netconf/aaa-authn-odl-plugin/src/main/java/org/opendaylight/aaa/odl/CredentialServiceAuthProvider.java

   1 /*
   2  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.aaa.odl;
   9
  10 import org.opendaylight.aaa.api.AuthenticationException;
  11 import org.opendaylight.aaa.api.Claim;
  12 import org.opendaylight.aaa.api.CredentialAuth;
  13 import org.opendaylight.aaa.api.PasswordCredentials;
  14 import org.opendaylight.netconf.auth.AuthProvider;
  15 import org.osgi.framework.BundleContext;
  16 import org.osgi.framework.ServiceReference;
  17 import org.osgi.util.tracker.ServiceTracker;
  18 import org.osgi.util.tracker.ServiceTrackerCustomizer;
  19 import org.slf4j.Logger;
  20 import org.slf4j.LoggerFactory;
  21
  22
  23 /**
  24  * AuthProvider implementation delegating to AAA CredentialAuth&lt;PasswordCredentials&gt; instance.
  25  */
  26 public final class CredentialServiceAuthProvider implements AuthProvider, AutoCloseable {
  27     private static final Logger LOG = LoggerFactory.getLogger(CredentialServiceAuthProvider.class);
  28
  29     // FIXME CredentialAuth is generic and it causes warnings during compilation
  30     // Maybe there should be a PasswordCredentialAuth implements CredentialAuth<PasswordCredentials>
  31     private volatile CredentialAuth<PasswordCredentials> nullableCredService;
  32     private final ServiceTracker<CredentialAuth, CredentialAuth> listenerTracker;
  33
  34     public CredentialServiceAuthProvider(final BundleContext bundleContext) {
  35
  36         final ServiceTrackerCustomizer<CredentialAuth, CredentialAuth> customizer =
  37                 new ServiceTrackerCustomizer<CredentialAuth, CredentialAuth>() {
  38             @Override
  39             public CredentialAuth addingService(final ServiceReference<CredentialAuth> reference) {
  40                 LOG.trace("Credential service {} added", reference);
  41                 nullableCredService = bundleContext.getService(reference);
  42                 return nullableCredService;
  43             }
  44
  45             @Override
  46             public void modifiedService(final ServiceReference<CredentialAuth> reference,
  47                                         final CredentialAuth service) {
  48                 LOG.trace("Replacing modified Credential service {}", reference);
  49                 nullableCredService = service;
  50             }
  51
  52             @Override
  53             public void removedService(final ServiceReference<CredentialAuth> reference, final CredentialAuth service) {
  54                 LOG.trace("Removing Credential service {}. "
  55                         + "This AuthProvider will fail to authenticate every time", reference);
  56                 synchronized (CredentialServiceAuthProvider.this) {
  57                     nullableCredService = null;
  58                 }
  59             }
  60         };
  61         listenerTracker = new ServiceTracker<>(bundleContext, CredentialAuth.class, customizer);
  62         listenerTracker.open();
  63     }
  64
  65     /**
  66      * Authenticate user. This implementation tracks CredentialAuth&lt;PasswordCredentials&gt;
  67      * and delegates the decision to it. If the service is not available, IllegalStateException is thrown.
  68      */
  69     @Override
  70     public synchronized boolean authenticated(final String username, final String password) {
  71         if (nullableCredService == null) {
  72             LOG.warn("Cannot authenticate user '{}', Credential service is missing", username);
  73             throw new IllegalStateException("Credential service is not available");
  74         }
  75
  76         Claim claim;
  77         try {
  78             claim = nullableCredService.authenticate(new PasswordCredentialsWrapper(username, password));
  79         } catch (AuthenticationException e) {
  80             LOG.debug("Authentication failed for user '{}' : {}", username, e);
  81             return false;
  82         }
  83
  84         LOG.debug("Authentication result for user '{}' : {}", username, claim.domain());
  85         return true;
  86     }
  87
  88     /**
  89      * Invoked by blueprint.
  90      */
  91     @Override
  92     public void close() {
  93         listenerTracker.close();
  94         nullableCredService = null;
  95     }
  96
  97     private static final class PasswordCredentialsWrapper implements PasswordCredentials {
  98         private final String username;
  99         private final String password;
 100
 101         PasswordCredentialsWrapper(final String username, final String password) {
 102             this.username = username;
 103             this.password = password;
 104         }
 105
 106         @Override
 107         public String username() {
 108             return username;
 109         }
 110
 111         @Override
 112         public String password() {
 113             return password;
 114         }
 115
 116         @Override
 117         public String domain() {
 118             // If this is left null, default "sdn" domain is assumed
 119             return null;
 120         }
 121     }
 122 }