2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.controller.usermanager.internal;
11 import java.io.FileNotFoundException;
12 import java.io.IOException;
13 import java.io.ObjectInputStream;
14 import java.util.ArrayList;
15 import java.util.Collections;
16 import java.util.Date;
17 import java.util.EnumSet;
18 import java.util.HashMap;
19 import java.util.HashSet;
20 import java.util.List;
23 import java.util.concurrent.ConcurrentHashMap;
24 import java.util.concurrent.ConcurrentMap;
26 import org.apache.commons.lang3.StringUtils;
27 import org.eclipse.osgi.framework.console.CommandInterpreter;
28 import org.eclipse.osgi.framework.console.CommandProvider;
29 import org.opendaylight.controller.clustering.services.CacheConfigException;
30 import org.opendaylight.controller.clustering.services.CacheExistException;
31 import org.opendaylight.controller.clustering.services.ICacheUpdateAware;
32 import org.opendaylight.controller.clustering.services.IClusterGlobalServices;
33 import org.opendaylight.controller.clustering.services.IClusterServices;
34 import org.opendaylight.controller.configuration.IConfigurationAware;
35 import org.opendaylight.controller.containermanager.IContainerAuthorization;
36 import org.opendaylight.controller.sal.authorization.AuthResultEnum;
37 import org.opendaylight.controller.sal.authorization.IResourceAuthorization;
38 import org.opendaylight.controller.sal.authorization.UserLevel;
39 import org.opendaylight.controller.sal.utils.StatusCode;
40 import org.opendaylight.controller.sal.utils.GlobalConstants;
41 import org.opendaylight.controller.sal.utils.IObjectReader;
42 import org.opendaylight.controller.sal.utils.ObjectReader;
43 import org.opendaylight.controller.sal.utils.ObjectWriter;
44 import org.opendaylight.controller.sal.utils.Status;
45 import org.opendaylight.controller.usermanager.AuthResponse;
46 import org.opendaylight.controller.usermanager.IAAAProvider;
47 import org.opendaylight.controller.usermanager.ISessionManager;
48 import org.opendaylight.controller.usermanager.IUserManager;
49 import org.opendaylight.controller.usermanager.security.SessionManager;
50 import org.opendaylight.controller.usermanager.security.UserSecurityContextRepository;
51 import org.osgi.framework.BundleContext;
52 import org.osgi.framework.FrameworkUtil;
53 import org.slf4j.Logger;
54 import org.slf4j.LoggerFactory;
55 import org.springframework.security.authentication.AuthenticationProvider;
56 import org.springframework.security.authentication.AuthenticationServiceException;
57 import org.springframework.security.authentication.BadCredentialsException;
58 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
59 import org.springframework.security.core.Authentication;
60 import org.springframework.security.core.AuthenticationException;
61 import org.springframework.security.core.userdetails.User;
62 import org.springframework.security.core.userdetails.UserDetails;
63 import org.springframework.security.core.userdetails.UsernameNotFoundException;
64 import org.springframework.security.web.context.SecurityContextRepository;
67 * The internal implementation of the User Manager.
