...@@ -213,6 +216,7 @@ public class NettyMessagingManager implements MessagingService {
213 216
214 @Override 217 @Override
215 public CompletableFuture<Void> sendAsync(Endpoint ep, String type, byte[] payload) { 218 public CompletableFuture<Void> sendAsync(Endpoint ep, String type, byte[] payload) {
219 + checkPermission(CLUSTER_WRITE);
216 InternalMessage message = new InternalMessage(messageIdGenerator.incrementAndGet(), 220 InternalMessage message = new InternalMessage(messageIdGenerator.incrementAndGet(),
217 localEp, 221 localEp,
218 type, 222 type,
...@@ -221,6 +225,7 @@ public class NettyMessagingManager implements MessagingService { ...@@ -221,6 +225,7 @@ public class NettyMessagingManager implements MessagingService {
221 } 225 }
222 226
223 protected CompletableFuture<Void> sendAsync(Endpoint ep, InternalMessage message) { 227 protected CompletableFuture<Void> sendAsync(Endpoint ep, InternalMessage message) {
228 + checkPermission(CLUSTER_WRITE);
224 if (ep.equals(localEp)) { 229 if (ep.equals(localEp)) {
225 try { 230 try {
226 dispatchLocally(message); 231 dispatchLocally(message);
...@@ -247,11 +252,13 @@ public class NettyMessagingManager implements MessagingService { ...@@ -247,11 +252,13 @@ public class NettyMessagingManager implements MessagingService {
247 252
248 @Override 253 @Override
249 public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload) { 254 public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload) {
255 + checkPermission(CLUSTER_WRITE);
250 return sendAndReceive(ep, type, payload, MoreExecutors.directExecutor()); 256 return sendAndReceive(ep, type, payload, MoreExecutors.directExecutor());
251 } 257 }
252 258
253 @Override 259 @Override
254 public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload, Executor executor) { 260 public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload, Executor executor) {
261 + checkPermission(CLUSTER_WRITE);
255 CompletableFuture<byte[]> response = new CompletableFuture<>(); 262 CompletableFuture<byte[]> response = new CompletableFuture<>();
256 Callback callback = new Callback(response, executor); 263 Callback callback = new Callback(response, executor);
257 Long messageId = messageIdGenerator.incrementAndGet(); 264 Long messageId = messageIdGenerator.incrementAndGet();
...@@ -266,11 +273,13 @@ public class NettyMessagingManager implements MessagingService { ...@@ -266,11 +273,13 @@ public class NettyMessagingManager implements MessagingService {
266 273
267 @Override 274 @Override
268 public void registerHandler(String type, BiConsumer<Endpoint, byte[]> handler, Executor executor) { 275 public void registerHandler(String type, BiConsumer<Endpoint, byte[]> handler, Executor executor) {
276 + checkPermission(CLUSTER_WRITE);
269 handlers.put(type, message -> executor.execute(() -> handler.accept(message.sender(), message.payload()))); 277 handlers.put(type, message -> executor.execute(() -> handler.accept(message.sender(), message.payload())));
270 } 278 }
271 279
272 @Override 280 @Override
273 public void registerHandler(String type, BiFunction<Endpoint, byte[], byte[]> handler, Executor executor) { 281 public void registerHandler(String type, BiFunction<Endpoint, byte[], byte[]> handler, Executor executor) {
282 + checkPermission(CLUSTER_WRITE);
274 handlers.put(type, message -> executor.execute(() -> { 283 handlers.put(type, message -> executor.execute(() -> {
275 byte[] responsePayload = null; 284 byte[] responsePayload = null;
276 Status status = Status.OK; 285 Status status = Status.OK;
...@@ -285,6 +294,7 @@ public class NettyMessagingManager implements MessagingService { ...@@ -285,6 +294,7 @@ public class NettyMessagingManager implements MessagingService {
285 294
286 @Override 295 @Override
287 public void registerHandler(String type, BiFunction<Endpoint, byte[], CompletableFuture<byte[]>> handler) { 296 public void registerHandler(String type, BiFunction<Endpoint, byte[], CompletableFuture<byte[]>> handler) {
297 + checkPermission(CLUSTER_WRITE);
288 handlers.put(type, message -> { 298 handlers.put(type, message -> {
289 handler.apply(message.sender(), message.payload()).whenComplete((result, error) -> { 299 handler.apply(message.sender(), message.payload()).whenComplete((result, error) -> {
290 Status status = error == null ? Status.OK : Status.ERROR_HANDLER_EXCEPTION; 300 Status status = error == null ? Status.OK : Status.ERROR_HANDLER_EXCEPTION;
...@@ -295,6 +305,7 @@ public class NettyMessagingManager implements MessagingService { ...@@ -295,6 +305,7 @@ public class NettyMessagingManager implements MessagingService {
295 305
296 @Override 306 @Override
297 public void unregisterHandler(String type) { 307 public void unregisterHandler(String type) {
308 + checkPermission(CLUSTER_WRITE);
298 handlers.remove(type); 309 handlers.remove(type);
299 } 310 }
300 311
......
