Brian,
ODL is bundling the shiro and odl aaa modules together as a feature so I
think that makes the class path issue not to be there. If I have to do
something similar, I have skip odl-aaa-shiro feature and create my own very
similar to this one.
<!-- odl-aaa-shiro feature which combines all aspects of AAA into one
feature -->
<feature name='odl-aaa-shiro' description='OpenDaylight :: AAA :: Shiro'
version='${project.version}'>
<!-- OSGI -->
<bundle>mvn:org.apache.felix/org.apache.felix.dependencymanager/{{VERSION}}</bundle>
<bundle>mvn:org.apache.felix/org.apache.felix.metatype/{{VERSION}}</bundle>
<!-- Existing AAA infrastructure -->
<feature version='${project.version}'>odl-aaa-authn</feature>
<bundle>mvn:org.apache.shiro/shiro-web/{{VERSION}}</bundle>
* <bundle>mvn:org.apache.shiro/shiro-core/{{VERSION}}</bundle>*
<bundle>mvn:com.google.guava/guava/{{VERSION}}</bundle>
<bundle>wrap:mvn:javax.annotation/javax.annotation-api/{{VERSION}}</bundle>
<bundle>wrap:mvn:com.google.code.findbugs/jsr305/{{VERSION}}</bundle>
<bundle>wrap:mvn:commons-codec/commons-codec/{{VERSION}}</bundle>
<bundle>wrap:mvn:org.apache.oltu.oauth2/org.apache.oltu.oauth2.resourceserver/{{VERSION}}</bundle>
<bundle>wrap:mvn:org.apache.oltu.oauth2/org.apache.oltu.oauth2.authzserver/{{VERSION}}</bundle>
<bundle>wrap:mvn:org.apache.oltu.oauth2/org.apache.oltu.oauth2.common/{{VERSION}}</bundle>
<bundle>wrap:mvn:org.json/json/{{VERSION}}</bundle>
<bundle>mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-beanutils/{{VERSION}}</bundle>
* <bundle>mvn:org.opendaylight.aaa/aaa-shiro/{{VERSION}}</bundle>*
<!-- AAA configuration file -->
<configfile
finalname="/etc/shiro.ini">mvn:org.opendaylight.aaa/aaa-shiro/{{VERSION}}/cfg/configuration</configfile>
</feature>
On Thu, Nov 3, 2016 at 8:00 AM, Brian Demers <[email protected]> wrote:
> I just took a quick look at the AAA doc, it does look like adding a custom
> Realm is listed there ( I know you are not working on a Realm, but the
> classpath issues would be the same ). I suggest asking on the ODL irc or
> mailing list.
>
> Keep us posted!
>
> On Wed, Nov 2, 2016 at 4:44 PM, Harinath Mallepally <[email protected]>
> wrote:
>
>> Thanks Brian,
>>
>> My observation is that even SecurityUtils.getSecurityManager(); is
>> working in user context only, I tried placing it in the constructor of my
>> RPC provider class but of no luck. yes i see shiro getting intialized in
>> the before my module as per the logs of ODL.
>>
>> I wanted to move this to shiro.ini but do not know how I can make my
>> class accessible during shiro initialization (I don't want to make changes
>> to ODL aaa module). I know this is not specific to shiro but do you suggest
>> anything for me to achieve this?
>>
>> WebUtils.getRequiredWebEnvironment() needs servlet context as input and
>> I don't see it in my ODL module, so might not be able to use it.
>>
>>
>>
>>
>> On Wed, Nov 2, 2016 at 6:16 AM, Brian Demers <[email protected]>
>> wrote:
>>
>>> You only need to be in the context of a request if you are dealing with
>>> a user's request.
>>>
>>> You _could_ just get the SecurityManager from 'WebUtils.
>>> getRequiredWebEnvironment()' (assuming Shiro has already been
>>> initialized). You could also just move all of this configuration into your
>>> shiro.ini file.
>>>
>>> On Tue, Nov 1, 2016 at 6:56 PM, Harinath Mallepally <[email protected]>
>>> wrote:
>>>
>>>> Hi Brian,
>>>>
>>>> I wanted to add my custom AuthenticationListener to shiro so that I can
>>>> required logging. As I understand I can get the SecurityManager reference
>>>> only during user context (RPC in ODL), I am doing this during a RPC
>>>> invocation.
>>>>
>>>> org.apache.shiro.mgt.SecurityManager secManager =
>>>> SecurityUtils.getSecurityManager();
>>>> AuthenticatingSecurityManager absSecMgr =
>>>> (AuthenticatingSecurityManager)secManager;
>>>> AbstractAuthenticator absAuthenticator =
>>>> (AbstractAuthenticator)absSecMgr.getAuthenticator();
>>>> absAuthenticator.getAuthenticationListeners().add(new
>>>> XceedAuthenticationListener());
>>>>
>>>>
>>>> It doesn't sound right to me as multiple calls will result in duplicate
>>>> listeners. is there any easier option.
>>>>
>>>> Since ODL AAA is initializing shiro, other option I have is to bundle
>>>> my code along with AAA but I want to avoid that.
>>>>
>>>> Thanks
>>>> Hari
>>>>
>>>>
>>>> On Mon, Oct 31, 2016 at 3:49 PM, Harinath Mallepally <[email protected]>
>>>> wrote:
>>>>
>>>>> I think it was my mistake. It was my addition of shiro-core into
>>>>> maven bundle-plugin, that might have resulted in the behavior i observed,
>>>>> I
>>>>> removed it and it worked fine.