69 public class UserManagerImpl implements IUserManager, IObjectReader,
70 IConfigurationAware, ICacheUpdateAware<Long, String>, CommandProvider,
71 AuthenticationProvider {
72 private static final Logger logger = LoggerFactory
73 .getLogger(UserManagerImpl.class);
74 private static final String defaultAdmin = "admin";
75 private static final String defaultAdminPassword = "admin";
76 private static final String defaultAdminRole = UserLevel.NETWORKADMIN
78 private static final String ROOT = GlobalConstants.STARTUPHOME.toString();
79 private static final String SAVE = "save";
80 private static final String usersFileName = ROOT + "users.conf";
81 private static final String serversFileName = ROOT + "servers.conf";
82 private static final String authFileName = ROOT + "authorization.conf";
83 private ConcurrentMap<String, UserConfig> localUserConfigList;
84 private ConcurrentMap<String, ServerConfig> remoteServerConfigList;
85 private ConcurrentMap<String, AuthorizationConfig> authorizationConfList; // local authorization info for remotely authenticated users
86 private ConcurrentMap<String, AuthenticatedUser> activeUsers;
87 private ConcurrentMap<String, IAAAProvider> authProviders;
88 private ConcurrentMap<Long, String> localUserListSaveConfigEvent,
89 remoteServerSaveConfigEvent, authorizationSaveConfigEvent;
90 private IClusterGlobalServices clusterGlobalService = null;
91 private SecurityContextRepository securityContextRepo = new UserSecurityContextRepository();
92 private IContainerAuthorization containerAuthorizationClient;
93 private Set<IResourceAuthorization> applicationAuthorizationClients;
94 private ISessionManager sessionMgr = new SessionManager();
96 public boolean addAAAProvider(IAAAProvider provider) {
98 || provider.getName() == null
99 || provider.getName().trim().isEmpty()) {
102 if (authProviders.get(provider.getName()) != null) {
106 authProviders.put(provider.getName(), provider);
110 public void removeAAAProvider(IAAAProvider provider) {
111 authProviders.remove(provider.getName());
114 public IAAAProvider getAAAProvider(String name) {
115 return authProviders.get(name);
118 public Set<String> getAAAProviderNames() {
119 return authProviders.keySet();
122 @SuppressWarnings("deprecation")
123 private void allocateCaches() {
124 this.applicationAuthorizationClients = Collections
125 .synchronizedSet(new HashSet<IResourceAuthorization>());
126 if (clusterGlobalService == null) {
128 .error("un-initialized clusterGlobalService, can't create cache");
133 clusterGlobalService.createCache("usermanager.localUserConfigList",
134 EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
136 clusterGlobalService.createCache(
137 "usermanager.remoteServerConfigList", EnumSet
138 .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
140 clusterGlobalService.createCache(
141 "usermanager.authorizationConfList", EnumSet
142 .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
144 clusterGlobalService.createCache("usermanager.activeUsers", EnumSet
145 .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
147 clusterGlobalService.createCache(
148 "usermanager.localUserSaveConfigEvent", EnumSet
149 .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
151 clusterGlobalService.createCache(
152 "usermanager.remoteServerSaveConfigEvent", EnumSet
153 .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
155 clusterGlobalService.createCache(
156 "usermanager.authorizationSaveConfigEvent", EnumSet
157 .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
158 } catch (CacheConfigException cce) {
159 logger.error("\nCache configuration invalid - check cache mode");
160 } catch (CacheExistException ce) {
162 .error("\nCache already exits - destroy and recreate if needed");
166 @SuppressWarnings( { "unchecked", "deprecation" })
167 private void retrieveCaches() {
168 if (clusterGlobalService == null) {
169 logger.error("un-initialized clusterService, can't retrieve cache");
173 activeUsers = (ConcurrentMap<String, AuthenticatedUser>) clusterGlobalService
174 .getCache("usermanager.activeUsers");
175 if (activeUsers == null) {
176 logger.error("\nFailed to get cache for activeUsers");
179 localUserConfigList = (ConcurrentMap<String, UserConfig>) clusterGlobalService
