X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=blobdiff_plain;f=opendaylight%2Fusermanager%2Fimplementation%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fusermanager%2Finternal%2FUserManager.java;h=5d673fbca4abb8f4ba4d5bc0f962e29d95a4608b;hp=e53e962aa82590db6d48890278657926de57dfb0;hb=dad78e1fc8a7c67fa4b88cf09d6a952443462feb;hpb=bd396fa9b759466b8e9cd9b0ac64ee99406f72e7 diff --git a/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java b/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java index e53e962aa8..5d673fbca4 100644 --- a/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java +++ b/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java @@ -36,12 +36,12 @@ import org.opendaylight.controller.containermanager.IContainerAuthorization; import org.opendaylight.controller.sal.authorization.AuthResultEnum; import org.opendaylight.controller.sal.authorization.IResourceAuthorization; import org.opendaylight.controller.sal.authorization.UserLevel; -import org.opendaylight.controller.sal.utils.StatusCode; import org.opendaylight.controller.sal.utils.GlobalConstants; import org.opendaylight.controller.sal.utils.IObjectReader; import org.opendaylight.controller.sal.utils.ObjectReader; import org.opendaylight.controller.sal.utils.ObjectWriter; import org.opendaylight.controller.sal.utils.Status; +import org.opendaylight.controller.sal.utils.StatusCode; import org.opendaylight.controller.usermanager.AuthResponse; import org.opendaylight.controller.usermanager.AuthenticatedUser; import org.opendaylight.controller.usermanager.AuthorizationConfig; @@ -52,7 +52,6 @@ import org.opendaylight.controller.usermanager.ServerConfig; import org.opendaylight.controller.usermanager.UserConfig; import org.opendaylight.controller.usermanager.security.SessionManager; import org.opendaylight.controller.usermanager.security.UserSecurityContextRepository; - import org.osgi.framework.BundleContext; import org.osgi.framework.FrameworkUtil; import org.slf4j.Logger; @@ -93,6 +92,25 @@ public class UserManager implements IUserManager, IObjectReader, private IContainerAuthorization containerAuthorizationClient; private Set applicationAuthorizationClients; private ISessionManager sessionMgr = new SessionManager(); + protected enum Command { + ADD("add", "added"), + MODIFY("modify", "modified"), + REMOVE("remove", "removed"); + private String action; + private String postAction; + private Command(String action, String postAction) { + this.action = action; + this.postAction = postAction; + } + + public String getAction() { + return action; + } + + public String getPostAction() { + return postAction; + } + } public boolean addAAAProvider(IAAAProvider provider) { if (provider == null || provider.getName() == null @@ -183,18 +201,12 @@ public class UserManager implements IUserManager, IObjectReader, private void loadConfigurations() { // To encode and decode user and server configuration objects loadSecurityKeys(); - /* - * Do not load local startup file if we already got the configurations - * synced from another cluster node + * Do not load local startup file if we are not the coordinator */ - if (localUserConfigList.isEmpty()) { + if ((clusterGlobalService != null) && (clusterGlobalService.amICoordinator())) { loadUserConfig(); - } - if (remoteServerConfigList.isEmpty()) { loadServerConfig(); - } - if (authorizationConfList.isEmpty()) { loadAuthConfig(); } } @@ -204,12 +216,17 @@ public class UserManager implements IUserManager, IObjectReader, } private void checkDefaultNetworkAdmin() { - // If startup config is not there, it's old or it was deleted, - // need to add Default Network Admin User + /* + * If startup config is not there, it's old or it was deleted or if a + * password recovery was run, need to add Default Network Admin User + */ if (!localUserConfigList.containsKey(DEFAULT_ADMIN)) { List roles = new ArrayList(1); roles.add(DEFAULT_ADMIN_ROLE); - localUserConfigList.put(DEFAULT_ADMIN, new UserConfig(DEFAULT_ADMIN, DEFAULT_ADMIN_PASSWORD, roles)); + // Need to skip the strong password check for the default admin + UserConfig defaultAdmin = UserConfig.getUncheckedUserConfig(UserManager.DEFAULT_ADMIN, + UserManager.DEFAULT_ADMIN_PASSWORD, roles); + localUserConfigList.put(UserManager.DEFAULT_ADMIN, defaultAdmin); } } @@ -259,18 +276,18 @@ public class UserManager implements IUserManager, IObjectReader, rcResponse = aaaClient.authService(userName, password, aaaServer.getAddress(), aaaServer.getSecret()); if (rcResponse.getStatus() == AuthResultEnum.AUTH_ACCEPT) { - logger.info( + logger.trace( "Remote Authentication Succeeded for User: \"{}\", by Server: {}", userName, aaaServer.getAddress()); remotelyAuthenticated = true; break; } else if (rcResponse.getStatus() == AuthResultEnum.AUTH_REJECT) { - logger.info( + logger.trace( "Remote Authentication Rejected User: \"{}\", from Server: {}, Reason:{}", new Object[] { userName, aaaServer.getAddress(), rcResponse.getStatus().toString() }); } else { - logger.info( + logger.trace( "Remote Authentication Failed for User: \"{}\", from Server: {}, Reason:{}", new Object[] { userName, aaaServer.getAddress(), rcResponse.getStatus().toString() }); @@ -475,7 +492,7 @@ public class UserManager implements IUserManager, IObjectReader, /* * Interaction with GUI START */ - private Status addRemoveLocalUser(UserConfig AAAconf, boolean delete) { + private Status changeLocalUser(UserConfig AAAconf, Command command) { // UserConfig Validation check Status validCheck = AAAconf.validate(); if (!validCheck.isSuccess()) { @@ -486,28 +503,51 @@ public class UserManager implements IUserManager, IObjectReader, // Check default admin user if (user.equals(UserManager.DEFAULT_ADMIN)) { - String msg = "Invalid Request: Default Network Admin User cannot be " + ((delete)? "removed" : "added"); + String msg = String.format("Invalid Request: Default Network Admin User cannot be %s", command.getPostAction()); logger.debug(msg); return new Status(StatusCode.NOTALLOWED, msg); } // Check user presence/conflict + UserConfig currentAAAconf = localUserConfigList.get(user); StatusCode statusCode = null; String reason = null; - if (delete && !localUserConfigList.containsKey(user)) { - reason = "not found"; - statusCode = StatusCode.NOTFOUND; - } else if (!delete && localUserConfigList.containsKey(user)) { - reason = "already present"; - statusCode = StatusCode.CONFLICT; + switch (command) { + case ADD: + if (currentAAAconf != null) { + reason = "already present"; + statusCode = StatusCode.CONFLICT; + } + break; + case MODIFY: + case REMOVE: + if (currentAAAconf == null) { + reason = "not found"; + statusCode = StatusCode.NOTFOUND; + } + break; + default: + break; + } if (statusCode != null) { + String action = String.format("Failed to %s user %s: ", command.getAction(), user); String msg = String.format("User %s %s in configuration database", user, reason); - logger.debug(msg); + logger.debug(action + msg); return new Status(statusCode, msg); } - return addRemoveLocalUserInternal(AAAconf, delete); + switch (command) { + case ADD: + return addRemoveLocalUserInternal(AAAconf, false); + case MODIFY: + addRemoveLocalUserInternal(currentAAAconf, true); + return addRemoveLocalUserInternal(AAAconf, false); + case REMOVE: + return addRemoveLocalUserInternal(AAAconf, true); + default: + return new Status(StatusCode.INTERNALERROR, "Unknown action"); + } } private Status addRemoveLocalUserInternal(UserConfig AAAconf, boolean delete) { @@ -566,12 +606,17 @@ public class UserManager implements IUserManager, IObjectReader, @Override public Status addLocalUser(UserConfig AAAconf) { - return addRemoveLocalUser(AAAconf, false); + return changeLocalUser(AAAconf, Command.ADD); + } + + @Override + public Status modifyLocalUser(UserConfig AAAconf) { + return changeLocalUser(AAAconf, Command.MODIFY); } @Override public Status removeLocalUser(UserConfig AAAconf) { - return addRemoveLocalUser(AAAconf, true); + return changeLocalUser(AAAconf, Command.REMOVE); } @Override @@ -584,7 +629,7 @@ public class UserManager implements IUserManager, IObjectReader, return new Status(StatusCode.NOTFOUND, "User does not exist"); } - return addRemoveLocalUser(localUserConfigList.get(userName), true); + return changeLocalUser(localUserConfigList.get(userName), Command.REMOVE); } @Override @@ -639,7 +684,7 @@ public class UserManager implements IUserManager, IObjectReader, // Trigger cluster update localUserConfigList.put(user, targetConfigEntry); - logger.info("Password changed for User \"{}\"", user); + logger.trace("Password changed for User \"{}\"", user); return status; } @@ -649,7 +694,7 @@ public class UserManager implements IUserManager, IObjectReader, // TODO: if user was authenticated through AAA server, send // Acct-Status-Type=stop message to server with logout as reason removeUserFromActiveList(userName); - logger.info("User \"{}\" logged out", userName); + logger.trace("User \"{}\" logged out", userName); } /* @@ -660,7 +705,7 @@ public class UserManager implements IUserManager, IObjectReader, // TODO: if user was authenticated through AAA server, send // Acct-Status-Type=stop message to server with timeout as reason removeUserFromActiveList(userName); - logger.info("User \"{}\" timed out", userName); + logger.trace("User \"{}\" timed out", userName); } @Override