2 * Copyright (c) 2018 Inocybe Technologies and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.shiro.web.env;
10 import java.util.List;
11 import java.util.function.Supplier;
12 import org.apache.shiro.SecurityUtils;
13 import org.apache.shiro.config.Ini;
14 import org.apache.shiro.config.IniSecurityManagerFactory;
15 import org.apache.shiro.mgt.SecurityManager;
16 import org.apache.shiro.util.Factory;
17 import org.apache.shiro.web.env.IniWebEnvironment;
18 import org.opendaylight.aaa.api.AuthenticationService;
19 import org.opendaylight.aaa.api.TokenStore;
20 import org.opendaylight.aaa.api.password.service.PasswordHashService;
21 import org.opendaylight.aaa.cert.api.ICertificateManager;
22 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
23 import org.opendaylight.mdsal.binding.api.DataBroker;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Urls;
27 import org.opendaylight.yangtools.util.ClassLoaderUtils;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
32 * Extends <code>IniWebEnvironment</code> to provide the Ini configuration via a clustered app config,
33 * and sets the TCCL (x2) so that loading of classes by name (from aaa-app-config.xml) works even with
34 * ShiroWebContextSecurer.
36 * @author Ryan Goulding
37 * @author Thomas Pantelis
38 * @author Michael Vorburger - use of TCCL for ShiroWebContextSecurer
40 class AAAIniWebEnvironment extends IniWebEnvironment {
41 private static final Logger LOG = LoggerFactory.getLogger(AAAIniWebEnvironment.class);
43 private static final String MAIN_SECTION_HEADER = "main";
44 private static final String URLS_SECTION_HEADER = "urls";
46 private final ShiroConfiguration shiroConfiguration;
47 private final DataBroker dataBroker;
48 private final ICertificateManager certificateManager;
49 private final AuthenticationService authenticationService;
50 private final TokenAuthenticators tokenAuthenticators;
51 private final TokenStore tokenStore;
52 private final PasswordHashService passwordHashService;
54 AAAIniWebEnvironment(final ShiroConfiguration shiroConfiguration, final DataBroker dataBroker,
55 final ICertificateManager certificateManager,
56 final AuthenticationService authenticationService,
57 final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
58 final PasswordHashService passwordHashService) {
59 this.shiroConfiguration = shiroConfiguration;
60 this.dataBroker = dataBroker;
61 this.certificateManager = certificateManager;
62 this.authenticationService = authenticationService;
63 this.tokenAuthenticators = tokenAuthenticators;
64 this.tokenStore = tokenStore;
65 this.passwordHashService = passwordHashService;
66 LOG.debug("AAAIniWebEnvironment created");
69 static Ini createIniFromClusteredAppConfig(final ShiroConfiguration shiroConfiguration) {
70 final Ini ini = new Ini();
72 final Ini.Section mainSection = ini.addSection(MAIN_SECTION_HEADER);
73 final List<Main> mains = shiroConfiguration.getMain();
74 for (final Main main : mains) {
75 mainSection.put(main.getPairKey(), main.getPairValue());
78 final Ini.Section urlsSection = ini.addSection(URLS_SECTION_HEADER);
79 final List<Urls> urls = shiroConfiguration.getUrls();
80 for (final Urls url : urls) {
81 urlsSection.put(url.getPairKey(), url.getPairValue());
84 final Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini);
85 final SecurityManager securityManager = ClassLoaderUtils.getWithClassLoader(
86 AAAIniWebEnvironment.class.getClassLoader(), (Supplier<SecurityManager>) factory::getInstance);
87 SecurityUtils.setSecurityManager(securityManager);
94 ThreadLocals.DATABROKER_TL.set(dataBroker);
95 ThreadLocals.CERT_MANAGER_TL.set(certificateManager);
96 ThreadLocals.AUTH_SETVICE_TL.set(authenticationService);
97 ThreadLocals.TOKEN_AUTHENICATORS_TL.set(tokenAuthenticators);
98 ThreadLocals.TOKEN_STORE_TL.set(tokenStore);
99 ThreadLocals.PASSWORD_HASH_SERVICE_TL.set(passwordHashService);
101 // Initialize the Shiro environment from clustered-app-config
102 final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
104 ClassLoaderUtils.getWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), (Supplier<Void>) () -> {
109 ThreadLocals.DATABROKER_TL.remove();
110 ThreadLocals.CERT_MANAGER_TL.remove();
111 ThreadLocals.AUTH_SETVICE_TL.remove();
112 ThreadLocals.TOKEN_AUTHENICATORS_TL.remove();
113 ThreadLocals.TOKEN_STORE_TL.remove();
114 ThreadLocals.PASSWORD_HASH_SERVICE_TL.remove();