Code Review / aaa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f2b9cbf)
Migrate CERT_MANAGER_TL 02/101702/10
authorRobert Varga <robert.varga@pantheon.tech>
Sun, 3 Jul 2022 01:40:31 +0000 (03:40 +0200)
committerRobert Varga <robert.varga@pantheon.tech>
Sun, 3 Jul 2022 03:47:03 +0000 (05:47 +0200)
This thread local has a single user, make sure we encapsulate it.

Change-Id: I6463aa48d1f2d6798f9dc2a8b5e1fa2eac21790d
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealm.java patch | blob | history
aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java patch | blob | history
aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ThreadLocals.java patch | blob | history
aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealmTest.java patch | blob | history

diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealm.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealm.java
index a5e2127850851883d5834a4bd3aee0192d1fa280..278a5af84afdba9fb967005808c8f833afea9af5 100644 (file)
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealm.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealm.java
@@ -7,6 +7,7 @@
  */
 package org.opendaylight.aaa.shiro.realm;
 
+import static com.google.common.base.Verify.verifyNotNull;
 import static java.util.Objects.requireNonNull;
 
 import com.google.common.base.Throwables;
@@ -45,7 +46,7 @@ import org.opendaylight.aaa.shiro.principal.ODLPrincipalImpl;
 import org.opendaylight.aaa.shiro.realm.util.http.SimpleHttpClient;
 import org.opendaylight.aaa.shiro.realm.util.http.SimpleHttpRequest;
 import org.opendaylight.aaa.shiro.realm.util.http.UntrustedSSL;
-import org.opendaylight.aaa.shiro.web.env.ThreadLocals;
+import org.opendaylight.yangtools.concepts.Registration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -67,6 +68,8 @@ public class KeystoneAuthRealm extends AuthorizingRealm {
     private static final int CLIENT_EXPIRE_AFTER_ACCESS = 1;
     private static final int CLIENT_EXPIRE_AFTER_WRITE = 10;
 
+    private static final ThreadLocal<ICertificateManager> CERT_MANAGER_TL = new ThreadLocal<>();
+
     private volatile URI serverUri = null;
     private volatile boolean sslVerification = true;
     private volatile String defaultDomain = DEFAULT_KEYSTONE_DOMAIN;
@@ -83,10 +86,19 @@ public class KeystoneAuthRealm extends AuthorizingRealm {
         });
 
     public KeystoneAuthRealm() {
-        certManager = requireNonNull(ThreadLocals.CERT_MANAGER_TL.get());
+        this(verifyNotNull(CERT_MANAGER_TL.get(), "KeystoneAuthRealm loading not prepared"));
+    }
+
+    public KeystoneAuthRealm(final ICertificateManager certManager) {
+        this.certManager = requireNonNull(certManager);
         LOG.info("KeystoneAuthRealm created");
     }
 