180 .getCache("usermanager.localUserConfigList");
181 if (localUserConfigList == null) {
182 logger.error("\nFailed to get cache for localUserConfigList");
185 remoteServerConfigList = (ConcurrentMap<String, ServerConfig>) clusterGlobalService
186 .getCache("usermanager.remoteServerConfigList");
187 if (remoteServerConfigList == null) {
188 logger.error("\nFailed to get cache for remoteServerConfigList");
191 authorizationConfList = (ConcurrentMap<String, AuthorizationConfig>) clusterGlobalService
192 .getCache("usermanager.authorizationConfList");
193 if (authorizationConfList == null) {
194 logger.error("\nFailed to get cache for authorizationConfList");
197 localUserListSaveConfigEvent = (ConcurrentMap<Long, String>) clusterGlobalService
198 .getCache("usermanager.localUserSaveConfigEvent");
199 if (localUserListSaveConfigEvent == null) {
200 logger.error("\nFailed to get cache for localUserSaveConfigEvent");
203 remoteServerSaveConfigEvent = (ConcurrentMap<Long, String>) clusterGlobalService
204 .getCache("usermanager.remoteServerSaveConfigEvent");
205 if (remoteServerSaveConfigEvent == null) {
207 .error("\nFailed to get cache for remoteServerSaveConfigEvent");
210 authorizationSaveConfigEvent = (ConcurrentMap<Long, String>) clusterGlobalService
211 .getCache("usermanager.authorizationSaveConfigEvent");
212 if (authorizationSaveConfigEvent == null) {
214 .error("\nFailed to get cache for authorizationSaveConfigEvent");
218 private void loadConfigurations() {
219 // To encode and decode user and server configuration objects
223 * Do not load local startup file if we already got the
224 * configurations synced from another cluster node
226 if (localUserConfigList.isEmpty()) {
229 if (remoteServerConfigList.isEmpty()) {
232 if (authorizationConfList.isEmpty()) {
237 private void loadSecurityKeys() {
241 private void checkDefaultNetworkAdmin() {
242 // If startup config is not there, it's old or it was deleted,
243 // need to add Default Admin
244 if (!localUserConfigList.containsKey(defaultAdmin)) {
245 localUserConfigList.put(defaultAdmin,
246 new UserConfig(defaultAdmin,
247 defaultAdminPassword,
253 public AuthResultEnum authenticate(String userName, String password) {
254 IAAAProvider aaaClient;
255 AuthResponse rcResponse = null;
256 AuthenticatedUser result;
257 String[] adminRoles = null;
258 boolean remotelyAuthenticated = false;
259 boolean authorizationInfoIsPresent = false;
260 boolean authorized = false;
263 * Attempt remote authentication first if server is configured
265 for (ServerConfig aaaServer : remoteServerConfigList.values()) {
266 String protocol = aaaServer.getProtocol();
267 aaaClient = this.getAAAProvider(protocol);
268 if (aaaClient != null) {
269 rcResponse = aaaClient.authService(userName, password,
270 aaaServer.getAddress(), aaaServer.getSecret());
271 if (rcResponse.getStatus() == AuthResultEnum.AUTH_ACCEPT) {
274 "Remote Authentication Succeeded for User: \"{}\", by Server: {}",
275 userName, aaaServer.getAddress());
276 remotelyAuthenticated = true;
278 } else if (rcResponse.getStatus() == AuthResultEnum.AUTH_REJECT) {
280 "Remote Authentication Rejected User: \"{}\", from Server: {}, Reason: "
281 + rcResponse.getStatus().toString(),
282 userName, aaaServer.getAddress());
285 "Remote Authentication Failed for User: \"{}\", from Server: {}, Reason: "
286 + rcResponse.getStatus().toString(),
287 userName, aaaServer.getAddress());
292 if (!remotelyAuthenticated) {
293 UserConfig localUser = this.localUserConfigList.get(userName);
294 if (localUser == null) {
296 "Local Authentication Failed for User:\"{}\", Reason: "
297 + "user not found in Local Database", userName);
298 return (AuthResultEnum.AUTH_INVALID_LOC_USER);
300 rcResponse = localUser.authenticate(password);
301 if (rcResponse.getStatus() != AuthResultEnum.AUTH_ACCEPT_LOC) {
302 logger.info("Local Authentication Failed for User: \"{}\", Reason: {}",
303 userName, rcResponse.getStatus().toString());
305 return (rcResponse.getStatus());
307 logger.info("Local Authentication Succeeded for User: \"{}\"",
312 * Authentication succeeded
314 result = new AuthenticatedUser(userName);
317 * Extract attributes from response
318 * All the information we are interested in is in the first Cisco VSA (vendor specific attribute).
