2 * Copyright © 2017 Brocade Communications Systems and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.shiro;
10 import com.google.common.base.Preconditions;
11 import com.google.common.collect.Lists;
12 import java.util.List;
13 import javax.servlet.ServletException;
14 import org.opendaylight.aaa.api.AuthenticationService;
15 import org.opendaylight.aaa.api.CredentialAuth;
16 import org.opendaylight.aaa.api.IDMStoreException;
17 import org.opendaylight.aaa.api.IIDMStore;
18 import org.opendaylight.aaa.api.IdMService;
19 import org.opendaylight.aaa.api.IdMServiceImpl;
20 import org.opendaylight.aaa.api.PasswordCredentials;
21 import org.opendaylight.aaa.api.StoreBuilder;
22 import org.opendaylight.aaa.api.TokenAuth;
23 import org.opendaylight.aaa.api.TokenStore;
24 import org.opendaylight.aaa.cert.api.ICertificateManager;
25 import org.opendaylight.aaa.datastore.h2.H2Store;
26 import org.opendaylight.aaa.datastore.h2.H2TokenStore;
27 import org.opendaylight.aaa.datastore.h2.IdmLightConfig;
28 import org.opendaylight.aaa.datastore.h2.IdmLightConfigBuilder;
29 import org.opendaylight.aaa.datastore.h2.IdmLightSimpleConnectionProvider;
30 import org.opendaylight.aaa.shiro.oauth2.OAuth2TokenServlet;
31 import org.opendaylight.aaa.shiro.tokenauthrealm.ServiceLocator;
32 import org.opendaylight.aaa.shiro.tokenauthrealm.auth.AuthenticationManager;
33 import org.opendaylight.aaa.shiro.tokenauthrealm.auth.HttpBasicAuth;
34 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.DatastoreConfig;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
37 import org.osgi.service.http.HttpService;
38 import org.osgi.service.http.NamespaceException;
39 import org.slf4j.Logger;
40 import org.slf4j.LoggerFactory;
43 * Provider for AAA shiro implementation.
45 public class AAAShiroProvider {
47 private static final Logger LOG = LoggerFactory.getLogger(AAAShiroProvider.class);
49 private static volatile AAAShiroProvider INSTANCE;
50 private static IIDMStore iidmStore;
52 private final DataBroker dataBroker;
53 private final ICertificateManager certificateManager;
54 private final HttpService httpService;
55 private final ShiroConfiguration shiroConfiguration;
56 private final String moonEndpointPath;
57 private final String oauth2EndpointPath;
58 private final TokenStore tokenStore;
61 * Provider for this bundle.
63 * @param dataBroker injected from blueprint
65 private AAAShiroProvider(final DataBroker dataBroker, final ICertificateManager certificateManager,
66 final CredentialAuth<PasswordCredentials> credentialAuth,
67 final ShiroConfiguration shiroConfiguration,
68 final HttpService httpService,
69 final String moonEndpointPath,
70 final String oauth2EndpointPath,
71 final DatastoreConfig datastoreConfig,
72 final String dbUsername,
73 final String dbPassword) {
74 this.dataBroker = dataBroker;
75 this.certificateManager = certificateManager;
76 this.shiroConfiguration = shiroConfiguration;
77 this.httpService = httpService;
78 this.moonEndpointPath = moonEndpointPath;
79 this.oauth2EndpointPath = oauth2EndpointPath;
81 if (datastoreConfig != null && datastoreConfig.getStore()
82 .equals(DatastoreConfig.Store.H2DataStore)) {
83 final IdmLightConfig config = new IdmLightConfigBuilder()
84 .dbUser(dbUsername).dbPwd(dbPassword).build();
85 iidmStore = new H2Store(new IdmLightSimpleConnectionProvider(config));
86 tokenStore = new H2TokenStore(datastoreConfig.getTimeToLive().longValue(),
87 datastoreConfig.getTimeToWait().longValue());
91 LOG.info("AAA Datastore has not been initialized");
94 this.initializeServices(credentialAuth, iidmStore, tokenStore);
96 this.registerServletContexts(this.httpService, this.moonEndpointPath, this.oauth2EndpointPath);
97 } catch (final ServletException | NamespaceException e) {
98 LOG.warn("Could not initialize AAA servlet endpoints", e);
102 private void registerServletContexts(final HttpService httpService, final String moonEndpointPath,
103 final String oauth2EndpointPath)
104 throws ServletException, NamespaceException {
105 LOG.info("attempting registration of AAA moon, oauth2 and auth servlets");
107 Preconditions.checkNotNull(httpService, "httpService cannot be null");
108 httpService.registerServlet(moonEndpointPath, new org.opendaylight.aaa.shiro.moon.MoonTokenEndpoint(),
110 httpService.registerServlet(oauth2EndpointPath, new OAuth2TokenServlet(), null, null);
114 * Initialize AAA Services. This method will evolve over time as ServiceLocator is refactored/removed.