+    public static Registration prepareForLoad(final ICertificateManager certManager) {
+        CERT_MANAGER_TL.set(requireNonNull(certManager));
+        return CERT_MANAGER_TL::remove;
+    }
+
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principalCollection) {
         final var primaryPrincipal = getAvailablePrincipal(principalCollection);
diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java
index 696142e41902f41e7a16cf8887336551448c15ea..87956637b469f551486f8059779c088b37222ee1 100644 (file)
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/AAAIniWebEnvironment.java
@@ -18,6 +18,7 @@ import org.opendaylight.aaa.api.AuthenticationService;
 import org.opendaylight.aaa.api.TokenStore;
 import org.opendaylight.aaa.api.password.service.PasswordHashService;
 import org.opendaylight.aaa.cert.api.ICertificateManager;
+import org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm;
 import org.opendaylight.aaa.shiro.realm.MoonRealm;
 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
 import org.opendaylight.aaa.web.servlet.ServletSupport;
@@ -93,22 +94,22 @@ class AAAIniWebEnvironment extends IniWebEnvironment {
     @Override
     public void init() {
         ThreadLocals.DATABROKER_TL.set(dataBroker);
-        ThreadLocals.CERT_MANAGER_TL.set(certificateManager);
         ThreadLocals.AUTH_SETVICE_TL.set(authenticationService);
         ThreadLocals.TOKEN_AUTHENICATORS_TL.set(tokenAuthenticators);
         ThreadLocals.TOKEN_STORE_TL.set(tokenStore);
         ThreadLocals.PASSWORD_HASH_SERVICE_TL.set(passwordHashService);
-        try (var moonLoad = MoonRealm.prepareForLoad(servletSupport)) {
-            // Initialize the Shiro environment from clustered-app-config
-            final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
-            setIni(ini);
-            ClassLoaderUtils.getWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), (Supplier<Void>) () -> {
-                super.init();
-                return null;
-            });
+        try (var keyStoneLoad = KeystoneAuthRealm.prepareForLoad(certificateManager)) {
+            try (var moonLoad = MoonRealm.prepareForLoad(servletSupport)) {
+                // Initialize the Shiro environment from clustered-app-config
+                final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
+                setIni(ini);
+                ClassLoaderUtils.getWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), () -> {
+                    super.init();
+                    return null;
+                });
+            }
         } finally {
             ThreadLocals.DATABROKER_TL.remove();
-            ThreadLocals.CERT_MANAGER_TL.remove();
             ThreadLocals.AUTH_SETVICE_TL.remove();
             ThreadLocals.TOKEN_AUTHENICATORS_TL.remove();
             ThreadLocals.TOKEN_STORE_TL.remove();
diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ThreadLocals.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ThreadLocals.java
index 4c819e94ac352b9917055a1c379b125d32db72b1..aed2ae91f688c7780f341a6238be8f501c350f4a 100644 (file)
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ThreadLocals.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/web/env/ThreadLocals.java
@@ -10,7 +10,6 @@ package org.opendaylight.aaa.shiro.web.env;
 import org.opendaylight.aaa.api.AuthenticationService;
 import org.opendaylight.aaa.api.TokenStore;
 import org.opendaylight.aaa.api.password.service.PasswordHashService;
-import org.opendaylight.aaa.cert.api.ICertificateManager;
 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
 import org.opendaylight.mdsal.binding.api.DataBroker;
 
@@ -23,8 +22,6 @@ import org.opendaylight.mdsal.binding.api.DataBroker;
 public final class ThreadLocals {
     public static final ThreadLocal<DataBroker> DATABROKER_TL = new ThreadLocal<>();
 
-    public static final ThreadLocal<ICertificateManager> CERT_MANAGER_TL = new ThreadLocal<>();
-
     public static final ThreadLocal<AuthenticationService> AUTH_SETVICE_TL = new ThreadLocal<>();
 
     public static final ThreadLocal<TokenStore> TOKEN_STORE_TL = new ThreadLocal<>();
diff --git a/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealmTest.java b/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealmTest.java
index 81d8da629e19af822618aad0506f6f2b3b2c0540..81a2b7099348bddb305e505b9026e4b05e39c2c1 100644 (file)
--- a/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealmTest.java
+++ b/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/KeystoneAuthRealmTest.java
@@ -13,6 +13,7 @@ import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -37,7 +38,6 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal;
 import org.opendaylight.aaa.cert.api.ICertificateManager;
@@ -47,7 +47,6 @@ import org.opendaylight.aaa.shiro.keystone.domain.KeystoneToken;
 import org.opendaylight.aaa.shiro.realm.util.http.SimpleHttpClient;
 import org.opendaylight.aaa.shiro.realm.util.http.SimpleHttpRequest;
 import org.opendaylight.aaa.shiro.realm.util.http.UntrustedSSL;
-import org.opendaylight.aaa.shiro.web.env.ThreadLocals;
 
 @RunWith(MockitoJUnitRunner.class)
 public class KeystoneAuthRealmTest {
@@ -78,17 +77,14 @@ public class KeystoneAuthRealmTest {
 
     private KeystoneAuthRealm keystoneAuthRealm;
 
-    private KeystoneToken.Token ksToken;
+    // a token for a user without roles
+    private KeystoneToken.Token ksToken = new KeystoneToken.Token();
 
     @Before
     public void setup() throws MalformedURLException, URISyntaxException {
-        ThreadLocals.CERT_MANAGER_TL.set(certificateManager);
-
-        keystoneAuthRealm = Mockito.spy(new KeystoneAuthRealm());
+        keystoneAuthRealm = spy(new KeystoneAuthRealm(certificateManager));
 
         final String testUrl = "http://example.com";
-        // a token for a user without roles
-        ksToken = new KeystoneToken.Token();
 
         when(certificateManager.getServerContext()).thenReturn(sslContext);
         when(client.requestBuilder(KeystoneToken.class)).thenReturn(requestBuilder);
Authentication, Authorization, Accounting