319 * Just process the first VSA and return
321 String attributes = (rcResponse.getData() != null && !rcResponse
322 .getData().isEmpty()) ? rcResponse.getData().get(0) : null;
325 * Check if the authorization information is present
327 authorizationInfoIsPresent = checkAuthorizationInfo(attributes);
330 * The AAA server was only used to perform the authentication
331 * Look for locally stored authorization info for this user
332 * If found, add the data to the rcResponse
334 if (remotelyAuthenticated && !authorizationInfoIsPresent) {
337 "No Remote Authorization Info provided by Server for User: \"{}\"",
340 "Looking for Local Authorization Info for User: \"{}\"",
343 AuthorizationConfig resource = authorizationConfList.get(userName);
344 if (resource != null) {
345 logger.info("Found Local Authorization Info for User: \"{}\"",
347 attributes = resource.getRolesData();
350 authorizationInfoIsPresent = checkAuthorizationInfo(attributes);
354 * Common response parsing for local & remote authenticated user
355 * Looking for authorized resources, detecting attributes' validity
357 if (authorizationInfoIsPresent) {
358 // Identifying the administrative role
359 adminRoles = attributes.split(" ");
360 result.setRoleList(adminRoles);
363 logger.info("Not able to find Authorization Info for User: \"{}\"",
368 * Add profile for authenticated user
370 putUserInActiveList(userName, result);
372 logger.info("User \"{}\" authorized for the following role(s): "
373 + result.getUserRoles(), userName);
375 logger.info("User \"{}\" Not Authorized for any role ", userName);
378 return rcResponse.getStatus();
381 // Check in the attributes string whether or not authorization information is present
382 private boolean checkAuthorizationInfo(String attributes) {
383 return (attributes != null && !attributes.isEmpty());
386 private void putUserInActiveList(String user, AuthenticatedUser result) {
387 activeUsers.put(user, result);
390 private void removeUserFromActiveList(String user) {
391 if (!activeUsers.containsKey(user)) {
392 // as cookie persists in cache, we can get logout for unexisting active users
395 activeUsers.remove(user);
398 public Status saveLocalUserList() {
399 // Publish the save config event to the cluster nodes
400 localUserListSaveConfigEvent.put(new Date().getTime(), SAVE);
401 return saveLocalUserListInternal();
404 private Status saveLocalUserListInternal() {
405 ObjectWriter objWriter = new ObjectWriter();
406 return objWriter.write(new ConcurrentHashMap<String, UserConfig>(
407 localUserConfigList), usersFileName);
410 public Status saveAAAServerList() {
411 // Publish the save config event to the cluster nodes
412 remoteServerSaveConfigEvent.put(new Date().getTime(), SAVE);
413 return saveAAAServerListInternal();
416 private Status saveAAAServerListInternal() {
417 ObjectWriter objWriter = new ObjectWriter();
418 return objWriter.write(new ConcurrentHashMap<String, ServerConfig>(
419 remoteServerConfigList), serversFileName);
422 public Status saveAuthorizationList() {
423 // Publish the save config event to the cluster nodes
424 authorizationSaveConfigEvent.put(new Date().getTime(), SAVE);
425 return saveAuthorizationListInternal();
428 private Status saveAuthorizationListInternal() {
429 ObjectWriter objWriter = new ObjectWriter();
430 return objWriter.write(
431 new ConcurrentHashMap<String, AuthorizationConfig>(
432 authorizationConfList), authFileName);
436 public Object readObject(ObjectInputStream ois)
437 throws FileNotFoundException, IOException, ClassNotFoundException {
438 // Perform the class deserialization locally, from inside the package where the class is defined
439 return ois.readObject();
442 @SuppressWarnings("unchecked")
443 private void loadUserConfig() {
444 ObjectReader objReader = new ObjectReader();
445 ConcurrentMap<String, UserConfig> confList = (ConcurrentMap<String, UserConfig>) objReader
446 .read(this, usersFileName);
448 if (confList == null) {
452 for (UserConfig conf : confList.values()) {
457 @SuppressWarnings("unchecked")
458 private void loadServerConfig() {
459 ObjectReader objReader = new ObjectReader();
460 ConcurrentMap<String, ServerConfig> confList = (ConcurrentMap<String, ServerConfig>) objReader
461 .read(this, serversFileName);
463 if (confList == null) {
467 for (ServerConfig conf : confList.values()) {
472 @SuppressWarnings("unchecked")
473 private void loadAuthConfig() {
474 ObjectReader objReader = new ObjectReader();
