Code Review / aaa.git / blob
? search:


07c58401192b92a912a9fe477668a8f573cf319e
[aaa.git] / aaa-shiro / impl / src / main / java / org / opendaylight / aaa / shiro / web / env / AAAIniWebEnvironment.java
1 /*
2  * Copyright (c) 2018 Inocybe Technologies and others.  All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8 package org.opendaylight.aaa.shiro.web.env;
9
10 import java.util.List;
11 import java.util.function.Supplier;
12 import org.apache.shiro.SecurityUtils;
13 import org.apache.shiro.config.Ini;
14 import org.apache.shiro.config.IniSecurityManagerFactory;
15 import org.apache.shiro.mgt.SecurityManager;
16 import org.apache.shiro.util.Factory;
17 import org.apache.shiro.web.env.IniWebEnvironment;
18 import org.opendaylight.aaa.api.AuthenticationService;
19 import org.opendaylight.aaa.api.TokenStore;
20 import org.opendaylight.aaa.api.password.service.PasswordHashService;
21 import org.opendaylight.aaa.cert.api.ICertificateManager;
22 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
23 import org.opendaylight.mdsal.binding.api.DataBroker;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Urls;
27 import org.opendaylight.yangtools.util.ClassLoaderUtils;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
30
31 /**
32  * Extends <code>IniWebEnvironment</code> to provide the Ini configuration via a clustered app config,
33  * and sets the TCCL (x2) so that loading of classes by name (from aaa-app-config.xml) works even with
34  * ShiroWebContextSecurer.
35  *
36  * @author Ryan Goulding
37  * @author Thomas Pantelis
38  * @author Michael Vorburger - use of TCCL for ShiroWebContextSecurer
39  */
40 class AAAIniWebEnvironment extends IniWebEnvironment {
41     private static final Logger LOG = LoggerFactory.getLogger(AAAIniWebEnvironment.class);
42
43     private static final String MAIN_SECTION_HEADER = "main";
44     private static final String URLS_SECTION_HEADER = "urls";
45
46     private final ShiroConfiguration shiroConfiguration;
47     private final DataBroker dataBroker;
48     private final ICertificateManager certificateManager;
49     private final AuthenticationService authenticationService;
50     private final TokenAuthenticators tokenAuthenticators;
51     private final TokenStore tokenStore;
52     private final PasswordHashService passwordHashService;
53
54     AAAIniWebEnvironment(final ShiroConfiguration shiroConfiguration, final DataBroker dataBroker,
55                          final ICertificateManager certificateManager,
56                          final AuthenticationService authenticationService,
57                          final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
58                          final PasswordHashService passwordHashService) {
59         this.shiroConfiguration = shiroConfiguration;
60         this.dataBroker = dataBroker;
61         this.certificateManager = certificateManager;
62         this.authenticationService = authenticationService;
63         this.tokenAuthenticators = tokenAuthenticators;
64         this.tokenStore = tokenStore;
65         this.passwordHashService = passwordHashService;
66         LOG.debug("AAAIniWebEnvironment created");
67     }
68
69     static Ini createIniFromClusteredAppConfig(final ShiroConfiguration shiroConfiguration) {
70         final Ini ini = new Ini();
71
72         final Ini.Section mainSection = ini.addSection(MAIN_SECTION_HEADER);
73         final List<Main> mains = shiroConfiguration.getMain();
74         for (final Main main : mains) {
75             mainSection.put(main.getPairKey(), main.getPairValue());
76         }
77
78         final Ini.Section urlsSection = ini.addSection(URLS_SECTION_HEADER);
79         final List<Urls> urls = shiroConfiguration.getUrls();
80         for (final Urls url : urls) {
81             urlsSection.put(url.getPairKey(), url.getPairValue());
82         }
83
84         final Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini);
85         final SecurityManager securityManager = ClassLoaderUtils.getWithClassLoader(
86                 AAAIniWebEnvironment.class.getClassLoader(), (Supplier<SecurityManager>) factory::getInstance);
87         SecurityUtils.setSecurityManager(securityManager);
88
89         return ini;
90     }
91
92     @Override
93     public void init() {
94         ThreadLocals.DATABROKER_TL.set(dataBroker);
95         ThreadLocals.CERT_MANAGER_TL.set(certificateManager);
96         ThreadLocals.AUTH_SETVICE_TL.set(authenticationService);
97         ThreadLocals.TOKEN_AUTHENICATORS_TL.set(tokenAuthenticators);
98         ThreadLocals.TOKEN_STORE_TL.set(tokenStore);
99         ThreadLocals.PASSWORD_HASH_SERVICE_TL.set(passwordHashService);
100         try {
101             // Initialize the Shiro environment from clustered-app-config
102             final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
103             setIni(ini);
104             ClassLoaderUtils.getWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), (Supplier<Void>) () -> {
105                 super.init();
106                 return null;
107             });
108         } finally {
109             ThreadLocals.DATABROKER_TL.remove();
110             ThreadLocals.CERT_MANAGER_TL.remove();
111             ThreadLocals.AUTH_SETVICE_TL.remove();
112             ThreadLocals.TOKEN_AUTHENICATORS_TL.remove();
113             ThreadLocals.TOKEN_STORE_TL.remove();
114             ThreadLocals.PASSWORD_HASH_SERVICE_TL.remove();
115         }
116     }
117 }
Authentication, Authorization, Accounting