2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.odl;
11 import org.opendaylight.aaa.api.AuthenticationException;
12 import org.opendaylight.aaa.api.Claim;
13 import org.opendaylight.aaa.api.CredentialAuth;
14 import org.opendaylight.aaa.api.PasswordCredentials;
15 import org.opendaylight.netconf.auth.AuthProvider;
16 import org.osgi.framework.BundleContext;
17 import org.osgi.framework.ServiceReference;
18 import org.osgi.util.tracker.ServiceTracker;
19 import org.osgi.util.tracker.ServiceTrackerCustomizer;
20 import org.slf4j.Logger;
21 import org.slf4j.LoggerFactory;
25 * AuthProvider implementation delegating to AAA CredentialAuth<PasswordCredentials> instance.
27 public final class CredentialServiceAuthProvider implements AuthProvider, AutoCloseable {
28 private static final Logger logger = LoggerFactory.getLogger(CredentialServiceAuthProvider.class);
31 * Singleton instance with delayed instantiation
33 public static volatile Map.Entry<BundleContext, CredentialServiceAuthProvider> INSTANCE;
35 // FIXME CredentialAuth is generic and it causes warnings during compilation
36 // Maybe there should be a PasswordCredentialAuth implements CredentialAuth<PasswordCredentials>
37 private volatile CredentialAuth<PasswordCredentials> nullableCredService;
38 private final ServiceTracker<CredentialAuth, CredentialAuth> listenerTracker;
40 public CredentialServiceAuthProvider(final BundleContext bundleContext) {
42 final ServiceTrackerCustomizer<CredentialAuth, CredentialAuth> customizer = new ServiceTrackerCustomizer<CredentialAuth, CredentialAuth>() {
44 public CredentialAuth addingService(final ServiceReference<CredentialAuth> reference) {
45 logger.trace("Credential service {} added", reference);
46 nullableCredService = bundleContext.getService(reference);
47 return nullableCredService;
51 public void modifiedService(final ServiceReference<CredentialAuth> reference, final CredentialAuth service) {
52 logger.trace("Replacing modified Credential service {}", reference);
53 nullableCredService = service;
57 public void removedService(final ServiceReference<CredentialAuth> reference, final CredentialAuth service) {
58 logger.trace("Removing Credential service {}. This AuthProvider will fail to authenticate every time", reference);
59 synchronized (CredentialServiceAuthProvider.this) {
60 nullableCredService = null;
64 listenerTracker = new ServiceTracker<>(bundleContext, CredentialAuth.class, customizer);
65 listenerTracker.open();
69 * Authenticate user. This implementation tracks CredentialAuth<PasswordCredentials> and delegates the decision to it. If the service is not
70 * available, IllegalStateException is thrown.
73 public synchronized boolean authenticated(final String username, final String password) {
74 if (nullableCredService == null) {
75 logger.warn("Cannot authenticate user '{}', Credential service is missing", username);
76 throw new IllegalStateException("Credential service is not available");
81 claim = nullableCredService.authenticate(new PasswordCredentialsWrapper(username, password));
82 } catch (AuthenticationException e) {
83 logger.debug("Authentication failed for user '{}' : {}", username, e);
87 logger.debug("Authentication result for user '{}' : {}", username, claim.domain());
92 public void close() throws Exception {
93 listenerTracker.close();
94 nullableCredService = null;
97 private static final class PasswordCredentialsWrapper implements PasswordCredentials {
98 private final String username;
99 private final String password;
101 public PasswordCredentialsWrapper(final String username, final String password) {
102 this.username = username;
103 this.password = password;
107 public String username() {
112 public String password() {
117 public String domain() {
118 // If this is left null, default "sdn" domain is assumed