2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.odl;
11 import org.opendaylight.aaa.api.AuthenticationException;
12 import org.opendaylight.aaa.api.Claim;
13 import org.opendaylight.aaa.api.CredentialAuth;
14 import org.opendaylight.aaa.api.PasswordCredentials;
15 import org.opendaylight.netconf.auth.AuthProvider;
16 import org.osgi.framework.BundleContext;
17 import org.osgi.framework.ServiceReference;
18 import org.osgi.util.tracker.ServiceTracker;
19 import org.osgi.util.tracker.ServiceTrackerCustomizer;
20 import org.slf4j.Logger;
21 import org.slf4j.LoggerFactory;
25 * AuthProvider implementation delegating to AAA CredentialAuth<PasswordCredentials> instance.
27 public final class CredentialServiceAuthProvider implements AuthProvider, AutoCloseable {
28 private static final Logger LOG = LoggerFactory.getLogger(CredentialServiceAuthProvider.class);
31 * Singleton instance with delayed instantiation.
33 public static volatile Map.Entry<BundleContext, CredentialServiceAuthProvider> INSTANCE;
35 // FIXME CredentialAuth is generic and it causes warnings during compilation
36 // Maybe there should be a PasswordCredentialAuth implements CredentialAuth<PasswordCredentials>
37 private volatile CredentialAuth<PasswordCredentials> nullableCredService;
38 private final ServiceTracker<CredentialAuth, CredentialAuth> listenerTracker;
40 public CredentialServiceAuthProvider(final BundleContext bundleContext) {
42 final ServiceTrackerCustomizer<CredentialAuth, CredentialAuth> customizer =
43 new ServiceTrackerCustomizer<CredentialAuth, CredentialAuth>() {
45 public CredentialAuth addingService(final ServiceReference<CredentialAuth> reference) {
46 LOG.trace("Credential service {} added", reference);
47 nullableCredService = bundleContext.getService(reference);
48 return nullableCredService;
52 public void modifiedService(final ServiceReference<CredentialAuth> reference,
53 final CredentialAuth service) {
54 LOG.trace("Replacing modified Credential service {}", reference);
55 nullableCredService = service;
59 public void removedService(final ServiceReference<CredentialAuth> reference, final CredentialAuth service) {
60 LOG.trace("Removing Credential service {}. "
61 + "This AuthProvider will fail to authenticate every time", reference);
62 synchronized (CredentialServiceAuthProvider.this) {
63 nullableCredService = null;
67 listenerTracker = new ServiceTracker<>(bundleContext, CredentialAuth.class, customizer);
68 listenerTracker.open();
72 * Authenticate user. This implementation tracks CredentialAuth<PasswordCredentials>
73 * and delegates the decision to it. If the service is not available, IllegalStateException is thrown.
76 public synchronized boolean authenticated(final String username, final String password) {
77 if (nullableCredService == null) {
78 LOG.warn("Cannot authenticate user '{}', Credential service is missing", username);
79 throw new IllegalStateException("Credential service is not available");
84 claim = nullableCredService.authenticate(new PasswordCredentialsWrapper(username, password));
85 } catch (AuthenticationException e) {
86 LOG.debug("Authentication failed for user '{}' : {}", username, e);
90 LOG.debug("Authentication result for user '{}' : {}", username, claim.domain());
95 * Invoked by blueprint.
99 listenerTracker.close();
100 nullableCredService = null;
103 private static final class PasswordCredentialsWrapper implements PasswordCredentials {
104 private final String username;
105 private final String password;
107 PasswordCredentialsWrapper(final String username, final String password) {
108 this.username = username;
109 this.password = password;
113 public String username() {
118 public String password() {
123 public String domain() {
124 // If this is left null, default "sdn" domain is assumed