475 ConcurrentMap<String, AuthorizationConfig> confList = (ConcurrentMap<String, AuthorizationConfig>) objReader
476 .read(this, authFileName);
478 if (confList == null) {
482 for (AuthorizationConfig conf : confList.values()) {
488 * Interaction with GUI START
490 public Status addRemoveLocalUser(UserConfig AAAconf, boolean delete) {
492 if (!AAAconf.isValid()) {
493 String msg = "Invalid Local User configuration";
495 return new Status(StatusCode.BADREQUEST, msg);
498 // Update Config database
500 if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) {
501 String msg = "Invalid Request: Default Network Admin User " +
504 return new Status(StatusCode.NOTALLOWED, msg);
506 localUserConfigList.remove(AAAconf.getUser());
508 if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) {
509 String msg = "Invalid Request: Default Network Admin User " +
512 return new Status(StatusCode.NOTALLOWED, msg);
514 localUserConfigList.put(AAAconf.getUser(), AAAconf);
517 return new Status(StatusCode.SUCCESS, null);
520 private Status addRemoveAAAServer(ServerConfig AAAconf, boolean delete) {
522 if (!AAAconf.isValid()) {
523 String msg = "Invalid Server configuration";
525 return new Status(StatusCode.BADREQUEST, msg);
528 // Update configuration database
530 remoteServerConfigList.remove(AAAconf.getAddress());
532 remoteServerConfigList.put(AAAconf.getAddress(), AAAconf);
535 return new Status(StatusCode.SUCCESS, null);
538 private Status addRemoveAuthInfo(AuthorizationConfig AAAconf,
540 if (!AAAconf.isValid()) {
541 String msg = "Invalid Authorization configuration";
543 return new Status(StatusCode.BADREQUEST, msg);
546 // Update configuration database
548 authorizationConfList.remove(AAAconf.getUser());
550 authorizationConfList.put(AAAconf.getUser(), AAAconf);
553 return new Status(StatusCode.SUCCESS, null);
557 public Status addLocalUser(UserConfig AAAconf) {
558 return addRemoveLocalUser(AAAconf, false);
562 public Status removeLocalUser(UserConfig AAAconf) {
563 return addRemoveLocalUser(AAAconf, true);
567 public Status removeLocalUser(String userName) {
568 if (userName == null || userName.trim().isEmpty()) {
569 return new Status(StatusCode.BADREQUEST, "Invalid user name");
571 if (!localUserConfigList.containsKey(userName)) {
572 return new Status(StatusCode.NOTFOUND, "User does not exist");
574 return addRemoveLocalUser(localUserConfigList.get(userName), true);
577 public Status addAAAServer(ServerConfig AAAconf) {
578 return addRemoveAAAServer(AAAconf, false);
582 public Status removeAAAServer(ServerConfig AAAconf) {
583 return addRemoveAAAServer(AAAconf, true);
587 public Status addAuthInfo(AuthorizationConfig AAAconf) {
588 return addRemoveAuthInfo(AAAconf, false);
592 public Status removeAuthInfo(AuthorizationConfig AAAconf) {
593 return addRemoveAuthInfo(AAAconf, true);
597 public List<UserConfig> getLocalUserList() {
598 return new ArrayList<UserConfig>(localUserConfigList.values());
602 public List<ServerConfig> getAAAServerList() {
603 return new ArrayList<ServerConfig>(remoteServerConfigList.values());
607 public List<AuthorizationConfig> getAuthorizationList() {
608 return new ArrayList<AuthorizationConfig>(authorizationConfList
613 public Status changeLocalUserPassword(String user, String curPassword,
614 String newPassword) {
615 UserConfig targetConfigEntry = null;
617 // update configuration entry
618 targetConfigEntry = localUserConfigList.get(user);
619 if (targetConfigEntry == null) {
620 return new Status(StatusCode.NOTFOUND, "User not found");
622 if (false == targetConfigEntry.update(curPassword, newPassword, null)) {
623 return new Status(StatusCode.BADREQUEST, "Current password is incorrect");
625 localUserConfigList.put(user, targetConfigEntry); // trigger cluster update
627 logger.info("Password changed for User \"{}\"", user);
629 return new Status(StatusCode.SUCCESS, null);
633 public void userLogout(String userName) {
634 // TODO: if user was authenticated through AAA server, send Acct-Status-Type=stop message to server with logout as reason
635 removeUserFromActiveList(userName);
636 logger.info("User \"{}\" logged out", userName);
640 * This function will get called by http session mgr when session times out
643 public void userTimedOut(String userName) {
644 // TODO: if user was authenticated through AAA server, send Acct-Status-Type=stop message to server with timeout as reason
645 removeUserFromActiveList(userName);
646 logger.info("User \"{}\" timed out", userName);
650 public String getAccessDate(String user) {
