aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java

   1 /*
   2  * Copyright (c) 2018 Inocybe Technologies and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.aaa.shiro.web.env;
   9
  10 import org.apache.shiro.SecurityUtils;
  11 import org.apache.shiro.config.Ini;
  12 import org.apache.shiro.config.IniSecurityManagerFactory;
  13 import org.apache.shiro.mgt.SecurityManager;
  14 import org.apache.shiro.util.Factory;
  15 import org.apache.shiro.web.env.IniWebEnvironment;
  16 import org.opendaylight.aaa.api.AuthenticationService;
  17 import org.opendaylight.aaa.api.TokenStore;
  18 import org.opendaylight.aaa.api.password.service.PasswordHashService;
  19 import org.opendaylight.aaa.cert.api.ICertificateManager;
  20 import org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm;
  21 import org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter;
  22 import org.opendaylight.aaa.shiro.realm.MdsalRealm;
  23 import org.opendaylight.aaa.shiro.realm.MoonRealm;
  24 import org.opendaylight.aaa.shiro.realm.TokenAuthRealm;
  25 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
  26 import org.opendaylight.aaa.web.servlet.ServletSupport;
  27 import org.opendaylight.mdsal.binding.api.DataBroker;
  28 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
  29 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Urls;
  31 import org.opendaylight.yangtools.util.ClassLoaderUtils;
  32 import org.slf4j.Logger;
  33 import org.slf4j.LoggerFactory;
  34
  35 /**
  36  * Extends <code>IniWebEnvironment</code> to provide the Ini configuration via a clustered app config,
  37  * and sets the TCCL (x2) so that loading of classes by name (from aaa-app-config.xml) works even with
  38  * ShiroWebContextSecurer.
  39  *
  40  * @author Ryan Goulding
  41  * @author Thomas Pantelis
  42  * @author Michael Vorburger - use of TCCL for ShiroWebContextSecurer
  43  */
  44 class AAAIniWebEnvironment extends IniWebEnvironment {
  45     private static final Logger LOG = LoggerFactory.getLogger(AAAIniWebEnvironment.class);
  46
  47     private static final String MAIN_SECTION_HEADER = "main";
  48     private static final String URLS_SECTION_HEADER = "urls";
  49
  50     private final ShiroConfiguration shiroConfiguration;
  51     private final DataBroker dataBroker;
  52     private final ICertificateManager certificateManager;
  53     private final AuthenticationService authenticationService;
  54     private final TokenAuthenticators tokenAuthenticators;
  55     private final TokenStore tokenStore;
  56     private final PasswordHashService passwordHashService;
  57     private final ServletSupport servletSupport;
  58
  59     AAAIniWebEnvironment(final ShiroConfiguration shiroConfiguration, final DataBroker dataBroker,
  60                          final ICertificateManager certificateManager,
  61                          final AuthenticationService authenticationService,
  62                          final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
  63                          final PasswordHashService passwordHashService, final ServletSupport servletSupport) {
  64         this.shiroConfiguration = shiroConfiguration;
  65         this.dataBroker = dataBroker;
  66         this.certificateManager = certificateManager;
  67         this.authenticationService = authenticationService;
  68         this.tokenAuthenticators = tokenAuthenticators;
  69         this.tokenStore = tokenStore;
  70         this.passwordHashService = passwordHashService;
  71         this.servletSupport = servletSupport;
  72         LOG.debug("AAAIniWebEnvironment created");
  73     }
  74
  75     static Ini createIniFromClusteredAppConfig(final ShiroConfiguration shiroConfiguration) {
  76         final Ini ini = new Ini();
  77
  78         final Ini.Section mainSection = ini.addSection(MAIN_SECTION_HEADER);
  79         for (final Main main : shiroConfiguration.nonnullMain()) {
  80             mainSection.put(main.getPairKey(), main.getPairValue());
  81         }
  82
  83         final Ini.Section urlsSection = ini.addSection(URLS_SECTION_HEADER);
  84         for (final Urls url : shiroConfiguration.nonnullUrls()) {
  85             urlsSection.put(url.getPairKey(), url.getPairValue());
  86         }
  87
  88         final Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini);
  89         final SecurityManager securityManager = ClassLoaderUtils.getWithClassLoader(
  90                 AAAIniWebEnvironment.class.getClassLoader(), factory::getInstance);
  91         SecurityUtils.setSecurityManager(securityManager);
  92
  93         return ini;
  94     }
  95
  96     @Override
  97     public void init() {
  98         try (
  99             var filterLoad = MDSALDynamicAuthorizationFilter.prepareForLoad(dataBroker);
 100             var keyStoneLoad = KeystoneAuthRealm.prepareForLoad(certificateManager, servletSupport);
 101             var mdsalLoad = MdsalRealm.prepareForLoad(passwordHashService, dataBroker);
 102             var moonLoad = MoonRealm.prepareForLoad(servletSupport);
 103             var tokenAuthLoad = TokenAuthRealm.prepareForLoad(authenticationService, tokenAuthenticators, tokenStore)) {
 104             // Initialize the Shiro environment from clustered-app-config
 105             final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
 106             setIni(ini);
 107             ClassLoaderUtils.runWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), super::init);
 108         }
 109     }
 110 }