2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.odl;
10 import org.opendaylight.aaa.api.AuthenticationException;
11 import org.opendaylight.aaa.api.Claim;
12 import org.opendaylight.aaa.api.CredentialAuth;
13 import org.opendaylight.aaa.api.PasswordCredentials;
14 import org.opendaylight.netconf.auth.AuthProvider;
15 import org.osgi.framework.BundleContext;
16 import org.osgi.framework.ServiceReference;
17 import org.osgi.util.tracker.ServiceTracker;
18 import org.osgi.util.tracker.ServiceTrackerCustomizer;
19 import org.slf4j.Logger;
20 import org.slf4j.LoggerFactory;
24 * AuthProvider implementation delegating to AAA CredentialAuth<PasswordCredentials> instance.
26 public final class CredentialServiceAuthProvider implements AuthProvider, AutoCloseable {
27 private static final Logger LOG = LoggerFactory.getLogger(CredentialServiceAuthProvider.class);
29 // FIXME CredentialAuth is generic and it causes warnings during compilation
30 // Maybe there should be a PasswordCredentialAuth implements CredentialAuth<PasswordCredentials>
31 private volatile CredentialAuth<PasswordCredentials> nullableCredService;
32 private final ServiceTracker<CredentialAuth, CredentialAuth> listenerTracker;
34 public CredentialServiceAuthProvider(final BundleContext bundleContext) {
36 final ServiceTrackerCustomizer<CredentialAuth, CredentialAuth> customizer =
37 new ServiceTrackerCustomizer<CredentialAuth, CredentialAuth>() {
39 public CredentialAuth addingService(final ServiceReference<CredentialAuth> reference) {
40 LOG.trace("Credential service {} added", reference);
41 nullableCredService = bundleContext.getService(reference);
42 return nullableCredService;
46 public void modifiedService(final ServiceReference<CredentialAuth> reference,
47 final CredentialAuth service) {
48 LOG.trace("Replacing modified Credential service {}", reference);
49 nullableCredService = service;
53 public void removedService(final ServiceReference<CredentialAuth> reference, final CredentialAuth service) {
54 LOG.trace("Removing Credential service {}. "
55 + "This AuthProvider will fail to authenticate every time", reference);
56 synchronized (CredentialServiceAuthProvider.this) {
57 nullableCredService = null;
61 listenerTracker = new ServiceTracker<>(bundleContext, CredentialAuth.class, customizer);
62 listenerTracker.open();
66 * Authenticate user. This implementation tracks CredentialAuth<PasswordCredentials>
67 * and delegates the decision to it. If the service is not available, IllegalStateException is thrown.
70 public synchronized boolean authenticated(final String username, final String password) {
71 if (nullableCredService == null) {
72 LOG.warn("Cannot authenticate user '{}', Credential service is missing", username);
73 throw new IllegalStateException("Credential service is not available");
78 claim = nullableCredService.authenticate(new PasswordCredentialsWrapper(username, password));
79 } catch (AuthenticationException e) {
80 LOG.debug("Authentication failed for user '{}' : {}", username, e);
84 LOG.debug("Authentication result for user '{}' : {}", username, claim.domain());
89 * Invoked by blueprint.
93 listenerTracker.close();
94 nullableCredService = null;
97 private static final class PasswordCredentialsWrapper implements PasswordCredentials {
98 private final String username;
99 private final String password;
101 PasswordCredentialsWrapper(final String username, final String password) {
102 this.username = username;
103 this.password = password;
107 public String username() {
112 public String password() {
117 public String domain() {
118 // If this is left null, default "sdn" domain is assumed