import org.opendaylight.aaa.api.CredentialAuth;
import org.opendaylight.aaa.api.PasswordCredentials;
import org.opendaylight.netconf.auth.AuthProvider;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.ServiceReference;
-import org.osgi.util.tracker.ServiceTracker;
-import org.osgi.util.tracker.ServiceTrackerCustomizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* AuthProvider implementation delegating to AAA CredentialAuth<PasswordCredentials> instance.
*/
-public final class CredentialServiceAuthProvider implements AuthProvider, AutoCloseable {
+public final class CredentialServiceAuthProvider implements AuthProvider {
private static final Logger LOG = LoggerFactory.getLogger(CredentialServiceAuthProvider.class);
// FIXME CredentialAuth is generic and it causes warnings during compilation
// Maybe there should be a PasswordCredentialAuth implements CredentialAuth<PasswordCredentials>
- private volatile CredentialAuth<PasswordCredentials> nullableCredService;
- private final ServiceTracker<CredentialAuth, CredentialAuth> listenerTracker;
+ private final CredentialAuth<PasswordCredentials> credService;
- public CredentialServiceAuthProvider(final BundleContext bundleContext) {
-
- final ServiceTrackerCustomizer<CredentialAuth, CredentialAuth> customizer =
- new ServiceTrackerCustomizer<CredentialAuth, CredentialAuth>() {
- @Override
- public CredentialAuth addingService(final ServiceReference<CredentialAuth> reference) {
- LOG.trace("Credential service {} added", reference);
- nullableCredService = bundleContext.getService(reference);
- return nullableCredService;
- }
-
- @Override
- public void modifiedService(final ServiceReference<CredentialAuth> reference,
- final CredentialAuth service) {
- LOG.trace("Replacing modified Credential service {}", reference);
- nullableCredService = service;
- }
-
- @Override
- public void removedService(final ServiceReference<CredentialAuth> reference, final CredentialAuth service) {
- LOG.trace("Removing Credential service {}. "
- + "This AuthProvider will fail to authenticate every time", reference);
- synchronized (CredentialServiceAuthProvider.this) {
- nullableCredService = null;
- }
- }
- };
- listenerTracker = new ServiceTracker<>(bundleContext, CredentialAuth.class, customizer);
- listenerTracker.open();
+ public CredentialServiceAuthProvider(final CredentialAuth<PasswordCredentials> credService) {
+ this.credService = credService;
}
/**
* Authenticate user. This implementation tracks CredentialAuth<PasswordCredentials>
- * and delegates the decision to it. If the service is not available, IllegalStateException is thrown.
+ * and delegates the decision to it.
*/
@Override
- public synchronized boolean authenticated(final String username, final String password) {
- if (nullableCredService == null) {
- LOG.warn("Cannot authenticate user '{}', Credential service is missing", username);
- throw new IllegalStateException("Credential service is not available");
- }
+ public boolean authenticated(final String username, final String password) {
Claim claim;
try {
- claim = nullableCredService.authenticate(new PasswordCredentialsWrapper(username, password));
+ claim = credService.authenticate(new PasswordCredentialsWrapper(username, password));
} catch (AuthenticationException e) {
LOG.debug("Authentication failed for user '{}' : {}", username, e);
return false;
return true;
}
- /**
- * Invoked by blueprint.
- */
- @Override
- public void close() {
- listenerTracker.close();
- nullableCredService = null;
- }
-
private static final class PasswordCredentialsWrapper implements PasswordCredentials {
private final String username;
private final String password;
package org.opendaylight.aaa.odl;
import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import org.opendaylight.aaa.api.Claim;
import org.opendaylight.aaa.api.CredentialAuth;
import org.opendaylight.aaa.api.PasswordCredentials;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.Filter;
-import org.osgi.framework.ServiceEvent;
import org.osgi.framework.ServiceListener;
import org.osgi.framework.ServiceReference;
@Mock
private CredentialAuth<PasswordCredentials> credAuth;
- @Mock
- private BundleContext ctx;
@Before
public void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
- doReturn(mock(Filter.class)).when(ctx).createFilter(anyString());
}
- @Test(expected = IllegalStateException.class)
- public void testAuthenticatedNoDelegate() throws Exception {
- CredentialServiceAuthProvider credentialServiceAuthProvider = new CredentialServiceAuthProvider(ctx);
- credentialServiceAuthProvider.authenticated("user", "pwd");
- }
@Test
public void testAuthenticatedTrue() throws Exception {
ServiceReference serviceRef = mock(ServiceReference.class);
ServiceListenerAnswer answer = new ServiceListenerAnswer();
- doAnswer(answer).when(ctx).addServiceListener(any(ServiceListener.class), anyString());
Claim claim = mock(Claim.class);
doReturn("domain").when(claim).domain();
doReturn(claim).when(credAuth).authenticate(any(PasswordCredentials.class));
- doReturn(credAuth).when(ctx).getService(serviceRef);
- CredentialServiceAuthProvider credentialServiceAuthProvider = new CredentialServiceAuthProvider(ctx);
-
- answer.serviceListener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED, serviceRef));
- assertNotNull(answer.serviceListener);
-
+ CredentialServiceAuthProvider credentialServiceAuthProvider = new CredentialServiceAuthProvider(credAuth);
assertTrue(credentialServiceAuthProvider.authenticated("user", "pwd"));
}
@Test
public void testAuthenticatedFalse() throws Exception {
- ServiceReference serviceRef = mock(ServiceReference.class);
-
- ServiceListenerAnswer answer = new ServiceListenerAnswer();
- doAnswer(answer).when(ctx).addServiceListener(any(ServiceListener.class), anyString());
-
doThrow(AuthenticationException.class).when(credAuth).authenticate(any(PasswordCredentials.class));
-
- doReturn(credAuth).when(ctx).getService(serviceRef);
- CredentialServiceAuthProvider credentialServiceAuthProvider = new CredentialServiceAuthProvider(ctx);
-
- answer.serviceListener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED, serviceRef));
- assertNotNull(answer.serviceListener);
-
+ CredentialServiceAuthProvider credentialServiceAuthProvider = new CredentialServiceAuthProvider(credAuth);
assertFalse(credentialServiceAuthProvider.authenticated("user", "pwd"));
}