2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.odl;
11 import org.opendaylight.aaa.api.AuthenticationException;
12 import org.opendaylight.aaa.api.Claim;
13 import org.opendaylight.aaa.api.PasswordCredentials;
14 import org.opendaylight.netconf.auth.AuthProvider;
15 import org.osgi.framework.BundleContext;
16 import org.osgi.framework.ServiceReference;
17 import org.osgi.util.tracker.ServiceTracker;
18 import org.osgi.util.tracker.ServiceTrackerCustomizer;
19 import org.slf4j.Logger;
20 import org.slf4j.LoggerFactory;
24 * AuthProvider implementation delegating to AAA CredentialAuth<PasswordCredentials> instance.
26 public final class CredentialServiceAuthProvider implements AuthProvider, AutoCloseable {
27 private static final Logger logger = LoggerFactory.getLogger(CredentialServiceAuthProvider.class);
30 * Singleton instance with delayed instantiation
32 public static volatile Map.Entry<BundleContext, CredentialServiceAuthProvider> INSTANCE;
34 private volatile PasswordCredentialAuth nullableCredService;
35 private final ServiceTracker<PasswordCredentialAuth, PasswordCredentialAuth> listenerTracker;
37 public CredentialServiceAuthProvider(final BundleContext bundleContext) {
39 final ServiceTrackerCustomizer<PasswordCredentialAuth, PasswordCredentialAuth> customizer = new ServiceTrackerCustomizer<PasswordCredentialAuth, PasswordCredentialAuth>() {
41 public PasswordCredentialAuth addingService(final ServiceReference<PasswordCredentialAuth> reference) {
42 logger.trace("Credential service {} added", reference);
43 nullableCredService = bundleContext.getService(reference);
44 return nullableCredService;
48 public void modifiedService(final ServiceReference<PasswordCredentialAuth> reference, final PasswordCredentialAuth service) {
49 logger.trace("Replacing modified Credential service {}", reference);
50 nullableCredService = service;
54 public void removedService(final ServiceReference<PasswordCredentialAuth> reference, final PasswordCredentialAuth service) {
55 logger.trace("Removing Credential service {}. This AuthProvider will fail to authenticate every time", reference);
56 synchronized (CredentialServiceAuthProvider.this) {
57 nullableCredService = null;
61 listenerTracker = new ServiceTracker<>(bundleContext, PasswordCredentialAuth.class, customizer);
62 listenerTracker.open();
66 * Authenticate user. This implementation tracks CredentialAuth<PasswordCredentials> and delegates the decision to it. If the service is not
67 * available, IllegalStateException is thrown.
70 public synchronized boolean authenticated(final String username, final String password) {
71 if (nullableCredService == null) {
72 logger.warn("Cannot authenticate user '{}', Credential service is missing", username);
73 throw new IllegalStateException("Credential service is not available");
78 claim = nullableCredService.authenticate(new PasswordCredentialsWrapper(username, password));
79 } catch (AuthenticationException e) {
80 logger.debug("Authentication failed for user '{}' : {}", username, e);
84 logger.debug("Authentication result for user '{}' : {}", username, claim.domain());
89 public void close() throws Exception {
90 listenerTracker.close();
91 nullableCredService = null;
94 private static final class PasswordCredentialsWrapper implements PasswordCredentials {
95 private final String username;
96 private final String password;
98 public PasswordCredentialsWrapper(final String username, final String password) {
99 this.username = username;
100 this.password = password;
104 public String username() {
109 public String password() {
114 public String domain() {
115 // If this is left null, default "sdn" domain is assumed