The usage of TokenStore was removed with OAuth2 implementations.
https://git.opendaylight.org/gerrit/c/aaa/+/104968
JIRA: AAA-276
Change-Id: Ice6bb231bc4bd0f2c5df719c4f7c1673b41ff7fd
Signed-off-by: Peter Suna <peter.suna@pantheon.tech>
+++ /dev/null
-/*
- * Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.api;
-
-/**
- * A datastore for auth tokens.
- *
- * @author liemmn
- *
- */
-public interface TokenStore {
- void put(String token, Authentication auth);
-
- Authentication get(String token);
-
- boolean delete(String token);
-
- long tokenExpiration();
-}
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
- <dependency>
- <groupId>net.sf.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- </dependency>
<dependency>
<groupId>org.immutables</groupId>
<artifactId>value</artifactId>
+++ /dev/null
-/*
- * Copyright (c) 2016 Inocybe Technologies. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-package org.opendaylight.aaa.datastore.h2;
-
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Element;
-import net.sf.ehcache.config.CacheConfiguration;
-import net.sf.ehcache.config.Configuration;
-import net.sf.ehcache.config.ConfigurationFactory;
-import org.opendaylight.aaa.api.Authentication;
-import org.opendaylight.aaa.api.TokenStore;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class H2TokenStore implements AutoCloseable, TokenStore {
-
- private static final Logger LOG = LoggerFactory.getLogger(H2TokenStore.class);
-
- private static final String TOKEN_CACHE_MANAGER = "org.opendaylight.aaa";
- private static final String TOKEN_CACHE = "tokens";
-
- private int maxCachedTokensInMemory = 10000;
- private int maxCachedTokensOnDisk = 100000;
- private final Cache tokens;
-
- public H2TokenStore(long secondsToLive, long secondsToIdle) {
- // When we restart, the cache manager and token cache are already there
- CacheManager cm = CacheManager.getCacheManager(TOKEN_CACHE_MANAGER);
- if (cm == null) {
- Configuration configuration = ConfigurationFactory.parseConfiguration();
- configuration.setName(TOKEN_CACHE_MANAGER);
- cm = CacheManager.newInstance(configuration);
- }
- Cache existingCache = cm.getCache(TOKEN_CACHE);
- if (existingCache != null) {
- tokens = existingCache;
- } else {
- tokens = new Cache(new CacheConfiguration(TOKEN_CACHE, maxCachedTokensInMemory)
- .maxEntriesLocalDisk(maxCachedTokensOnDisk)
- .timeToLiveSeconds(secondsToLive)
- .timeToIdleSeconds(secondsToIdle));
- cm.addCache(tokens);
- }
- LOG.info("Initialized token store with default cache config");
- }
-
- @Override
- public void close() {
- LOG.info("Shutting down token store...");
- CacheManager.getInstance().shutdown();
- }
-
- @Override
- public Authentication get(String token) {
- Element elem = tokens.get(token);
- return (Authentication) (elem != null ? elem.getObjectValue() : null);
- }
-
- @Override
- public void put(String token, Authentication auth) {
- tokens.put(new Element(token, auth));
- }
-
- @Override
- public boolean delete(String token) {
- return tokens.remove(token);
- }
-
- @Override
- public long tokenExpiration() {
- return tokens.getCacheConfiguration().getTimeToLiveSeconds();
- }
-}
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2016, 2017 Inocybe Technologies. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-package org.opendaylight.aaa.datastore.h2;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-
-import org.junit.After;
-import org.junit.Test;
-import org.opendaylight.aaa.api.Authentication;
-import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationBuilder;
-import org.opendaylight.aaa.tokenauthrealm.auth.ClaimBuilder;
-
-/**
- * Unit Test for H2TokenStore.
- *
- * @author mserngawy
- */
-public class H2TokenStoreTest {
- private final H2TokenStore h2TokenStore = new H2TokenStore(36000, 3600);
-
- @After
- public void teardown() throws Exception {
- h2TokenStore.close();
- }
-
- @Test
- public void testTokenStore() throws InterruptedException {
- final String fooToken = "foo_token";
- Authentication auth = new AuthenticationBuilder(
- new ClaimBuilder().setUser("foo").setUserId("1234").addRole("admin").build()).build();
- h2TokenStore.put(fooToken, auth);
- assertEquals(auth, h2TokenStore.get(fooToken));
- h2TokenStore.delete(fooToken);
- assertNull(h2TokenStore.get(fooToken));
- }
-}
<optional>true</optional>
</dependency>
- <dependency>
- <groupId>net.sf.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- </dependency>
- <dependency>
- <groupId>org.immutables</groupId>
- <artifactId>value</artifactId>
- <classifier>annotations</classifier>
- </dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
import org.opendaylight.aaa.api.IIDMStore;
import org.opendaylight.aaa.api.PasswordCredentialAuth;
import org.opendaylight.aaa.api.StoreBuilder;
-import org.opendaylight.aaa.api.TokenStore;
-import org.opendaylight.aaa.datastore.h2.H2TokenStore;
import org.opendaylight.aaa.tokenauthrealm.auth.HttpBasicAuth;
import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.DatastoreConfig;
public final class AAAShiroProvider implements AutoCloseable {
private static final Logger LOG = LoggerFactory.getLogger(AAAShiroProvider.class);
