aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/tokenauthrealm/auth/AuthenticationManager.java

   1 /*
   2  * Copyright (c) 2014, 2017 Hewlett-Packard Development Company, L.P. and others.  All rights reserved.
   3  * Copyright (c) 2020 PANTHEON.tech, s.r.o.
   4  *
   5  * This program and the accompanying materials are made available under the
   6  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   7  * and is available at http://www.eclipse.org/legal/epl-v10.html
   8  */
   9 package org.opendaylight.aaa.shiro.tokenauthrealm.auth;
  10
  11 import javax.inject.Singleton;
  12 import org.opendaylight.aaa.api.Authentication;
  13 import org.opendaylight.aaa.api.AuthenticationService;
  14 import org.osgi.service.component.annotations.Activate;
  15 import org.osgi.service.component.annotations.Component;
  16 import org.osgi.service.component.annotations.Deactivate;
  17 import org.osgi.service.component.annotations.Modified;
  18 import org.osgi.service.metatype.annotations.AttributeDefinition;
  19 import org.osgi.service.metatype.annotations.Designate;
  20 import org.osgi.service.metatype.annotations.ObjectClassDefinition;
  21 import org.slf4j.Logger;
  22 import org.slf4j.LoggerFactory;
  23
  24 /**
  25  * An {@link InheritableThreadLocal}-based {@link AuthenticationService}.
  26  */
  27 @Singleton
  28 @Component(configurationPid = "org.opendaylight.aaa.authn")
  29 @Designate(ocd = AuthenticationManager.Configuration.class)
  30 public final class AuthenticationManager implements AuthenticationService {
  31     @ObjectClassDefinition(name = "OpenDaylight AAA Authentication Configuration")
  32     public @interface Configuration {
  33         @AttributeDefinition(
  34             name = "Enable authentication",
  35             description =
  36                 "Enable authentication by setting it to the value 'true', or 'false' if bypassing authentication.\n"
  37                     + "Note that bypassing authentication may result in your controller being more vulnerable to "
  38                     + "unauthorized accesses.\n"
  39                     + "Authorization, if enabled, will not work if authentication is disabled.")
  40         boolean authEnabled() default true;
  41     }
  42
  43     private static final Logger LOG = LoggerFactory.getLogger(AuthenticationManager.class);
  44
  45     private volatile boolean authEnabled;
  46
  47     private final ThreadLocal<Authentication> auth = new InheritableThreadLocal<>();
  48
  49     public AuthenticationManager() {
  50         // In non-Karaf environments, authEnabled is set to false by default
  51         this(false);
  52     }
  53
  54     public AuthenticationManager(final boolean authEnabled) {
  55         this.authEnabled = authEnabled;
  56     }
  57
  58     public void setAuthEnabled(final boolean authEnabled) {
  59         this.authEnabled = authEnabled;
  60         LOG.info("Authentication is now {}", authEnabled ? "enabled" : "disabled");
  61     }
  62
  63     @Override
  64     public Authentication get() {
  65         return auth.get();
  66     }
  67
  68     @Override
  69     public void set(final Authentication authentication) {
  70         auth.set(authentication);
  71     }
  72
  73     @Override
  74     public void clear() {
  75         auth.remove();
  76     }
  77
  78     @Override
  79     public boolean isAuthEnabled() {
  80         return authEnabled;
  81     }
  82
  83     @Activate
  84     void activate(final Configuration configuration) {
  85         setAuthEnabled(configuration.authEnabled());
  86         LOG.info("Authentication Manager activated");
  87     }
  88
  89     @Deactivate
  90     @SuppressWarnings("static-method")
  91     void deactivate() {
  92         LOG.info("Authentication Manager deactivated");
  93     }
  94
  95     @Modified
  96     void modified(final Configuration configuration) {
  97         setAuthEnabled(configuration.authEnabled());
  98     }
  99 }