From f2b9cbf00a3c7b924251fc22330a0278ca87d59c Mon Sep 17 00:00:00 2001
From: Robert Varga <robert.varga@pantheon.tech>
Date: Sun, 3 Jul 2022 02:53:11 +0200
Subject: [PATCH] Inject ServletSupport into MoonRealm

We cannot quite inject Jersey in OSGi environment. Make sure we indirect
through ServletSupport, which provides the proper binding.

Change-Id: I132d55f4fa4e9d853e96cf3e299e241df730cb00
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
---
 .../aaa/shiro/realm/MoonRealm.java            | 22 +++++++++++++++++--
 .../shiro/web/env/AAAIniWebEnvironment.java   |  8 +++++--
 .../ShiroWebEnvironmentLoaderListener.java    |  8 +++++--
 .../OSGI-INF/blueprint/impl-blueprint.xml     | 18 ++++++++-------
 4 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MoonRealm.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MoonRealm.java
index fe4ac2c10..4bd67c318 100644
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MoonRealm.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MoonRealm.java
@@ -8,12 +8,13 @@
 package org.opendaylight.aaa.shiro.realm;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Verify.verifyNotNull;
+import static java.util.Objects.requireNonNull;
 
 import com.google.common.collect.ImmutableSet;
 import com.google.gson.JsonParser;
 import java.net.MalformedURLException;
 import java.net.URL;
-import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.MediaType;
@@ -26,6 +27,8 @@ import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.opendaylight.aaa.shiro.moon.MoonPrincipal;
+import org.opendaylight.aaa.web.servlet.ServletSupport;
+import org.opendaylight.yangtools.concepts.Registration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -36,10 +39,25 @@ import org.slf4j.LoggerFactory;
  */
 public class MoonRealm extends AuthorizingRealm {
     private static final Logger LOG = LoggerFactory.getLogger(MoonRealm.class);
+    private static final ThreadLocal<ServletSupport> SERVLET_SUPPORT_TL = new ThreadLocal<>();
     private static final String MOON_DEFAULT_DOMAIN = "sdn";
 
+    private final ServletSupport servletSupport;
     private volatile WebTarget moonServer;
 
+    public MoonRealm() {
+        this(verifyNotNull(SERVLET_SUPPORT_TL.get(), "MoonRealm loading not prepared"));
+    }
+
+    public MoonRealm(final ServletSupport servletSupport) {
+        this.servletSupport = requireNonNull(servletSupport);
+    }
+
+    public static Registration prepareForLoad(final ServletSupport jaxrsSupport) {
+        SERVLET_SUPPORT_TL.set(requireNonNull(jaxrsSupport));
+        return SERVLET_SUPPORT_TL::remove;
+    }
+
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principalCollection) {
         return null;
@@ -133,6 +151,6 @@ public class MoonRealm extends AuthorizingRealm {
         // FIXME: allow authentication: and that really means configuring a Client!
         final var server = String.format("http://%s:%s/moon/auth/tokens", uriHost, port);
         LOG.debug("Moon server is at: {}:{} and will be accessed through {}", uriHost, port, server);
-        moonServer = ClientBuilder.newClient().target(server);
+        moonServer = servletSupport.newClientBuilder().build().target(server);
     }
 }
diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java
index e346ef283..696142e41 100644
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java
@@ -18,7 +18,9 @@ import org.opendaylight.aaa.api.AuthenticationService;
 import org.opendaylight.aaa.api.TokenStore;
 import org.opendaylight.aaa.api.password.service.PasswordHashService;
 import org.opendaylight.aaa.cert.api.ICertificateManager;
+import org.opendaylight.aaa.shiro.realm.MoonRealm;
 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
+import org.opendaylight.aaa.web.servlet.ServletSupport;
 import org.opendaylight.mdsal.binding.api.DataBroker;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
@@ -49,12 +51,13 @@ class AAAIniWebEnvironment extends IniWebEnvironment {
     private final TokenAuthenticators tokenAuthenticators;
     private final TokenStore tokenStore;
     private final PasswordHashService passwordHashService;
+    private final ServletSupport servletSupport;
 
     AAAIniWebEnvironment(final ShiroConfiguration shiroConfiguration, final DataBroker dataBroker,
                          final ICertificateManager certificateManager,
                          final AuthenticationService authenticationService,
                          final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
-                         final PasswordHashService passwordHashService) {
+                         final PasswordHashService passwordHashService, final ServletSupport servletSupport) {
         this.shiroConfiguration = shiroConfiguration;
         this.dataBroker = dataBroker;
         this.certificateManager = certificateManager;
@@ -62,6 +65,7 @@ class AAAIniWebEnvironment extends IniWebEnvironment {
         this.tokenAuthenticators = tokenAuthenticators;
         this.tokenStore = tokenStore;
         this.passwordHashService = passwordHashService;
+        this.servletSupport = servletSupport;
         LOG.debug("AAAIniWebEnvironment created");
     }
 