- private final TokenStore tokenStore;
private final TokenAuthenticators tokenAuthenticators;
/**
final DatastoreConfig datastoreConfig,
final IIDMStore iidmStore) {
if (datastoreConfig != null && datastoreConfig.getStore() == DatastoreConfig.Store.H2DataStore) {
- tokenStore = new H2TokenStore(datastoreConfig.getTimeToLive().longValue(),
- datastoreConfig.getTimeToWait().longValue());
-
initializeIIDMStore(iidmStore);
tokenAuthenticators = new TokenAuthenticators(new HttpBasicAuth(credentialAuth));
LOG.info("AAAShiroProvider Session Initiated");
} else {
- tokenStore = null;
tokenAuthenticators = new TokenAuthenticators();
LOG.info("AAA Datastore has not been initialized");
}
}
}
- public TokenStore getTokenStore() {
- return tokenStore;
- }
-
public TokenAuthenticators getTokenAuthenticators() {
return tokenAuthenticators;
}
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
-import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.aaa.api.Authentication;
import org.opendaylight.aaa.api.AuthenticationService;
import org.opendaylight.aaa.api.TokenAuth;
-import org.opendaylight.aaa.api.TokenStore;
import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal;
import org.opendaylight.aaa.shiro.principal.ODLPrincipalImpl;
import org.opendaylight.aaa.shiro.realm.util.TokenUtils;
private static final Logger LOG = LoggerFactory.getLogger(TokenAuthRealm.class);
private static final ThreadLocal<TokenAuthenticators> AUTHENICATORS_TL = new ThreadLocal<>();
private static final ThreadLocal<AuthenticationService> AUTH_SERVICE_TL = new ThreadLocal<>();
- private static final ThreadLocal<TokenStore> TOKEN_STORE_TL = new ThreadLocal<>();
private final TokenAuthenticators authenticators;
private final AuthenticationService authService;
- private final TokenStore tokenStore;
public TokenAuthRealm() {
- this(verifyLoad(AUTH_SERVICE_TL), verifyLoad(AUTHENICATORS_TL), TOKEN_STORE_TL.get());
+ this(verifyLoad(AUTH_SERVICE_TL), verifyLoad(AUTHENICATORS_TL));
}
public TokenAuthRealm(final AuthenticationService authService, final TokenAuthenticators authenticators) {
- this(authService, authenticators, null);
- }
-
- public TokenAuthRealm(final AuthenticationService authService, final TokenAuthenticators authenticators,
- final @Nullable TokenStore tokenStore) {
this.authService = requireNonNull(authService);
this.authenticators = requireNonNull(authenticators);
- this.tokenStore = tokenStore;
super.setName("TokenAuthRealm");
}
public static Registration prepareForLoad(final AuthenticationService authService,
- final TokenAuthenticators authenticators, final @Nullable TokenStore tokenStore) {
+ final TokenAuthenticators authenticators) {
AUTH_SERVICE_TL.set(requireNonNull(authService));
AUTHENICATORS_TL.set(requireNonNull(authenticators));
- TOKEN_STORE_TL.set(tokenStore);
return () -> {
AUTH_SERVICE_TL.remove();
AUTHENICATORS_TL.remove();
- TOKEN_STORE_TL.remove();
};
}
import org.apache.shiro.config.Ini;
import org.apache.shiro.web.env.IniWebEnvironment;
import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.aaa.api.TokenStore;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
import org.opendaylight.aaa.cert.api.ICertificateManager;
import org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm;
public AAAWebEnvironment(final ShiroIni shiroConfiguration, final DataBroker dataBroker,
final ICertificateManager certificateManager, final AuthenticationService authenticationService,
- final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
- final PasswordHashService passwordHashService, final ServletSupport servletSupport) {
+ final TokenAuthenticators tokenAuthenticators, final PasswordHashService passwordHashService,
+ final ServletSupport servletSupport) {
// Turn ShiroConfiguration into an Ini
final var ini = new Ini();
var keyStoneLoad = KeystoneAuthRealm.prepareForLoad(certificateManager, servletSupport);
var mdsalLoad = MdsalRealm.prepareForLoad(passwordHashService, dataBroker);
var moonLoad = MoonRealm.prepareForLoad(servletSupport);
- var tokenAuthLoad = TokenAuthRealm.prepareForLoad(authenticationService, tokenAuthenticators,
- tokenStore)) {
+ var tokenAuthLoad = TokenAuthRealm.prepareForLoad(authenticationService, tokenAuthenticators)) {
configure();
}
});
<argument>
<bean factory-ref="provider" factory-method="getTokenAuthenticators"/>
</argument>
- <argument>
- <bean factory-ref="provider" factory-method="getTokenStore"/>
- </argument>
<argument ref="passwordService"/>
<argument ref="servletSupport"/>
</bean>
<type>cfg</type>
<classifier>config</classifier>
</dependency>
-
- <dependency>
- <!-- This is necessary for a full javax.transaction.xa for ehcache -->
- <groupId>org.apache.geronimo.specs</groupId>
- <artifactId>geronimo-jta_1.1_spec</artifactId>
- <version>1.1.1</version>
- </dependency>
</dependencies>
<build>
<artifactId>h2</artifactId>
<version>2.2.224</version>
</dependency>
- <dependency>
- <groupId>net.sf.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- <version>2.10.9.2</version>
- </dependency>
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.json</artifactId>