This thread local has a single user, make sure we encapsulate it.
Change-Id: I6463aa48d1f2d6798f9dc2a8b5e1fa2eac21790d
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
*/
package org.opendaylight.aaa.shiro.realm;
+import static com.google.common.base.Verify.verifyNotNull;
import static java.util.Objects.requireNonNull;
import com.google.common.base.Throwables;
import org.opendaylight.aaa.shiro.realm.util.http.SimpleHttpClient;
import org.opendaylight.aaa.shiro.realm.util.http.SimpleHttpRequest;
import org.opendaylight.aaa.shiro.realm.util.http.UntrustedSSL;
-import org.opendaylight.aaa.shiro.web.env.ThreadLocals;
+import org.opendaylight.yangtools.concepts.Registration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private static final int CLIENT_EXPIRE_AFTER_ACCESS = 1;
private static final int CLIENT_EXPIRE_AFTER_WRITE = 10;
+ private static final ThreadLocal<ICertificateManager> CERT_MANAGER_TL = new ThreadLocal<>();
+
private volatile URI serverUri = null;
private volatile boolean sslVerification = true;
private volatile String defaultDomain = DEFAULT_KEYSTONE_DOMAIN;
});
public KeystoneAuthRealm() {
- certManager = requireNonNull(ThreadLocals.CERT_MANAGER_TL.get());
+ this(verifyNotNull(CERT_MANAGER_TL.get(), "KeystoneAuthRealm loading not prepared"));
+ }
+
+ public KeystoneAuthRealm(final ICertificateManager certManager) {
+ this.certManager = requireNonNull(certManager);
LOG.info("KeystoneAuthRealm created");
}
+ public static Registration prepareForLoad(final ICertificateManager certManager) {
+ CERT_MANAGER_TL.set(requireNonNull(certManager));
+ return CERT_MANAGER_TL::remove;
+ }
+
@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principalCollection) {
final var primaryPrincipal = getAvailablePrincipal(principalCollection);
import org.opendaylight.aaa.api.TokenStore;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
import org.opendaylight.aaa.cert.api.ICertificateManager;
+import org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm;
import org.opendaylight.aaa.shiro.realm.MoonRealm;
import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
import org.opendaylight.aaa.web.servlet.ServletSupport;
@Override
public void init() {
ThreadLocals.DATABROKER_TL.set(dataBroker);
- ThreadLocals.CERT_MANAGER_TL.set(certificateManager);
ThreadLocals.AUTH_SETVICE_TL.set(authenticationService);
ThreadLocals.TOKEN_AUTHENICATORS_TL.set(tokenAuthenticators);
ThreadLocals.TOKEN_STORE_TL.set(tokenStore);
ThreadLocals.PASSWORD_HASH_SERVICE_TL.set(passwordHashService);
- try (var moonLoad = MoonRealm.prepareForLoad(servletSupport)) {
- // Initialize the Shiro environment from clustered-app-config
- final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
- setIni(ini);
- ClassLoaderUtils.getWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), (Supplier<Void>) () -> {
- super.init();
- return null;
- });
+ try (var keyStoneLoad = KeystoneAuthRealm.prepareForLoad(certificateManager)) {
+ try (var moonLoad = MoonRealm.prepareForLoad(servletSupport)) {
+ // Initialize the Shiro environment from clustered-app-config
+ final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
+ setIni(ini);
+ ClassLoaderUtils.getWithClassLoader(AAAIniWebEnvironment.class.getClassLoader(), () -> {
+ super.init();
+ return null;
+ });
+ }
} finally {
ThreadLocals.DATABROKER_TL.remove();
- ThreadLocals.CERT_MANAGER_TL.remove();
ThreadLocals.AUTH_SETVICE_TL.remove();
ThreadLocals.TOKEN_AUTHENICATORS_TL.remove();
ThreadLocals.TOKEN_STORE_TL.remove();
import org.opendaylight.aaa.api.AuthenticationService;
import org.opendaylight.aaa.api.TokenStore;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
-import org.opendaylight.aaa.cert.api.ICertificateManager;
import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
import org.opendaylight.mdsal.binding.api.DataBroker;
public final class ThreadLocals {
public static final ThreadLocal<DataBroker> DATABROKER_TL = new ThreadLocal<>();
- public static final ThreadLocal<ICertificateManager> CERT_MANAGER_TL = new ThreadLocal<>();
-
public static final ThreadLocal<AuthenticationService> AUTH_SETVICE_TL = new ThreadLocal<>();
public static final ThreadLocal<TokenStore> TOKEN_STORE_TL = new ThreadLocal<>();
import static org.hamcrest.Matchers.notNullValue;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Mock;
-import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal;
import org.opendaylight.aaa.cert.api.ICertificateManager;
import org.opendaylight.aaa.shiro.realm.util.http.SimpleHttpClient;
import org.opendaylight.aaa.shiro.realm.util.http.SimpleHttpRequest;
import org.opendaylight.aaa.shiro.realm.util.http.UntrustedSSL;
-import org.opendaylight.aaa.shiro.web.env.ThreadLocals;
@RunWith(MockitoJUnitRunner.class)
public class KeystoneAuthRealmTest {
private KeystoneAuthRealm keystoneAuthRealm;
- private KeystoneToken.Token ksToken;
+ // a token for a user without roles
+ private KeystoneToken.Token ksToken = new KeystoneToken.Token();
@Before
public void setup() throws MalformedURLException, URISyntaxException {
- ThreadLocals.CERT_MANAGER_TL.set(certificateManager);
-
- keystoneAuthRealm = Mockito.spy(new KeystoneAuthRealm());
+ keystoneAuthRealm = spy(new KeystoneAuthRealm(certificateManager));
final String testUrl = "http://example.com";
- // a token for a user without roles
- ksToken = new KeystoneToken.Token();
when(certificateManager.getServerContext()).thenReturn(sslContext);
when(client.requestBuilder(KeystoneToken.class)).thenReturn(requestBuilder);