import org.opendaylight.aaa.api.PasswordCredentialAuth;
import org.opendaylight.aaa.api.StoreBuilder;
import org.opendaylight.aaa.api.TokenAuth;
+import org.opendaylight.aaa.shiro.realm.RealmAuthProvider;
import org.opendaylight.aaa.tokenauthrealm.auth.HttpBasicAuth;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.DatastoreConfig;
import org.slf4j.Logger;
/**
* Provider for AAA shiro implementation.
*/
-public final class AAAShiroProvider implements AutoCloseable {
+public final class AAAShiroProvider implements RealmAuthProvider, AutoCloseable {
private static final Logger LOG = LoggerFactory.getLogger(AAAShiroProvider.class);
private final @NonNull List<TokenAuth> tokenAuthenticators;
}
}
- public @NonNull List<TokenAuth> getTokenAuthenticators() {
+ @Override
+ public List<TokenAuth> tokenAuthenticators() {
return tokenAuthenticators;
}
}
--- /dev/null
+/*
+ * Copyright (c) 2025 PANTHEON.tech, s.r.o. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.aaa.shiro.realm;
+
+import java.util.List;
+import org.eclipse.jdt.annotation.NonNullByDefault;
+import org.opendaylight.aaa.api.TokenAuth;
+
+/**
+ * {@link TokenAuth}s forming a realm.
+ */
+@FunctionalInterface
+@NonNullByDefault
+public interface RealmAuthProvider {
+ /**
+ * Returns the realm's token authenticators.
+ *
+ * @return the realm's token authenticators
+ */
+ List<TokenAuth> tokenAuthenticators();
+}
import static java.util.Objects.requireNonNull;
import com.google.common.base.Strings;
-import java.util.List;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.PrincipalCollection;
import org.opendaylight.aaa.api.Authentication;
import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.aaa.api.TokenAuth;
import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal;
import org.opendaylight.aaa.shiro.principal.ODLPrincipalImpl;
import org.opendaylight.aaa.shiro.realm.util.TokenUtils;
*/
public class TokenAuthRealm extends AuthorizingRealm {
private static final Logger LOG = LoggerFactory.getLogger(TokenAuthRealm.class);
- private static final ThreadLocal<List<TokenAuth>> AUTHENICATORS_TL = new ThreadLocal<>();
+ private static final ThreadLocal<RealmAuthProvider> AUTHENICATORS_TL = new ThreadLocal<>();
private static final ThreadLocal<AuthenticationService> AUTH_SERVICE_TL = new ThreadLocal<>();
- private final List<TokenAuth> authenticators;
+ private final RealmAuthProvider realmAuthProvider;
private final AuthenticationService authService;
public TokenAuthRealm() {
this(verifyLoad(AUTH_SERVICE_TL), verifyLoad(AUTHENICATORS_TL));
}
- public TokenAuthRealm(final AuthenticationService authService, final List<TokenAuth> authenticators) {
+ public TokenAuthRealm(final AuthenticationService authService, final RealmAuthProvider realmAuthProvider) {
this.authService = requireNonNull(authService);
- this.authenticators = List.copyOf(authenticators);
+ this.realmAuthProvider = requireNonNull(realmAuthProvider);
super.setName("TokenAuthRealm");
}
public static Registration prepareForLoad(final AuthenticationService authService,
- final List<TokenAuth> authenticators) {
+ final RealmAuthProvider realmAuthProvider) {
AUTH_SERVICE_TL.set(requireNonNull(authService));
- AUTHENICATORS_TL.set(requireNonNull(authenticators));
+ AUTHENICATORS_TL.set(requireNonNull(realmAuthProvider));
return () -> {
AUTH_SERVICE_TL.remove();
AUTHENICATORS_TL.remove();
// iterate over <code>TokenAuth</code> implementations and
// attempt to
// authentication with each one
- for (var ta : authenticators) {
+ for (var ta : realmAuthProvider.tokenAuthenticators()) {
try {
LOG.debug("Authentication attempt using {}", ta.getClass().getName());
final Authentication auth = ta.validate(headers);
*/
package org.opendaylight.aaa.shiro.web.env;
-import java.util.List;
import org.apache.shiro.config.Ini;
import org.apache.shiro.web.env.IniWebEnvironment;
import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.aaa.api.TokenAuth;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
import org.opendaylight.aaa.cert.api.ICertificateManager;
import org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm;
import org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter;
import org.opendaylight.aaa.shiro.realm.MdsalRealm;
import org.opendaylight.aaa.shiro.realm.MoonRealm;
+import org.opendaylight.aaa.shiro.realm.RealmAuthProvider;
import org.opendaylight.aaa.shiro.realm.TokenAuthRealm;
import org.opendaylight.aaa.web.servlet.ServletSupport;
import org.opendaylight.mdsal.binding.api.DataBroker;
public AAAWebEnvironment(final ShiroIni shiroConfiguration, final DataBroker dataBroker,
final ICertificateManager certificateManager, final AuthenticationService authenticationService,
- final List<TokenAuth> tokenAuthenticators, final PasswordHashService passwordHashService,
+ final RealmAuthProvider realmAuthProvider, final PasswordHashService passwordHashService,
final ServletSupport servletSupport) {
// Turn ShiroConfiguration into an Ini
final var ini = new Ini();
var keyStoneLoad = KeystoneAuthRealm.prepareForLoad(certificateManager, servletSupport);
var mdsalLoad = MdsalRealm.prepareForLoad(passwordHashService, dataBroker);
var moonLoad = MoonRealm.prepareForLoad(servletSupport);
- var tokenAuthLoad = TokenAuthRealm.prepareForLoad(authenticationService, tokenAuthenticators)) {
+ var tokenAuthLoad = TokenAuthRealm.prepareForLoad(authenticationService, realmAuthProvider)) {
configure();
}
});
<argument ref="dataBroker"/>
<argument ref="certManager"/>
<argument ref="authService"/>
- <argument>
- <bean factory-ref="provider" factory-method="getTokenAuthenticators"/>
- </argument>
+ <argument ref="provider"/>
<argument ref="passwordService"/>
<argument ref="servletSupport"/>
</bean>
import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationManager;
public class TokenAuthRealmTest {
- private final TokenAuthRealm testRealm = new TokenAuthRealm(new AuthenticationManager(), List.of());
+ private final TokenAuthRealm testRealm = new TokenAuthRealm(new AuthenticationManager(), List::of);
@Test
public void testTokenAuthRealm() {
Code Review / aaa.git / commitdiff