netconf/aaa-authn-odl-plugin/src/main/java/org/opendaylight/aaa/odl/CredentialServiceAuthProvider.java

   1 /*
   2  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.aaa.odl;
   9
  10 import java.util.Map;
  11 import org.opendaylight.aaa.api.AuthenticationException;
  12 import org.opendaylight.aaa.api.Claim;
  13 import org.opendaylight.aaa.api.CredentialAuth;
  14 import org.opendaylight.aaa.api.PasswordCredentials;
  15 import org.opendaylight.netconf.auth.AuthProvider;
  16 import org.osgi.framework.BundleContext;
  17 import org.osgi.framework.ServiceReference;
  18 import org.osgi.util.tracker.ServiceTracker;
  19 import org.osgi.util.tracker.ServiceTrackerCustomizer;
  20 import org.slf4j.Logger;
  21 import org.slf4j.LoggerFactory;
  22
  23
  24 /**
  25  * AuthProvider implementation delegating to AAA CredentialAuth&lt;PasswordCredentials&gt; instance.
  26  */
  27 public final class CredentialServiceAuthProvider implements AuthProvider, AutoCloseable {
  28     private static final Logger LOG = LoggerFactory.getLogger(CredentialServiceAuthProvider.class);
  29
  30     /**
  31      * Singleton instance with delayed instantiation.
  32      */
  33     public static volatile Map.Entry<BundleContext, CredentialServiceAuthProvider> INSTANCE;
  34
  35     // FIXME CredentialAuth is generic and it causes warnings during compilation
  36     // Maybe there should be a PasswordCredentialAuth implements CredentialAuth<PasswordCredentials>
  37     private volatile CredentialAuth<PasswordCredentials> nullableCredService;
  38     private final ServiceTracker<CredentialAuth, CredentialAuth> listenerTracker;
  39
  40     public CredentialServiceAuthProvider(final BundleContext bundleContext) {
  41
  42         final ServiceTrackerCustomizer<CredentialAuth, CredentialAuth> customizer =
  43                 new ServiceTrackerCustomizer<CredentialAuth, CredentialAuth>() {
  44             @Override
  45             public CredentialAuth addingService(final ServiceReference<CredentialAuth> reference) {
  46                 LOG.trace("Credential service {} added", reference);
  47                 nullableCredService = bundleContext.getService(reference);
  48                 return nullableCredService;
  49             }
  50
  51             @Override
  52             public void modifiedService(final ServiceReference<CredentialAuth> reference,
  53                                         final CredentialAuth service) {
  54                 LOG.trace("Replacing modified Credential service {}", reference);
  55                 nullableCredService = service;
  56             }
  57
  58             @Override
  59             public void removedService(final ServiceReference<CredentialAuth> reference, final CredentialAuth service) {
  60                 LOG.trace("Removing Credential service {}. "
  61                         + "This AuthProvider will fail to authenticate every time", reference);
  62                 synchronized (CredentialServiceAuthProvider.this) {
  63                     nullableCredService = null;
  64                 }
  65             }
  66         };
  67         listenerTracker = new ServiceTracker<>(bundleContext, CredentialAuth.class, customizer);
  68         listenerTracker.open();
  69     }
  70
  71     /**
  72      * Authenticate user. This implementation tracks CredentialAuth&lt;PasswordCredentials&gt;
  73      * and delegates the decision to it. If the service is not available, IllegalStateException is thrown.
  74      */
  75     @Override
  76     public synchronized boolean authenticated(final String username, final String password) {
  77         if (nullableCredService == null) {
  78             LOG.warn("Cannot authenticate user '{}', Credential service is missing", username);
  79             throw new IllegalStateException("Credential service is not available");
  80         }
  81
  82         Claim claim;
  83         try {
  84             claim = nullableCredService.authenticate(new PasswordCredentialsWrapper(username, password));
  85         } catch (AuthenticationException e) {
  86             LOG.debug("Authentication failed for user '{}' : {}", username, e);
  87             return false;
  88         }
  89
  90         LOG.debug("Authentication result for user '{}' : {}", username, claim.domain());
  91         return true;
  92     }
  93
  94     /**
  95      * Invoked by blueprint.
  96      */
  97     @Override
  98     public void close() {
  99         listenerTracker.close();
 100         nullableCredService = null;
 101     }
 102
 103     private static final class PasswordCredentialsWrapper implements PasswordCredentials {
 104         private final String username;
 105         private final String password;
 106
 107         PasswordCredentialsWrapper(final String username, final String password) {
 108             this.username = username;
 109             this.password = password;
 110         }
 111
 112         @Override
 113         public String username() {
 114             return username;
 115         }
 116
 117         @Override
 118         public String password() {
 119             return password;
 120         }
 121
 122         @Override
 123         public String domain() {
 124             // If this is left null, default "sdn" domain is assumed
 125             return null;
 126         }
 127     }
 128 }