651 return this.activeUsers.get(user).getAccessDate();
655 public synchronized Map<String, List<String>> getUserLoggedIn() {
656 Map<String, List<String>> loggedInList = new HashMap<String, List<String>>();
657 for (Map.Entry<String, AuthenticatedUser> user : activeUsers.entrySet()) {
658 String userNameShow = user.getKey();
659 loggedInList.put(userNameShow, user.getValue().getUserRoles());
665 * Interaction with GUI END
669 * Cluster notifications
673 public void entryCreated(Long key, String cacheName, boolean originLocal) {
674 // don't react on this event
678 public void entryUpdated(Long key, String new_value, String cacheName,
679 boolean originLocal) {
680 if (cacheName.equals("localUserSaveConfigEvent")) {
681 this.saveLocalUserListInternal();
682 } else if (cacheName.equals("remoteServerSaveConfigEvent")) {
683 this.saveAAAServerListInternal();
684 } else if (cacheName.equals("authorizationSaveConfigEvent")) {
685 this.saveAuthorizationListInternal();
690 public void entryDeleted(Long key, String cacheName, boolean originLocal) {
691 // don't react on this event
694 public void _umAddUser(CommandInterpreter ci) {
695 String userName = ci.nextArgument();
696 String password = ci.nextArgument();
697 String role = ci.nextArgument();
699 if (userName == null || userName.trim().isEmpty() || password == null
700 || password.trim().isEmpty() || role == null
701 || role.trim().isEmpty()) {
702 ci.println("Invalid Arguments");
703 ci.println("umAddUser <user_name> <password> <user_role>");
706 this.addLocalUser(new UserConfig(userName, password, role));
709 public void _umRemUser(CommandInterpreter ci) {
710 String userName = ci.nextArgument();
711 String password = ci.nextArgument();
712 String role = ci.nextArgument();
714 if (userName == null || userName.trim().isEmpty() || password == null
715 || password.trim().isEmpty() || role == null
716 || role.trim().isEmpty()) {
717 ci.println("Invalid Arguments");
718 ci.println("umRemUser <user_name> <password> <user_role>");
721 this.removeLocalUser(new UserConfig(userName, password, role));
724 public void _umGetUsers(CommandInterpreter ci) {
725 for (UserConfig conf : this.getLocalUserList()) {
726 ci.println(conf.getUser() + " " + conf.getRole());
731 public String getHelp() {
732 StringBuffer help = new StringBuffer();
733 return help.toString();
736 void setClusterGlobalService(IClusterGlobalServices s) {
737 logger.debug("Cluster Service Global set");
738 this.clusterGlobalService = s;
741 void unsetClusterGlobalService(IClusterGlobalServices s) {
742 if (this.clusterGlobalService == s) {
743 logger.debug("Cluster Service Global removed!");
744 this.clusterGlobalService = null;
748 void unsetContainerAuthClient(IContainerAuthorization s) {
749 if (this.containerAuthorizationClient == s) {
750 this.containerAuthorizationClient = null;
754 void setContainerAuthClient(IContainerAuthorization s) {
755 this.containerAuthorizationClient = s;
758 void setAppAuthClient(IResourceAuthorization s) {
759 this.applicationAuthorizationClients.add(s);
762 void unsetAppAuthClient(IResourceAuthorization s) {
763 this.applicationAuthorizationClients.remove(s);
767 * Function called by the dependency manager when all the required
768 * dependencies are satisfied
775 * Function called by the dependency manager when at least one
776 * dependency become unsatisfied or when the component is shutting
777 * down because for example bundle is being stopped.
784 * Function called by dependency manager after "init ()" is called
785 * and after the services provided by the class are registered in
786 * the service registry
790 authProviders = new ConcurrentHashMap<String, IAAAProvider>();
791 // Instantiate cluster synced variables
795 // Read startup configuration and populate databases
796 loadConfigurations();
798 // Make sure default Network Admin account is there
799 checkDefaultNetworkAdmin();
800 BundleContext bundleContext = FrameworkUtil.getBundle(this.getClass())
802 bundleContext.registerService(CommandProvider.class.getName(), this,
807 * Function called by the dependency manager before the services
808 * exported by the component are unregistered, this will be
809 * followed by a "destroy ()" calls
816 public List<String> getUserRoles(String userName) {
817 if (userName == null) {
818 return new ArrayList<String>(0);
820 AuthenticatedUser locatedUser = activeUsers.get(userName);
821 return (locatedUser == null) ? new ArrayList<String>(0) : locatedUser
826 public UserLevel getUserLevel(String username) {
