2 * Copyright (c) 2014, 2017 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
3 * Copyright (c) 2020 PANTHEON.tech, s.r.o.
5 * This program and the accompanying materials are made available under the
6 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
7 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.aaa.shiro.tokenauthrealm.auth;
11 import javax.inject.Singleton;
12 import org.opendaylight.aaa.api.Authentication;
13 import org.opendaylight.aaa.api.AuthenticationService;
14 import org.osgi.service.component.annotations.Activate;
15 import org.osgi.service.component.annotations.Component;
16 import org.osgi.service.component.annotations.Deactivate;
17 import org.osgi.service.component.annotations.Modified;
18 import org.osgi.service.metatype.annotations.AttributeDefinition;
19 import org.osgi.service.metatype.annotations.Designate;
20 import org.osgi.service.metatype.annotations.ObjectClassDefinition;
21 import org.slf4j.Logger;
22 import org.slf4j.LoggerFactory;
25 * An {@link InheritableThreadLocal}-based {@link AuthenticationService}.
28 @Component(configurationPid = "org.opendaylight.aaa.authn")
29 @Designate(ocd = AuthenticationManager.Configuration.class)
30 public final class AuthenticationManager implements AuthenticationService {
31 @ObjectClassDefinition(name = "OpenDaylight AAA Authentication Configuration")
32 public @interface Configuration {
34 name = "Enable authentication",
36 "Enable authentication by setting it to the value 'true', or 'false' if bypassing authentication.\n"
37 + "Note that bypassing authentication may result in your controller being more vulnerable to "
38 + "unauthorized accesses.\n"
39 + "Authorization, if enabled, will not work if authentication is disabled.")
40 boolean authEnabled() default true;
43 private static final Logger LOG = LoggerFactory.getLogger(AuthenticationManager.class);
45 private volatile boolean authEnabled;
47 private final ThreadLocal<Authentication> auth = new InheritableThreadLocal<>();
49 public AuthenticationManager() {
50 // In non-Karaf environments, authEnabled is set to false by default
54 public AuthenticationManager(final boolean authEnabled) {
55 this.authEnabled = authEnabled;
58 public void setAuthEnabled(final boolean authEnabled) {
59 this.authEnabled = authEnabled;
60 LOG.info("Authentication is now {}", authEnabled ? "enabled" : "disabled");
64 public Authentication get() {
69 public void set(final Authentication authentication) {
70 auth.set(authentication);
79 public boolean isAuthEnabled() {
84 void activate(final Configuration configuration) {
85 setAuthEnabled(configuration.authEnabled());
86 LOG.info("Authentication Manager activated");
90 @SuppressWarnings("static-method")
92 LOG.info("Authentication Manager deactivated");
96 void modified(final Configuration configuration) {
97 setAuthEnabled(configuration.authEnabled());