116 * @param credentialAuth wired via blueprint
117 * @param iidmStore wired via blueprint
118 * @param tokenStore wired via blueprint
120 private void initializeServices(final CredentialAuth<PasswordCredentials> credentialAuth,
121 final IIDMStore iidmStore, final TokenStore tokenStore) {
123 new StoreBuilder(iidmStore).init();
124 } catch (final IDMStoreException e) {
125 LOG.error("Failed to initialize data in store", e);
128 final AuthenticationService authService = new AuthenticationManager();
129 ServiceLocator.getInstance().setAuthenticationService(authService);
131 final IdMService idmService = new IdMServiceImpl(iidmStore);
132 ServiceLocator.getInstance().setIdmService(idmService);
134 ServiceLocator.getInstance().setCredentialAuth(credentialAuth);
136 final TokenAuth tokenAuth = new HttpBasicAuth();
137 final List<TokenAuth> tokenAuthList = Lists.newArrayList(tokenAuth);
138 ServiceLocator.getInstance().setTokenAuthCollection(tokenAuthList);
140 ServiceLocator.getInstance().setTokenStore(tokenStore);
144 * Singleton creation.
146 * @param dataBroker The DataBroker
147 * @param certificateManager the certificate manager
148 * @param credentialAuth The CredentialAuth
149 * @param shiroConfiguration shiro config
150 * @param httpService http service
151 * @param moonEndpointPath moon path
152 * @param oauth2EndpointPath oauth path
153 * @param datastoreConfig data store config
154 * @return the Provider
156 public static AAAShiroProvider newInstance(final DataBroker dataBroker,
157 final ICertificateManager certificateManager,
158 final CredentialAuth<PasswordCredentials> credentialAuth,
159 final ShiroConfiguration shiroConfiguration,
160 final HttpService httpService,
161 final String moonEndpointPath,
162 final String oauth2EndpointPath,
163 final DatastoreConfig datastoreConfig,
164 final String dbUsername,
165 final String dbPassword) {
166 INSTANCE = new AAAShiroProvider(dataBroker, certificateManager, credentialAuth, shiroConfiguration,
167 httpService, moonEndpointPath, oauth2EndpointPath, datastoreConfig, dbUsername, dbPassword);
172 * Singleton extraction.
174 * @return the Provider
176 public static AAAShiroProvider getInstance() {
181 * Get IDM data store.
183 * @return IIDMStore data store
185 public static IIDMStore getIdmStore() {
190 * Set IDM data store, only used for test.
192 * @param store data store
194 public static void setIdmStore(IIDMStore store) {
199 * Method called when the blueprint container is created.
202 LOG.info("AAAShiroProvider Session Initiated");
206 * Method called when the blueprint container is destroyed.
208 public void close() {
209 LOG.info("AAAShiroProvider Closed");
210 if (httpService != null) {
211 httpService.unregister(moonEndpointPath);
212 httpService.unregister(oauth2EndpointPath);
217 * Extract the data broker.
219 * @return the data broker
221 public DataBroker getDataBroker() {
222 return this.dataBroker;
226 * Extract the certificate manager.
228 * @return the certificate manager.
230 public ICertificateManager getCertificateManager() {
231 return certificateManager;
235 * Extract Shiro related configuration.
237 * @return Shiro related configuration.
239 public ShiroConfiguration getShiroConfiguration() {
240 return this.shiroConfiguration;