827 // Returns the controller well-know user level for the passed user
828 String roleName = null;
830 // First check in active users then in local configured users
831 if (activeUsers.containsKey(username)) {
832 roleName = activeUsers.get(username).getUserRoles().get(0);
833 } else if (localUserConfigList.containsKey(username)) {
834 roleName = localUserConfigList.get(username).getRole();
837 if (roleName == null) {
838 return UserLevel.NOUSER;
841 // For now only one role per user is allowed
842 if (roleName.equals(UserLevel.SYSTEMADMIN.toString())) {
843 return UserLevel.SYSTEMADMIN;
845 if (roleName.equals(UserLevel.NETWORKADMIN.toString())) {
846 return UserLevel.NETWORKADMIN;
848 if (roleName.equals(UserLevel.NETWORKOPERATOR.toString())) {
849 return UserLevel.NETWORKOPERATOR;
851 if (this.containerAuthorizationClient != null
852 && this.containerAuthorizationClient
853 .isApplicationRole(roleName)) {
854 return UserLevel.CONTAINERUSER;
856 for (IResourceAuthorization client : this.applicationAuthorizationClients) {
857 if (client.isApplicationRole(roleName)) {
858 return UserLevel.APPUSER;
861 return UserLevel.NOUSER;
865 public Status saveConfiguration() {
866 boolean success = true;
867 Status ret = saveLocalUserList();
868 if (!ret.isSuccess()) {
871 ret = saveAAAServerList();
872 if (!ret.isSuccess()) {
875 ret = saveAuthorizationList();
876 if (!ret.isSuccess()) {
881 return new Status(StatusCode.SUCCESS, null);
884 return new Status(StatusCode.INTERNALERROR,
885 "Failed to save user configurations");
889 public UserDetails loadUserByUsername(String username)
890 throws UsernameNotFoundException {
891 AuthenticatedUser user = activeUsers.get(username);
894 boolean enabled = true;
895 boolean accountNonExpired = true;
896 boolean credentialsNonExpired = true;
897 boolean accountNonLocked = true;
899 return new User(username, localUserConfigList.get(username)
900 .getPassword(), enabled, accountNonExpired,
901 credentialsNonExpired, accountNonLocked, user
902 .getGrantedAuthorities(getUserLevel(username)));
904 throw new UsernameNotFoundException("User not found " + username);
908 public boolean supports(Class<?> authentication) {
909 return UsernamePasswordAuthenticationToken.class
910 .isAssignableFrom(authentication);
915 public SecurityContextRepository getSecurityContextRepo() {
916 return securityContextRepo;
919 public void setSecurityContextRepo(
920 SecurityContextRepository securityContextRepo) {
921 this.securityContextRepo = securityContextRepo;
925 public Authentication authenticate(Authentication authentication)
926 throws AuthenticationException {
928 if (StringUtils.isBlank((String) authentication.getCredentials())
929 || StringUtils.isBlank((String) authentication.getPrincipal())) {
930 throw new BadCredentialsException(
931 "Username or credentials did not match");
934 AuthResultEnum result = authenticate((String) authentication
935 .getPrincipal(), (String) authentication.getCredentials());
936 if (result.equals(AuthResultEnum.AUTHOR_PASS)
937 || result.equals(AuthResultEnum.AUTH_ACCEPT_LOC)
938 || result.equals(AuthResultEnum.AUTH_ACCEPT)) {
940 AuthenticatedUser user = activeUsers.get(authentication
941 .getPrincipal().toString());
944 throw new AuthenticationServiceException(
945 "Authentication Failure");
948 authentication = new UsernamePasswordAuthenticationToken(
949 authentication.getPrincipal(), authentication
950 .getCredentials(), user
951 .getGrantedAuthorities(getUserLevel(authentication
953 return authentication;
956 throw new BadCredentialsException(
957 "Username or credentials did not match");
961 //following are setters for use in unit testing
962 void setLocalUserConfigList(ConcurrentMap<String, UserConfig> ucl) {
963 if (ucl != null) { this.localUserConfigList = ucl; }
965 void setRemoteServerConfigList (ConcurrentMap<String, ServerConfig> scl) {
966 if (scl != null) { this.remoteServerConfigList = scl; }
968 void setAuthorizationConfList (ConcurrentMap<String, AuthorizationConfig> acl) {
969 if (acl != null) { this.authorizationConfList = acl; }
971 void setActiveUsers (ConcurrentMap<String, AuthenticatedUser> au) {
972 if (au != null) { this.activeUsers = au; }
974 void setAuthProviders(ConcurrentMap<String, IAAAProvider> ap ) {
976 this.authProviders = ap;
981 public ISessionManager getSessionManager() {
982 return this.sessionMgr;
985 public void setSessionMgr(ISessionManager sessionMgr) {
986 this.sessionMgr = sessionMgr;
Code Review / controller.git / blob