...@@ -30,6 +30,9 @@ import org.onosproject.store.service.LogicalClockService; ...@@ -30,6 +30,9 @@ import org.onosproject.store.service.LogicalClockService;
30 import org.onosproject.store.service.StorageService; 30 import org.onosproject.store.service.StorageService;
31 import org.slf4j.Logger; 31 import org.slf4j.Logger;
32 32
33 +import static org.onosproject.security.AppGuard.checkPermission;
34 +import static org.onosproject.security.AppPermission.Type.CLOCK_WRITE;
35 +
33 /** 36 /**
34 * LogicalClockService implementation based on a AtomicCounter. 37 * LogicalClockService implementation based on a AtomicCounter.
35 */ 38 */
...@@ -62,6 +65,7 @@ public class LogicalClockManager implements LogicalClockService { ...@@ -62,6 +65,7 @@ public class LogicalClockManager implements LogicalClockService {
62 65
63 @Override 66 @Override
64 public Timestamp getTimestamp() { 67 public Timestamp getTimestamp() {
68 + checkPermission(CLOCK_WRITE);
65 return new LogicalTimestamp(atomicCounter.incrementAndGet()); 69 return new LogicalTimestamp(atomicCounter.incrementAndGet());
66 } 70 }
67 } 71 }
...\ No newline at end of file ...\ No newline at end of file
......
...@@ -36,6 +36,8 @@ import java.util.Set; ...@@ -36,6 +36,8 @@ import java.util.Set;
36 import java.util.Timer; 36 import java.util.Timer;
37 import java.util.TimerTask; 37 import java.util.TimerTask;
38 38
39 +import static org.onosproject.security.AppGuard.checkPermission;
40 +import static org.onosproject.security.AppPermission.Type.PERSISTENCE_WRITE;
39 import static org.slf4j.LoggerFactory.getLogger; 41 import static org.slf4j.LoggerFactory.getLogger;
40 42
41 /** 43 /**
...@@ -122,10 +124,12 @@ public class PersistenceManager implements PersistenceService { ...@@ -122,10 +124,12 @@ public class PersistenceManager implements PersistenceService {
122 } 124 }
123 125
124 public <K, V> PersistentMapBuilder<K, V> persistentMapBuilder() { 126 public <K, V> PersistentMapBuilder<K, V> persistentMapBuilder() {
127 + checkPermission(PERSISTENCE_WRITE);
125 return new DefaultPersistentMapBuilder<>(localDB); 128 return new DefaultPersistentMapBuilder<>(localDB);
126 } 129 }
127 130
128 public <E> PersistentSetBuilder<E> persistentSetBuilder() { 131 public <E> PersistentSetBuilder<E> persistentSetBuilder() {
132 + checkPermission(PERSISTENCE_WRITE);
129 return new DefaultPersistentSetBuilder<>(localDB); 133 return new DefaultPersistentSetBuilder<>(localDB);
130 } 134 }
131 135
......
...@@ -50,7 +50,8 @@ import org.slf4j.Logger; ...@@ -50,7 +50,8 @@ import org.slf4j.Logger;
50 import com.google.common.base.MoreObjects; 50 import com.google.common.base.MoreObjects;
51 import com.google.common.collect.Lists; 51 import com.google.common.collect.Lists;
52 import com.google.common.collect.Maps; 52 import com.google.common.collect.Maps;
53 - 53 +import static org.onosproject.security.AppGuard.checkPermission;
54 +import static org.onosproject.security.AppPermission.Type.MUTEX_WRITE;
54 /** 55 /**
55 * Implementation of a MutexExecutionService. 56 * Implementation of a MutexExecutionService.
