netconf/aaa-authn-odl-plugin/src/main/java/org/opendaylight/aaa/odl/CredentialServiceAuthProvider.java

   1 /*
   2  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.aaa.odl;
   9
  10 import java.util.Map;
  11 import org.opendaylight.aaa.api.AuthenticationException;
  12 import org.opendaylight.aaa.api.Claim;
  13 import org.opendaylight.aaa.api.PasswordCredentials;
  14 import org.opendaylight.netconf.auth.AuthProvider;
  15 import org.osgi.framework.BundleContext;
  16 import org.osgi.framework.ServiceReference;
  17 import org.osgi.util.tracker.ServiceTracker;
  18 import org.osgi.util.tracker.ServiceTrackerCustomizer;
  19 import org.slf4j.Logger;
  20 import org.slf4j.LoggerFactory;
  21
  22
  23 /**
  24  * AuthProvider implementation delegating to AAA CredentialAuth&lt;PasswordCredentials&gt; instance.
  25  */
  26 public final class CredentialServiceAuthProvider implements AuthProvider, AutoCloseable {
  27     private static final Logger logger = LoggerFactory.getLogger(CredentialServiceAuthProvider.class);
  28
  29     /**
  30      * Singleton instance with delayed instantiation
  31      */
  32     public static volatile Map.Entry<BundleContext, CredentialServiceAuthProvider> INSTANCE;
  33
  34     private volatile PasswordCredentialAuth nullableCredService;
  35     private final ServiceTracker<PasswordCredentialAuth, PasswordCredentialAuth> listenerTracker;
  36
  37     public CredentialServiceAuthProvider(final BundleContext bundleContext) {
  38
  39         final ServiceTrackerCustomizer<PasswordCredentialAuth, PasswordCredentialAuth> customizer = new ServiceTrackerCustomizer<PasswordCredentialAuth, PasswordCredentialAuth>() {
  40             @Override
  41             public PasswordCredentialAuth addingService(final ServiceReference<PasswordCredentialAuth> reference) {
  42                 logger.trace("Credential service {} added", reference);
  43                 nullableCredService =  bundleContext.getService(reference);
  44                 return nullableCredService;
  45             }
  46
  47             @Override
  48             public void modifiedService(final ServiceReference<PasswordCredentialAuth> reference, final PasswordCredentialAuth service) {
  49                 logger.trace("Replacing modified Credential service {}", reference);
  50                 nullableCredService = service;
  51             }
  52
  53             @Override
  54             public void removedService(final ServiceReference<PasswordCredentialAuth> reference, final PasswordCredentialAuth service) {
  55                 logger.trace("Removing Credential service {}. This AuthProvider will fail to authenticate every time", reference);
  56                 synchronized (CredentialServiceAuthProvider.this) {
  57                     nullableCredService = null;
  58                 }
  59             }
  60         };
  61         listenerTracker = new ServiceTracker<>(bundleContext, PasswordCredentialAuth.class, customizer);
  62         listenerTracker.open();
  63     }
  64
  65     /**
  66      * Authenticate user. This implementation tracks CredentialAuth&lt;PasswordCredentials&gt; and delegates the decision to it. If the service is not
  67      * available, IllegalStateException is thrown.
  68      */
  69     @Override
  70     public synchronized boolean authenticated(final String username, final String password) {
  71         if (nullableCredService == null) {
  72             logger.warn("Cannot authenticate user '{}', Credential service is missing", username);
  73             throw new IllegalStateException("Credential service is not available");
  74         }
  75
  76         Claim claim;
  77         try {
  78             claim = nullableCredService.authenticate(new PasswordCredentialsWrapper(username, password));
  79         } catch (AuthenticationException e) {
  80             logger.debug("Authentication failed for user '{}' : {}", username, e);
  81             return false;
  82         }
  83
  84         logger.debug("Authentication result for user '{}' : {}", username, claim.domain());
  85         return true;
  86     }
  87
  88     @Override
  89     public void close() throws Exception {
  90         listenerTracker.close();
  91         nullableCredService = null;
  92     }
  93
  94     private static final class PasswordCredentialsWrapper implements PasswordCredentials {
  95         private final String username;
  96         private final String password;
  97
  98         public PasswordCredentialsWrapper(final String username, final String password) {
  99             this.username = username;
 100             this.password = password;
 101         }
 102
 103         @Override
 104         public String username() {
 105             return username;
 106         }
 107
 108         @Override
 109         public String password() {
 110             return password;
 111         }
 112
 113         @Override
 114         public String domain() {
 115             // If this is left null, default "sdn" domain is assumed
 116             return null;
 117         }
 118     }
 119 }