org.opendaylight.aaa.shiro.web.env.AAAWebEnvironment Maven / Gradle / Ivy
/*
* Copyright (c) 2018 Inocybe Technologies and others. All rights reserved.
* Copyright (c) 2022 PANTHEON.tech, s.r.o.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
package org.opendaylight.aaa.shiro.web.env;
import org.apache.shiro.config.Ini;
import org.apache.shiro.web.env.IniWebEnvironment;
import org.opendaylight.aaa.api.AuthenticationService;
import org.opendaylight.aaa.api.TokenStore;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
import org.opendaylight.aaa.cert.api.ICertificateManager;
import org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm;
import org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter;
import org.opendaylight.aaa.shiro.realm.MdsalRealm;
import org.opendaylight.aaa.shiro.realm.MoonRealm;
import org.opendaylight.aaa.shiro.realm.TokenAuthRealm;
import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
import org.opendaylight.aaa.web.servlet.ServletSupport;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroIni;
import org.opendaylight.yangtools.util.ClassLoaderUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Extends {@code BasicInitEnvironment} to provide the {@link Ini} configuration via a clustered app config,
* Initialization happens in the context of this class's ClassLoader, with dependencies being injected into their
* thread-local variables.
*/
public final class AAAWebEnvironment extends IniWebEnvironment implements AAAShiroWebEnvironment {
private static final Logger LOG = LoggerFactory.getLogger(AAAWebEnvironment.class);
public AAAWebEnvironment(final ShiroIni shiroConfiguration, final DataBroker dataBroker,
final ICertificateManager certificateManager, final AuthenticationService authenticationService,
final TokenAuthenticators tokenAuthenticators, final TokenStore tokenStore,
final PasswordHashService passwordHashService, final ServletSupport servletSupport) {
// Turn ShiroConfiguration into an Ini
final var ini = new Ini();
final var mainSection = ini.addSection("main");
for (var main : shiroConfiguration.nonnullMain()) {
mainSection.put(main.getPairKey(), main.getPairValue());
}
final var urlsSection = ini.addSection("urls");
for (var url : shiroConfiguration.nonnullUrls()) {
urlsSection.put(url.getPairKey(), url.getPairValue());
}
// Set the configuration
setIni(ini);
// Configure the instance with all known custom components prepared for loading via their thread locals and
// clean up afterwards. This needs to happen on our class loader so Shiro's ReflectionBuilder use of
// Class.forName() is happy.
ClassLoaderUtils.runWithClassLoader(AAAWebEnvironment.class.getClassLoader(), () -> {
try (var filterLoad = MDSALDynamicAuthorizationFilter.prepareForLoad(dataBroker);
var keyStoneLoad = KeystoneAuthRealm.prepareForLoad(certificateManager, servletSupport);
var mdsalLoad = MdsalRealm.prepareForLoad(passwordHashService, dataBroker);
var moonLoad = MoonRealm.prepareForLoad(servletSupport);
var tokenAuthLoad = TokenAuthRealm.prepareForLoad(authenticationService, tokenAuthenticators,
tokenStore)) {
configure();
}
});
LOG.debug("AAAWebEnvironment created");
}
}