56 */ 57 */
...@@ -103,6 +104,7 @@ public class MutexExecutionManager implements MutexExecutionService { ...@@ -103,6 +104,7 @@ public class MutexExecutionManager implements MutexExecutionService {
103 104
104 @Override 105 @Override
105 public CompletableFuture<Void> execute(MutexTask task, String exclusionPath, Executor executor) { 106 public CompletableFuture<Void> execute(MutexTask task, String exclusionPath, Executor executor) {
107 + checkPermission(MUTEX_WRITE);
106 return lock(exclusionPath) 108 return lock(exclusionPath)
107 .thenApply(state -> activeTasks.computeIfAbsent(exclusionPath, 109 .thenApply(state -> activeTasks.computeIfAbsent(exclusionPath,
108 k -> new InnerMutexTask(exclusionPath, 110 k -> new InnerMutexTask(exclusionPath,
......
...@@ -55,6 +55,9 @@ import org.slf4j.Logger; ...@@ -55,6 +55,9 @@ import org.slf4j.Logger;
55 import com.google.common.collect.ImmutableSet; 55 import com.google.common.collect.ImmutableSet;
56 import com.google.common.collect.Maps; 56 import com.google.common.collect.Maps;
57 57
58 +import static org.onosproject.security.AppGuard.checkPermission;
59 +import static org.onosproject.security.AppPermission.Type.PARTITION_READ;
60 +
58 /** 61 /**
59 * Implementation of {@code PartitionService} and {@code PartitionAdminService}. 62 * Implementation of {@code PartitionService} and {@code PartitionAdminService}.
60 */ 63 */
...@@ -116,27 +119,32 @@ public class PartitionManager extends AbstractListenerManager<PartitionEvent, Pa ...@@ -116,27 +119,32 @@ public class PartitionManager extends AbstractListenerManager<PartitionEvent, Pa
116 119
117 @Override 120 @Override
118 public int getNumberOfPartitions() { 121 public int getNumberOfPartitions() {
122 + checkPermission(PARTITION_READ);
119 return partitions.size(); 123 return partitions.size();
120 } 124 }
121 125
122 @Override 126 @Override
123 public Set<PartitionId> getAllPartitionIds() { 127 public Set<PartitionId> getAllPartitionIds() {
128 + checkPermission(PARTITION_READ);
124 return partitions.keySet(); 129 return partitions.keySet();
125 } 130 }
126 131
127 @Override 132 @Override
128 public DistributedPrimitiveCreator getDistributedPrimitiveCreator(PartitionId partitionId) { 133 public DistributedPrimitiveCreator getDistributedPrimitiveCreator(PartitionId partitionId) {
134 + checkPermission(PARTITION_READ);
129 return partitions.get(partitionId).client(); 135 return partitions.get(partitionId).client();
130 } 136 }
131 137
132 @Override 138 @Override
133 public Set<NodeId> getConfiguredMembers(PartitionId partitionId) { 139 public Set<NodeId> getConfiguredMembers(PartitionId partitionId) {
140 + checkPermission(PARTITION_READ);
134 StoragePartition partition = partitions.get(partitionId); 141 StoragePartition partition = partitions.get(partitionId);
135 return ImmutableSet.copyOf(partition.getMembers()); 142 return ImmutableSet.copyOf(partition.getMembers());
136 } 143 }
137 144
138 @Override 145 @Override
139 public Set<NodeId> getActiveMembersMembers(PartitionId partitionId) { 146 public Set<NodeId> getActiveMembersMembers(PartitionId partitionId) {
147 + checkPermission(PARTITION_READ);
140 // TODO: This needs to query metadata to determine currently active 148 // TODO: This needs to query metadata to determine currently active
141 // members of partition 149 // members of partition
142 return getConfiguredMembers(partitionId); 150 return getConfiguredMembers(partitionId);
......