@@ -94,7 +98,7 @@ class AAAIniWebEnvironment extends IniWebEnvironment {
         ThreadLocals.TOKEN_AUTHENICATORS_TL.set(tokenAuthenticators);
         ThreadLocals.TOKEN_STORE_TL.set(tokenStore);
         ThreadLocals.PASSWORD_HASH_SERVICE_TL.set(passwordHashService);
-        try {
+        try (var moonLoad = MoonRealm.prepareForLoad(servletSupport)) {
             // Initialize the Shiro environment from clustered-app-config
             final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
             setIni(ini);
diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ShiroWebEnvironmentLoaderListener.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ShiroWebEnvironmentLoaderListener.java
index 34ede37f7..f313abff2 100644
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ShiroWebEnvironmentLoaderListener.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ShiroWebEnvironmentLoaderListener.java
@@ -15,6 +15,7 @@ import org.opendaylight.aaa.api.TokenStore;
 import org.opendaylight.aaa.api.password.service.PasswordHashService;
 import org.opendaylight.aaa.cert.api.ICertificateManager;
 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
+import org.opendaylight.aaa.web.servlet.ServletSupport;
 import org.opendaylight.mdsal.binding.api.DataBroker;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
 import org.slf4j.Logger;
@@ -37,6 +38,7 @@ public final class ShiroWebEnvironmentLoaderListener extends EnvironmentLoaderLi
     private final TokenAuthenticators tokenAuthenticators;
     private final TokenStore tokenStore;
     private final PasswordHashService passwordHashService;
+    private final ServletSupport servletSupport;
 
     // FIXME: @Inject for CDI, except we have ShiroConfiguration injected
     // FIXME: @Activate for OSGi @Component
@@ -45,7 +47,8 @@ public final class ShiroWebEnvironmentLoaderListener extends EnvironmentLoaderLi
                                              final ICertificateManager certificateManager,
                                              final AuthenticationService authenticationService,
                                              final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
-                                             final PasswordHashService passwordHashService) {
+                                             final PasswordHashService passwordHashService,
+                                             final ServletSupport servletSupport) {
         this.shiroConfiguration = shiroConfiguration;
         this.dataBroker = dataBroker;
         this.certificateManager = certificateManager;
@@ -53,12 +56,13 @@ public final class ShiroWebEnvironmentLoaderListener extends EnvironmentLoaderLi
         this.tokenAuthenticators = tokenAuthenticators;
         this.tokenStore = tokenStore;
         this.passwordHashService = passwordHashService;
+        this.servletSupport = servletSupport;
         LOG.debug("ShiroWebEnvironmentLoaderListenerImpl created");
     }
 
     @Override
     protected WebEnvironment determineWebEnvironment(final ServletContext servletContext) {
         return new AAAIniWebEnvironment(shiroConfiguration, dataBroker, certificateManager, authenticationService,
-            tokenAuthenticators, tokenStore, passwordHashService);
+            tokenAuthenticators, tokenStore, passwordHashService, servletSupport);
     }
 }
diff --git a/aaa-shiro/impl/src/main/resources/OSGI-INF/blueprint/impl-blueprint.xml b/aaa-shiro/impl/src/main/resources/OSGI-INF/blueprint/impl-blueprint.xml
index 5d10c7356..e79a652b2 100644
--- a/aaa-shiro/impl/src/main/resources/OSGI-INF/blueprint/impl-blueprint.xml
+++ b/aaa-shiro/impl/src/main/resources/OSGI-INF/blueprint/impl-blueprint.xml
@@ -12,7 +12,8 @@ and is available at http://www.eclipse.org/legal/epl-v10.html
 
   <odl:clustered-app-config
           binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration"
-          id="shiroConfiguration" default-config-file-name="aaa-app-config.xml" />
+          id="shiroConfiguration"
+          default-config-file-name="aaa-app-config.xml"/>
 
   <odl:clustered-app-config id="datastoreConfig"
         default-config-file-name="aaa-datastore-config.xml"
@@ -30,23 +31,26 @@ and is available at http://www.eclipse.org/legal/epl-v10.html
   <reference id="certManager" interface="org.opendaylight.aaa.cert.api.ICertificateManager"/>
 
   <bean id="provider" class="org.opendaylight.aaa.AAAShiroProvider" init-method="init" destroy-method="close">
-    <argument ref="passwordCredentialAuth" />
-    <argument ref="datastoreConfig" />
-    <argument ref="idmStore" />
+    <argument ref="passwordCredentialAuth"/>
+    <argument ref="datastoreConfig"/>
+    <argument ref="idmStore"/>
   </bean>
 
+  <reference id="servletSupport" interface="org.opendaylight.aaa.web.servlet.ServletSupport"/>
+
   <bean id="shiroWebEnvLoader" class="org.opendaylight.aaa.shiro.web.env.ShiroWebEnvironmentLoaderListener">
     <argument ref="shiroConfiguration"/>
     <argument ref="dataBroker"/>
     <argument ref="certManager"/>
-    <argument ref="authService" />
+    <argument ref="authService"/>
     <argument>
       <bean factory-ref="provider" factory-method="getTokenAuthenticators"/>
     </argument>
     <argument>
       <bean factory-ref="provider" factory-method="getTokenStore"/>
     </argument>
-    <argument ref="passwordService" />
+    <argument ref="passwordService"/>
+    <argument ref="servletSupport"/>
   </bean>
   <service ref="shiroWebEnvLoader" interface="javax.servlet.ServletContextListener"/>
 
@@ -60,8 +64,6 @@ and is available at http://www.eclipse.org/legal/epl-v10.html
 
   <reference id="webServer" interface="org.opendaylight.aaa.web.WebServer" />
 
-  <reference id="servletSupport" interface="org.opendaylight.aaa.web.servlet.ServletSupport" />
-
   <bean id="webInitializer" class="org.opendaylight.aaa.shiro.web.env.WebInitializer" destroy-method="close">
     <argument ref="webServer"/>
     <argument ref="claimCache"/>
-- 
2.36.6