1 /* Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.idm;
10 import static org.opendaylight.aaa.idm.persistence.StoreBuilder.DEFAULT_DOMAIN;
12 import java.util.ArrayList;
13 import java.util.List;
15 import java.util.concurrent.ConcurrentHashMap;
17 import org.opendaylight.aaa.ClaimBuilder;
18 import org.opendaylight.aaa.api.AuthenticationException;
19 import org.opendaylight.aaa.api.Claim;
20 import org.opendaylight.aaa.api.CredentialAuth;
21 import org.opendaylight.aaa.api.IdMService;
22 import org.opendaylight.aaa.api.PasswordCredentials;
23 import org.opendaylight.aaa.idm.model.Domain;
24 import org.opendaylight.aaa.idm.model.Domains;
25 import org.opendaylight.aaa.idm.model.Grant;
26 import org.opendaylight.aaa.idm.model.Grants;
27 import org.opendaylight.aaa.idm.model.Role;
28 import org.opendaylight.aaa.idm.model.User;
29 import org.opendaylight.aaa.idm.model.Users;
30 import org.opendaylight.aaa.idm.persistence.DomainStore;
31 import org.opendaylight.aaa.idm.persistence.GrantStore;
32 import org.opendaylight.aaa.idm.persistence.RoleStore;
33 import org.opendaylight.aaa.idm.persistence.StoreException;
34 import org.opendaylight.aaa.idm.persistence.UserStore;
35 import org.slf4j.Logger;
36 import org.slf4j.LoggerFactory;
39 * An OSGi proxy for the IdmLight server.
42 public class IdmLightProxy implements CredentialAuth<PasswordCredentials>,
45 private static Logger logger = LoggerFactory.getLogger(IdmLightProxy.class);
46 private static UserStore userStore = new UserStore();
47 private static GrantStore grantStore = new GrantStore();
48 private static DomainStore domainStore = new DomainStore();
49 private static RoleStore roleStore = new RoleStore();
51 // Simple map of claim cache by domain names
52 private static Map<String, Map<PasswordCredentials, Claim>> claimCache = new ConcurrentHashMap<>();
54 claimCache.put(DEFAULT_DOMAIN, new ConcurrentHashMap<PasswordCredentials, Claim>());
58 public Claim authenticate(PasswordCredentials creds, String domain) {
59 String domainName = (domain == null) ? DEFAULT_DOMAIN : domain;
60 // FIXME: Add cache invalidation
61 Map<PasswordCredentials, Claim> cache = claimCache.get(domainName);
63 cache = new ConcurrentHashMap<PasswordCredentials, Claim>();
64 claimCache.put(domainName, cache);
66 Claim claim = cache.get(creds);
68 synchronized (claimCache) {
69 claim = cache.get(creds);
71 claim = dbAuthenticate(creds, domainName);
73 cache.put(creds, claim);
81 public static synchronized void clearClaimCache() {
82 for (Map<PasswordCredentials, Claim> cache : claimCache.values()) {
87 private static Claim dbAuthenticate(PasswordCredentials creds, String domainName) {
90 // check to see domain exists
91 // TODO: ensure domain names are unique change to 'getDomain'
94 Domains domains = domainStore.getDomains(domainName);
95 List<Domain> domainList = domains.getDomains();
96 if (domainList.size()==0) {
97 throw new AuthenticationException("Domain :" + domainName + " does not exist");
99 domain = domainList.get(0);
101 catch (StoreException se) {
102 throw new AuthenticationException("idm data store exception :" + se.toString());
105 // check to see user exists and passes cred check
107 debug("check user / pwd");
108 Users users = userStore.getUsers(creds.username());
109 List<User> userList = users.getUsers();
110 if (userList.size()==0) {
111 throw new AuthenticationException("User :" + creds.username() + " does not exist");
113 user = userList.get(0);
114 if (!creds.password().equalsIgnoreCase(user.getPassword())) {
115 throw new AuthenticationException("UserName / Password not found");
118 // get all grants & roles for this domain and user
120 List<String> roles = new ArrayList<String>();
121 Grants grants = grantStore.getGrants(domain.getDomainid(),user.getUserid());
122 List<Grant> grantList = grants.getGrants();
123 for (int z=0;z<grantList.size();z++) {
124 Grant grant = grantList.get(z);
125 Role role = roleStore.getRole(grant.getRoleid());
126 roles.add(role.getName());
129 // build up the claim
130 debug("build a claim");
131 ClaimBuilder claim = new ClaimBuilder();
132 claim.setUserId(user.getUserid().toString());
133 claim.setUser(creds.username());
134 claim.setDomain(domainName);
135 for (int z=0;z<roles.size();z++) {
136 claim.addRole(roles.get(z));
138 return claim.build();
140 catch (StoreException se) {
141 throw new AuthenticationException("idm data store exception :" + se.toString());
146 public String getUserId(String userName) {
147 debug("getUserid for userName:" + userName);
149 Users users = userStore.getUsers(userName);
150 List<User> userList = users.getUsers();
151 if (userList.size()==0) {
154 User user = userList.get(0);
155 return user.getUserid().toString();
157 catch (StoreException se) {
158 logger.warn("error getting user " + se.toString());
164 public List<String> listDomains(String userId) {
165 debug("list Domains for userId:" + userId);
166 List<String> domains = new ArrayList<String>();
169 uid = Long.parseLong(userId);
171 catch (NumberFormatException nfe) {
172 logger.warn("not a valid userid:" + userId);
176 Grants grants = grantStore.getGrants(uid);
177 List<Grant> grantList = grants.getGrants();
178 for (int z=0;z<grantList.size();z++) {
179 Grant grant = grantList.get(z);
180 Domain domain = domainStore.getDomain(grant.getDomainid());
181 domains.add(domain.getName());
185 catch (StoreException se) {
186 logger.warn("error getting domains " + se.toString());
193 public List<String> listRoles(String userId, String domainName) {
195 List<String> roles = new ArrayList<String>();
198 // find domain name for specied domain name
199 Domains domains = domainStore.getDomains(domainName);
200 List<Domain> domainList = domains.getDomains();
201 if (domainList.size()==0) {
202 debug("DomainName: " + domainName + " Not found!");
205 long did = domainList.get(0).getDomainid();
210 uid = Long.parseLong(userId);
212 catch (NumberFormatException nfe) {
213 logger.warn("not a valid userid:" + userId);
217 // find all grants for uid and did
218 Grants grants = grantStore.getGrants(did,uid);
219 List<Grant> grantList = grants.getGrants();
220 for (int z=0;z<grantList.size();z++) {
221 Grant grant = grantList.get(z);
222 Role role = roleStore.getRole(grant.getRoleid());
223 roles.add(role.getName());
228 catch (StoreException se) {
229 logger.warn("error getting roles " + se.toString());
234 private static final void debug(String msg) {
235 if (logger.isDebugEnabled()) {