...@@ -61,6 +61,9 @@ import com.google.common.collect.ImmutableMap; ...@@ -61,6 +61,9 @@ import com.google.common.collect.ImmutableMap;
61 import com.google.common.collect.Maps; 61 import com.google.common.collect.Maps;
62 import com.google.common.util.concurrent.Futures; 62 import com.google.common.util.concurrent.Futures;
63 63
64 +import static org.onosproject.security.AppGuard.checkPermission;
65 +import static org.onosproject.security.AppPermission.Type.*;
66 +
64 /** 67 /**
65 * Implementation for {@code StorageService} and {@code StorageAdminService}. 68 * Implementation for {@code StorageService} and {@code StorageAdminService}.
66 */ 69 */
...@@ -117,6 +120,7 @@ public class StorageManager implements StorageService, StorageAdminService { ...@@ -117,6 +120,7 @@ public class StorageManager implements StorageService, StorageAdminService {
117 120
118 @Override 121 @Override
119 public <K, V> EventuallyConsistentMapBuilder<K, V> eventuallyConsistentMapBuilder() { 122 public <K, V> EventuallyConsistentMapBuilder<K, V> eventuallyConsistentMapBuilder() {
123 + checkPermission(STORAGE_WRITE);
120 return new EventuallyConsistentMapBuilderImpl<>(clusterService, 124 return new EventuallyConsistentMapBuilderImpl<>(clusterService,
121 clusterCommunicator, 125 clusterCommunicator,
122 persistenceService); 126 persistenceService);
...@@ -124,27 +128,32 @@ public class StorageManager implements StorageService, StorageAdminService { ...@@ -124,27 +128,32 @@ public class StorageManager implements StorageService, StorageAdminService {
124 128
125 @Override 129 @Override
126 public <K, V> ConsistentMapBuilder<K, V> consistentMapBuilder() { 130 public <K, V> ConsistentMapBuilder<K, V> consistentMapBuilder() {
131 + checkPermission(STORAGE_WRITE);
127 return new NewDefaultConsistentMapBuilder<>(federatedPrimitiveCreator); 132 return new NewDefaultConsistentMapBuilder<>(federatedPrimitiveCreator);
128 } 133 }
129 134
130 @Override 135 @Override
131 public <E> DistributedSetBuilder<E> setBuilder() { 136 public <E> DistributedSetBuilder<E> setBuilder() {
137 + checkPermission(STORAGE_WRITE);
132 return new DefaultDistributedSetBuilder<>(() -> this.<E, Boolean>consistentMapBuilder()); 138 return new DefaultDistributedSetBuilder<>(() -> this.<E, Boolean>consistentMapBuilder());
133 } 139 }
134 140
135 @Override 141 @Override
136 public <E> DistributedQueueBuilder<E> queueBuilder() { 142 public <E> DistributedQueueBuilder<E> queueBuilder() {
143 + checkPermission(STORAGE_WRITE);
137 // TODO: implement 144 // TODO: implement
138 throw new UnsupportedOperationException(); 145 throw new UnsupportedOperationException();
139 } 146 }
140 147
141 @Override 148 @Override
142 public AtomicCounterBuilder atomicCounterBuilder() { 149 public AtomicCounterBuilder atomicCounterBuilder() {
150 + checkPermission(STORAGE_WRITE);
143 return new NewDefaultAtomicCounterBuilder(federatedPrimitiveCreator); 151 return new NewDefaultAtomicCounterBuilder(federatedPrimitiveCreator);
144 } 152 }
145 153
146 @Override 154 @Override
147 public <V> AtomicValueBuilder<V> atomicValueBuilder() { 155 public <V> AtomicValueBuilder<V> atomicValueBuilder() {
156 + checkPermission(STORAGE_WRITE);
148 Supplier<ConsistentMapBuilder<String, byte[]>> mapBuilderSupplier = 157 Supplier<ConsistentMapBuilder<String, byte[]>> mapBuilderSupplier =
149 () -> this.<String, byte[]>consistentMapBuilder() 158 () -> this.<String, byte[]>consistentMapBuilder()
150 .withName("onos-atomic-values") 159 .withName("onos-atomic-values")
...@@ -154,6 +163,7 @@ public class StorageManager implements StorageService, StorageAdminService { ...@@ -154,6 +163,7 @@ public class StorageManager implements StorageService, StorageAdminService {
154 163
155 @Override 164 @Override
156 public TransactionContextBuilder transactionContextBuilder() { 165 public TransactionContextBuilder transactionContextBuilder() {
166 + checkPermission(STORAGE_WRITE);
157 return new NewDefaultTransactionContextBuilder(transactionIdGenerator.get(), 167 return new NewDefaultTransactionContextBuilder(transactionIdGenerator.get(),
158 federatedPrimitiveCreator, 168 federatedPrimitiveCreator,
159 transactionCoordinator); 169 transactionCoordinator);
...@@ -161,6 +171,7 @@ public class StorageManager implements StorageService, StorageAdminService { ...@@ -161,6 +171,7 @@ public class StorageManager implements StorageService, StorageAdminService {
161 171
162 @Override 172 @Override
163 public LeaderElectorBuilder leaderElectorBuilder() { 173 public LeaderElectorBuilder leaderElectorBuilder() {
174 + checkPermission(STORAGE_WRITE);
164 return new DefaultLeaderElectorBuilder(federatedPrimitiveCreator); 175 return new DefaultLeaderElectorBuilder(federatedPrimitiveCreator);
165 } 176 }
166 177
......
