package org.opendaylight.aaa.shiro.realm;
import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Verify.verifyNotNull;
+import static java.util.Objects.requireNonNull;
import com.google.common.collect.ImmutableSet;
import com.google.gson.JsonParser;
import java.net.MalformedURLException;
import java.net.URL;
-import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MediaType;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.opendaylight.aaa.shiro.moon.MoonPrincipal;
+import org.opendaylight.aaa.web.servlet.ServletSupport;
+import org.opendaylight.yangtools.concepts.Registration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
*/
public class MoonRealm extends AuthorizingRealm {
private static final Logger LOG = LoggerFactory.getLogger(MoonRealm.class);
+ private static final ThreadLocal<ServletSupport> SERVLET_SUPPORT_TL = new ThreadLocal<>();
private static final String MOON_DEFAULT_DOMAIN = "sdn";
+ private final ServletSupport servletSupport;
private volatile WebTarget moonServer;
+ public MoonRealm() {
+ this(verifyNotNull(SERVLET_SUPPORT_TL.get(), "MoonRealm loading not prepared"));
+ }
+
+ public MoonRealm(final ServletSupport servletSupport) {
+ this.servletSupport = requireNonNull(servletSupport);
+ }
+
+ public static Registration prepareForLoad(final ServletSupport jaxrsSupport) {
+ SERVLET_SUPPORT_TL.set(requireNonNull(jaxrsSupport));
+ return SERVLET_SUPPORT_TL::remove;
+ }
+
@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principalCollection) {
return null;
// FIXME: allow authentication: and that really means configuring a Client!
final var server = String.format("http://%s:%s/moon/auth/tokens", uriHost, port);
LOG.debug("Moon server is at: {}:{} and will be accessed through {}", uriHost, port, server);
- moonServer = ClientBuilder.newClient().target(server);
+ moonServer = servletSupport.newClientBuilder().build().target(server);
}
}
import org.opendaylight.aaa.api.TokenStore;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
import org.opendaylight.aaa.cert.api.ICertificateManager;
+import org.opendaylight.aaa.shiro.realm.MoonRealm;
import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
+import org.opendaylight.aaa.web.servlet.ServletSupport;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
private final TokenAuthenticators tokenAuthenticators;
private final TokenStore tokenStore;
private final PasswordHashService passwordHashService;
+ private final ServletSupport servletSupport;
AAAIniWebEnvironment(final ShiroConfiguration shiroConfiguration, final DataBroker dataBroker,
final ICertificateManager certificateManager,
final AuthenticationService authenticationService,
final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
- final PasswordHashService passwordHashService) {
+ final PasswordHashService passwordHashService, final ServletSupport servletSupport) {
this.shiroConfiguration = shiroConfiguration;
this.dataBroker = dataBroker;
this.certificateManager = certificateManager;
this.tokenAuthenticators = tokenAuthenticators;
this.tokenStore = tokenStore;
this.passwordHashService = passwordHashService;
+ this.servletSupport = servletSupport;
LOG.debug("AAAIniWebEnvironment created");
}
ThreadLocals.TOKEN_AUTHENICATORS_TL.set(tokenAuthenticators);
ThreadLocals.TOKEN_STORE_TL.set(tokenStore);
ThreadLocals.PASSWORD_HASH_SERVICE_TL.set(passwordHashService);
- try {
+ try (var moonLoad = MoonRealm.prepareForLoad(servletSupport)) {
// Initialize the Shiro environment from clustered-app-config
final Ini ini = createIniFromClusteredAppConfig(shiroConfiguration);
setIni(ini);
import org.opendaylight.aaa.api.password.service.PasswordHashService;
import org.opendaylight.aaa.cert.api.ICertificateManager;
import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
+import org.opendaylight.aaa.web.servlet.ServletSupport;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
import org.slf4j.Logger;
private final TokenAuthenticators tokenAuthenticators;
private final TokenStore tokenStore;
private final PasswordHashService passwordHashService;
+ private final ServletSupport servletSupport;
// FIXME: @Inject for CDI, except we have ShiroConfiguration injected
// FIXME: @Activate for OSGi @Component
final ICertificateManager certificateManager,
final AuthenticationService authenticationService,
final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
- final PasswordHashService passwordHashService) {
+ final PasswordHashService passwordHashService,
+ final ServletSupport servletSupport) {
this.shiroConfiguration = shiroConfiguration;
this.dataBroker = dataBroker;
this.certificateManager = certificateManager;
this.tokenAuthenticators = tokenAuthenticators;
this.tokenStore = tokenStore;
this.passwordHashService = passwordHashService;
+ this.servletSupport = servletSupport;
LOG.debug("ShiroWebEnvironmentLoaderListenerImpl created");
}
@Override
protected WebEnvironment determineWebEnvironment(final ServletContext servletContext) {
return new AAAIniWebEnvironment(shiroConfiguration, dataBroker, certificateManager, authenticationService,
- tokenAuthenticators, tokenStore, passwordHashService);
+ tokenAuthenticators, tokenStore, passwordHashService, servletSupport);
}
}
<odl:clustered-app-config
binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration"
- id="shiroConfiguration" default-config-file-name="aaa-app-config.xml" />
+ id="shiroConfiguration"
+ default-config-file-name="aaa-app-config.xml"/>
<odl:clustered-app-config id="datastoreConfig"
default-config-file-name="aaa-datastore-config.xml"
<reference id="certManager" interface="org.opendaylight.aaa.cert.api.ICertificateManager"/>
<bean id="provider" class="org.opendaylight.aaa.AAAShiroProvider" init-method="init" destroy-method="close">
- <argument ref="passwordCredentialAuth" />
- <argument ref="datastoreConfig" />
- <argument ref="idmStore" />
+ <argument ref="passwordCredentialAuth"/>
+ <argument ref="datastoreConfig"/>
+ <argument ref="idmStore"/>
</bean>
+ <reference id="servletSupport" interface="org.opendaylight.aaa.web.servlet.ServletSupport"/>
+
<bean id="shiroWebEnvLoader" class="org.opendaylight.aaa.shiro.web.env.ShiroWebEnvironmentLoaderListener">
<argument ref="shiroConfiguration"/>
<argument ref="dataBroker"/>
<argument ref="certManager"/>
- <argument ref="authService" />
+ <argument ref="authService"/>
<argument>
<bean factory-ref="provider" factory-method="getTokenAuthenticators"/>
</argument>
<argument>
<bean factory-ref="provider" factory-method="getTokenStore"/>
</argument>
- <argument ref="passwordService" />
+ <argument ref="passwordService"/>
+ <argument ref="servletSupport"/>
</bean>
<service ref="shiroWebEnvLoader" interface="javax.servlet.ServletContextListener"/>
<reference id="webServer" interface="org.opendaylight.aaa.web.WebServer" />
- <reference id="servletSupport" interface="org.opendaylight.aaa.web.servlet.ServletSupport" />
-
<bean id="webInitializer" class="org.opendaylight.aaa.shiro.web.env.WebInitializer" destroy-method="close">
<argument ref="webServer"/>
<argument ref="claimCache"/>