2 * Copyright © 2017 Brocade Communications Systems and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa;
10 import com.google.common.base.Preconditions;
11 import java.util.concurrent.CompletableFuture;
12 import javax.servlet.ServletException;
13 import org.opendaylight.aaa.api.AuthenticationService;
14 import org.opendaylight.aaa.api.CredentialAuth;
15 import org.opendaylight.aaa.api.IDMStoreException;
16 import org.opendaylight.aaa.api.IIDMStore;
17 import org.opendaylight.aaa.api.IdMService;
18 import org.opendaylight.aaa.api.IdMServiceImpl;
19 import org.opendaylight.aaa.api.PasswordCredentials;
20 import org.opendaylight.aaa.api.StoreBuilder;
21 import org.opendaylight.aaa.api.TokenStore;
22 import org.opendaylight.aaa.cert.api.ICertificateManager;
23 import org.opendaylight.aaa.datastore.h2.H2TokenStore;
24 import org.opendaylight.aaa.shiro.oauth2.OAuth2TokenServlet;
25 import org.opendaylight.aaa.shiro.tokenauthrealm.auth.HttpBasicAuth;
26 import org.opendaylight.aaa.shiro.tokenauthrealm.auth.TokenAuthenticators;
27 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.DatastoreConfig;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
30 import org.osgi.service.http.HttpService;
31 import org.osgi.service.http.NamespaceException;
32 import org.slf4j.Logger;
33 import org.slf4j.LoggerFactory;
36 * Provider for AAA shiro implementation.
38 public final class AAAShiroProvider {
40 private static final Logger LOG = LoggerFactory.getLogger(AAAShiroProvider.class);
42 public static final CompletableFuture<AAAShiroProvider> INSTANCE_FUTURE = new CompletableFuture<>();
44 private final DataBroker dataBroker;
45 private final ICertificateManager certificateManager;
46 private final HttpService httpService;
47 private final TokenStore tokenStore;
48 private final ShiroConfiguration shiroConfiguration;
49 private final String moonEndpointPath;
50 private final String oauth2EndpointPath;
51 private final TokenAuthenticators tokenAuthenticators;
52 private final AuthenticationService authenticationService;
57 public AAAShiroProvider(final DataBroker dataBroker,
58 final ICertificateManager certificateManager,
59 final CredentialAuth<PasswordCredentials> credentialAuth,
60 final ShiroConfiguration shiroConfiguration,
61 final HttpService httpService,
62 final String moonEndpointPath,
63 final String oauth2EndpointPath,
64 final DatastoreConfig datastoreConfig,
65 final IIDMStore iidmStore,
66 final AuthenticationService authenticationService) {
67 this.dataBroker = dataBroker;
68 this.certificateManager = certificateManager;
69 this.shiroConfiguration = shiroConfiguration;
70 this.httpService = httpService;
71 this.moonEndpointPath = moonEndpointPath;
72 this.oauth2EndpointPath = oauth2EndpointPath;
73 this.authenticationService = authenticationService;
75 if (datastoreConfig == null || !datastoreConfig.getStore().equals(DatastoreConfig.Store.H2DataStore)) {
76 LOG.info("AAA Datastore has not been initialized");
78 tokenAuthenticators = new TokenAuthenticators();
82 tokenStore = new H2TokenStore(datastoreConfig.getTimeToLive().longValue(),
83 datastoreConfig.getTimeToWait().longValue());
85 initializeIIDMStore(iidmStore);
87 tokenAuthenticators = buildTokenAuthenticators(credentialAuth);
90 this.registerServletContexts(credentialAuth, authenticationService, iidmStore);
91 } catch (final ServletException | NamespaceException e) {
92 LOG.warn("Could not initialize AAA servlet endpoints", e);
95 INSTANCE_FUTURE.complete(this);
98 private TokenAuthenticators buildTokenAuthenticators(CredentialAuth<PasswordCredentials> credentialAuth) {
99 return new TokenAuthenticators(new HttpBasicAuth(credentialAuth));
102 private void registerServletContexts(final CredentialAuth<PasswordCredentials> credentialAuth,
103 AuthenticationService authService, IIDMStore iidmStore) throws ServletException, NamespaceException {
104 LOG.info("attempting registration of AAA moon, oauth2 and auth servlets");
106 Preconditions.checkNotNull(httpService, "httpService cannot be null");
108 final IdMService idmService = new IdMServiceImpl(iidmStore);
110 httpService.registerServlet(moonEndpointPath, new org.opendaylight.aaa.shiro.moon.MoonTokenEndpoint(),
112 httpService.registerServlet(oauth2EndpointPath, new OAuth2TokenServlet(credentialAuth, authService,
113 tokenStore, idmService), null, null);
116 private void initializeIIDMStore(final IIDMStore iidmStore) {
118 new StoreBuilder(iidmStore).initWithDefaultUsers(IIDMStore.DEFAULT_DOMAIN);
119 } catch (final IDMStoreException e) {
120 LOG.error("Failed to initialize data in store", e);
125 * Method called when the blueprint container is created.
128 LOG.info("AAAShiroProvider Session Initiated");
132 * Method called when the blueprint container is destroyed.
134 public void close() {
135 LOG.info("AAAShiroProvider Closed");
136 if (httpService != null) {
137 httpService.unregister(moonEndpointPath);
138 httpService.unregister(oauth2EndpointPath);
143 * Extract the data broker.
145 * @return the data broker
147 public DataBroker getDataBroker() {
148 return this.dataBroker;
152 * Extract the certificate manager.
154 * @return the certificate manager.
156 public ICertificateManager getCertificateManager() {
157 return certificateManager;
161 * Extract Shiro related configuration.
163 * @return Shiro related configuration.
165 public ShiroConfiguration getShiroConfiguration() {
166 return this.shiroConfiguration;
169 public TokenStore getTokenStore() {
173 public TokenAuthenticators getTokenAuthenticators() {
174 return tokenAuthenticators;
177 public AuthenticationService getAuthenticationService() {
178 return authenticationService;