...@@ -45,6 +45,10 @@ import static java.util.stream.Collectors.toSet; ...@@ -45,6 +45,10 @@ import static java.util.stream.Collectors.toSet;
45 import static org.onosproject.ui.UiView.Category.NETWORK; 45 import static org.onosproject.ui.UiView.Category.NETWORK;
46 import static org.onosproject.ui.UiView.Category.PLATFORM; 46 import static org.onosproject.ui.UiView.Category.PLATFORM;
47 47
48 +import static org.onosproject.security.AppGuard.checkPermission;
49 +import static org.onosproject.security.AppPermission.Type.UI_READ;
50 +import static org.onosproject.security.AppPermission.Type.UI_WRITE;
51 +
48 /** 52 /**
49 * Manages the user interface extensions. 53 * Manages the user interface extensions.
50 */ 54 */
...@@ -136,6 +140,7 @@ public class UiExtensionManager implements UiExtensionService, SpriteService { ...@@ -136,6 +140,7 @@ public class UiExtensionManager implements UiExtensionService, SpriteService {
136 140
137 @Override 141 @Override
138 public synchronized void register(UiExtension extension) { 142 public synchronized void register(UiExtension extension) {
143 + checkPermission(UI_WRITE);
139 if (!extensions.contains(extension)) { 144 if (!extensions.contains(extension)) {
140 extensions.add(extension); 145 extensions.add(extension);
141 for (UiView view : extension.views()) { 146 for (UiView view : extension.views()) {
...@@ -146,6 +151,7 @@ public class UiExtensionManager implements UiExtensionService, SpriteService { ...@@ -146,6 +151,7 @@ public class UiExtensionManager implements UiExtensionService, SpriteService {
146 151
147 @Override 152 @Override
148 public synchronized void unregister(UiExtension extension) { 153 public synchronized void unregister(UiExtension extension) {
154 + checkPermission(UI_WRITE);
149 extensions.remove(extension); 155 extensions.remove(extension);
150 extension.views().stream() 156 extension.views().stream()
151 .map(UiView::id).collect(toSet()).forEach(views::remove); 157 .map(UiView::id).collect(toSet()).forEach(views::remove);
...@@ -153,11 +159,13 @@ public class UiExtensionManager implements UiExtensionService, SpriteService { ...@@ -153,11 +159,13 @@ public class UiExtensionManager implements UiExtensionService, SpriteService {
153 159
154 @Override 160 @Override
155 public synchronized List<UiExtension> getExtensions() { 161 public synchronized List<UiExtension> getExtensions() {
162 + checkPermission(UI_READ);
156 return ImmutableList.copyOf(extensions); 163 return ImmutableList.copyOf(extensions);
157 } 164 }
158 165
159 @Override 166 @Override
160 public synchronized UiExtension getViewExtension(String viewId) { 167 public synchronized UiExtension getViewExtension(String viewId) {
168 + checkPermission(UI_READ);
161 return views.get(viewId); 169 return views.get(viewId);
162 } 170 }
163 171
......