2 * Copyright (c) 2018 Inocybe Technologies and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.shiro.web.env;
10 import java.util.function.Supplier;
11 import org.apache.shiro.SecurityUtils;
12 import org.apache.shiro.config.Ini;
13 import org.apache.shiro.config.IniSecurityManagerFactory;
14 import org.apache.shiro.mgt.SecurityManager;
15 import org.apache.shiro.util.Factory;
16 import org.apache.shiro.web.env.IniWebEnvironment;
17 import org.opendaylight.aaa.api.AuthenticationService;
18 import org.opendaylight.aaa.api.TokenStore;
19 import org.opendaylight.aaa.api.password.service.PasswordHashService;
20 import org.opendaylight.aaa.cert.api.ICertificateManager;
21 import org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm;
22 import org.opendaylight.aaa.shiro.realm.MoonRealm;
23 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
24 import org.opendaylight.aaa.web.servlet.ServletSupport;
25 import org.opendaylight.mdsal.binding.api.DataBroker;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Urls;
29 import org.opendaylight.yangtools.util.ClassLoaderUtils;
30 import org.slf4j.Logger;
31 import org.slf4j.LoggerFactory;
34 * Extends <code>IniWebEnvironment</code> to provide the Ini configuration via a clustered app config,
35 * and sets the TCCL (x2) so that loading of classes by name (from aaa-app-config.xml) works even with
36 * ShiroWebContextSecurer.
38 * @author Ryan Goulding
39 * @author Thomas Pantelis
40 * @author Michael Vorburger - use of TCCL for ShiroWebContextSecurer
42 class AAAIniWebEnvironment extends IniWebEnvironment {
43 private static final Logger LOG = LoggerFactory.getLogger(AAAIniWebEnvironment.class);
45 private static final String MAIN_SECTION_HEADER = "main";
46 private static final String URLS_SECTION_HEADER = "urls";
48 private final ShiroConfiguration shiroConfiguration;
49 private final DataBroker dataBroker;
50 private final ICertificateManager certificateManager;
51 private final AuthenticationService authenticationService;
52 private final TokenAuthenticators tokenAuthenticators;
53 private final TokenStore tokenStore;
54 private final PasswordHashService passwordHashService;
55 private final ServletSupport servletSupport;
57 AAAIniWebEnvironment(final ShiroConfiguration shiroConfiguration, final DataBroker dataBroker,
58 final ICertificateManager certificateManager,
59 final AuthenticationService authenticationService,
60 final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
61 final PasswordHashService passwordHashService, final ServletSupport servletSupport) {
62 this.shiroConfiguration = shiroConfiguration;
63 this.dataBroker = dataBroker;
64 this.certificateManager = certificateManager;
65 this.authenticationService = authenticationService;
66 this.tokenAuthenticators = tokenAuthenticators;
67 this.tokenStore = tokenStore;
68 this.passwordHashService = passwordHashService;
69 this.servletSupport = servletSupport;
70 LOG.debug("AAAIniWebEnvironment created");
73 static Ini createIniFromClusteredAppConfig(final ShiroConfiguration shiroConfiguration) {
74 final Ini ini = new Ini();
76 final Ini.Section mainSection = ini.addSection(MAIN_SECTION_HEADER);
77 for (final Main main : shiroConfiguration.nonnullMain()) {
78 mainSection.put(main.getPairKey(), main.getPairValue());
81 final Ini.Section urlsSection = ini.addSection(URLS_SECTION_HEADER);
82 for (final Urls url : shiroConfiguration.nonnullUrls()) {
83 urlsSection.put(url.getPairKey(), url.getPairValue());
86 final Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini);
87 final SecurityManager securityManager = ClassLoaderUtils.getWithClassLoader(
88 AAAIniWebEnvironment.class.getClassLoader(), (Supplier<SecurityManager>) factory::getInstance);
89 SecurityUtils.setSecurityManager(securityManager);
96 ThreadLocals.DATABROKER_TL.set(dataBroker);
97 ThreadLocals.AUTH_SETVICE_TL.set(authenticationService);
98 ThreadLocals.TOKEN_AUTHENICATORS_TL.set(tokenAuthenticators);
99 ThreadLocals.TOKEN_STORE_TL.set(tokenStore);
100 ThreadLocals.PASSWORD_HASH_SERVICE_TL.set(passwordHashService);
101 try (var keyStoneLoad = KeystoneAuthRealm.prepareForLoad(certificateManager)) {
102 try (var moonLoad = MoonRealm.prepareForLoad(servletSupport)) {
103 // Initialize the Shiro environment from clustered-app-config
104 final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
106 ClassLoaderUtils.getWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), () -> {
112 ThreadLocals.DATABROKER_TL.remove();
113 ThreadLocals.AUTH_SETVICE_TL.remove();
114 ThreadLocals.TOKEN_AUTHENICATORS_TL.remove();
115 ThreadLocals.TOKEN_STORE_TL.remove();
116 ThreadLocals.PASSWORD_HASH_SERVICE_TL.remove();