2 * Copyright (c) 2018 Inocybe Technologies and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.shiro.web.env;
10 import org.apache.shiro.SecurityUtils;
11 import org.apache.shiro.config.Ini;
12 import org.apache.shiro.config.IniSecurityManagerFactory;
13 import org.apache.shiro.mgt.SecurityManager;
14 import org.apache.shiro.util.Factory;
15 import org.apache.shiro.web.env.IniWebEnvironment;
16 import org.opendaylight.aaa.api.AuthenticationService;
17 import org.opendaylight.aaa.api.TokenStore;
18 import org.opendaylight.aaa.api.password.service.PasswordHashService;
19 import org.opendaylight.aaa.cert.api.ICertificateManager;
20 import org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm;
21 import org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter;
22 import org.opendaylight.aaa.shiro.realm.MdsalRealm;
23 import org.opendaylight.aaa.shiro.realm.MoonRealm;
24 import org.opendaylight.aaa.shiro.realm.TokenAuthRealm;
25 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
26 import org.opendaylight.aaa.web.servlet.ServletSupport;
27 import org.opendaylight.mdsal.binding.api.DataBroker;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Urls;
31 import org.opendaylight.yangtools.util.ClassLoaderUtils;
32 import org.slf4j.Logger;
33 import org.slf4j.LoggerFactory;
36 * Extends <code>IniWebEnvironment</code> to provide the Ini configuration via a clustered app config,
37 * and sets the TCCL (x2) so that loading of classes by name (from aaa-app-config.xml) works even with
38 * ShiroWebContextSecurer.
40 * @author Ryan Goulding
41 * @author Thomas Pantelis
42 * @author Michael Vorburger - use of TCCL for ShiroWebContextSecurer
44 class AAAIniWebEnvironment extends IniWebEnvironment {
45 private static final Logger LOG = LoggerFactory.getLogger(AAAIniWebEnvironment.class);
47 private static final String MAIN_SECTION_HEADER = "main";
48 private static final String URLS_SECTION_HEADER = "urls";
50 private final ShiroConfiguration shiroConfiguration;
51 private final DataBroker dataBroker;
52 private final ICertificateManager certificateManager;
53 private final AuthenticationService authenticationService;
54 private final TokenAuthenticators tokenAuthenticators;
55 private final TokenStore tokenStore;
56 private final PasswordHashService passwordHashService;
57 private final ServletSupport servletSupport;
59 AAAIniWebEnvironment(final ShiroConfiguration shiroConfiguration, final DataBroker dataBroker,
60 final ICertificateManager certificateManager,
61 final AuthenticationService authenticationService,
62 final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
63 final PasswordHashService passwordHashService, final ServletSupport servletSupport) {
64 this.shiroConfiguration = shiroConfiguration;
65 this.dataBroker = dataBroker;
66 this.certificateManager = certificateManager;
67 this.authenticationService = authenticationService;
68 this.tokenAuthenticators = tokenAuthenticators;
69 this.tokenStore = tokenStore;
70 this.passwordHashService = passwordHashService;
71 this.servletSupport = servletSupport;
72 LOG.debug("AAAIniWebEnvironment created");
75 static Ini createIniFromClusteredAppConfig(final ShiroConfiguration shiroConfiguration) {
76 final Ini ini = new Ini();
78 final Ini.Section mainSection = ini.addSection(MAIN_SECTION_HEADER);
79 for (final Main main : shiroConfiguration.nonnullMain()) {
80 mainSection.put(main.getPairKey(), main.getPairValue());
83 final Ini.Section urlsSection = ini.addSection(URLS_SECTION_HEADER);
84 for (final Urls url : shiroConfiguration.nonnullUrls()) {
85 urlsSection.put(url.getPairKey(), url.getPairValue());
88 final Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini);
89 final SecurityManager securityManager = ClassLoaderUtils.getWithClassLoader(
90 AAAIniWebEnvironment.class.getClassLoader(), factory::getInstance);
91 SecurityUtils.setSecurityManager(securityManager);
99 var filterLoad = MDSALDynamicAuthorizationFilter.prepareForLoad(dataBroker);
100 var keyStoneLoad = KeystoneAuthRealm.prepareForLoad(certificateManager, servletSupport);
101 var mdsalLoad = MdsalRealm.prepareForLoad(passwordHashService, dataBroker);
102 var moonLoad = MoonRealm.prepareForLoad(servletSupport);
103 var tokenAuthLoad = TokenAuthRealm.prepareForLoad(authenticationService, tokenAuthenticators, tokenStore)) {
104 // Initialize the Shiro environment from clustered-app-config
105 final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
107 ClassLoaderUtils.runWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), super::init);