>>>>>
>>>>>
>>>>> <plugin>
>>>>> <groupId>org.apache.felix</groupId>
>>>>> <artifactId>maven-bundle-plugin</artifactId>
>>>>> <version>2.4.0</version>
>>>>> <extensions>true</extensions>
>>>>> <configuration>
>>>>> <instructions>
>>>>> <Import-Package>*</Import-Package>
>>>>> <Embed-Dependency>...,shiro-core</Embed-Dependency>
>>>>> </instructions>
>>>>> <manifestLocation>${project.basedir}/META-INF</manifestLocation>
>>>>> </configuration>
>>>>> </plugin>
>>>>>
>>>>> Thanks
>>>>> Hari
>>>>>
>>>>> I
>>>>>
>>>>> On Mon, Oct 31, 2016 at 7:12 AM, Brian Demers <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> I know a portion of opendaylight is async, so you _may_ need to
>>>>>> configure the static instance of the SecurityManager, But from the stack
>>>>>> trace, I do NOT see the Shiro filter. Take a look at
>>>>>> http://shiro.apache.org/web.html to see what you would need in your
>>>>>> web.xml
>>>>>>
>>>>>> Let us know how it goes.
>>>>>>
>>>>>> On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> Brian,
>>>>>>>
>>>>>>> Here is the log trace
>>>>>>>
>>>>>>> https://gist.github.com/careerscale/697284952f01e445b10a3bc95f773dac
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> I'd need to see a bit more of the stacktrace. But i'm guessing your
>>>>>>>> call is not in the context of a request. If that is the case you would
>>>>>>>> need to enable the static instance of the SecurityManager.
>>>>>>>>
>>>>>>>> See the note about 'staticSecurityManagerEnabled' in:
>>>>>>>> https://shiro.apache.org/static/current/apidocs/org/apache/s
>>>>>>>> hiro/web/servlet/AbstractShiroFilter.html
>>>>>>>>
>>>>>>>> On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Hi Brian,
>>>>>>>>>
>>>>>>>>> it is same error , looks like something is wrong.
>>>>>>>>>
>>>>>>>>> org.apache.shiro.UnavailableSecurityManagerException: No
>>>>>>>>> SecurityManager accessible to the calling code, either bound to the
>>>>>>>>> org.apache.shiro.util.ThreadContext or as a vm static singleton.
>>>>>>>>> This is an invalid application configuration.
>>>>>>>>> at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUt
>>>>>>>>> ils.java:123)
>>>>>>>>> at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java
>>>>>>>>> :627)
>>>>>>>>> at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java
>>>>>>>>> :56)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> couldn't figure it out. any thoughts?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> in both cases. I understand that it needs a user context and
>>>>>>>>>> during application start, this error makes sense.
>>>>>>>>>>
>>>>>>>>>> it failed in RPC requests, i expected it to work.
>>>>>>>>>> i saw this working fine earlier, might be something got messed
>>>>>>>>>> up. will do clean build and try again.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <
>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>
>>>>>>>>>>> Where is that method getting called from? Is it from the context
>>>>>>>>>>> of a request or while your application is starting ?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <
>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Thanks for the response.
>>>>>>>>>>>>
>>>>>>>>>>>> I tried this way, but results in with error. any thoughts on
>>>>>>>>>>>> how do I get handle on this? It looks like something is wrong with
>>>>>>>>>>>> configuration or so.
>>>>>>>>>>>>
>>>>>>>>>>>> private void setListener(){
>>>>>>>>>>>>
>>>>>>>>>>>> try {
>>>>>>>>>>>> //TODO temp code, remove it
>>>>>>>>>>>> AuthenticatingSecurityManager securityMgr =
>>>>>>>>>>>> (AuthenticatingSecurityManager) SecurityUtils.getSecurityManag
>>>>>>>>>>>> er();
>>>>>>>>>>>>
>>>>>>>>>>>> System.out.println(securityMgr);
>>>>>>>>>>>>
>>>>>>>>>>>> AbstractAuthenticator authentication =
>>>>>>>>>>>> (AbstractAuthenticator) securityMgr.getAuthenticator();
>>>>>>>>>>>>
>>>>>>>>>>>> authentication.getAuthenticationListeners().add(new
>>>>>>>>>>>> CustomAuthenticationListener());
>>>>>>>>>>>> }catch(Exception e){
>>>>>>>>>>>> LOG.error("error {}", e);
>>>>>>>>>>>> }
>>>>>>>>>>>> }
>>>>>>>>>>>> but resulted in with this
>>>>>>>>>>>>
>>>>>>>>>>>> error {}
>>>>>>>>>>>> org.apache.shiro.UnavailableSecurityManagerException: No
>>>>>>>>>>>> SecurityManager accessible to the calling code, either bound to the
>>>>>>>>>>>> org.apache.shiro.util.ThreadContext or as a vm static
>>>>>>>>>>>> singleton. This is an invalid application configuration.
>>>>>>>>>>>> at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUt
>>>>>>>>>>>> ils.java:123)
>>>>>>>>>>>>
>>>>>>>>>>>> .........
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <
>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> I'm not sure, but if I had to guess, I would say you need to
>>>>>>>>>>>>> export your package in your bundles config
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <
>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> yes, I am using shiro.ini, my problem is my class is not
>>>>>>>>>>>>>> being identified in karaf (doing it with opendaylight), didn't
>>>>>>>>>>>>>> know how to
>>>>>>>>>>>>>> add my class into classpath without modifying ODL feature.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <
>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I you are using a shiro.ini just stick your filter in the
>>>>>>>>>>>>>>> [main] section.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> For example:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [main]
>>>>>>>>>>>>>>> ...
>>>>>>>>>>>>>>> myFilter = com.foo.bar.MyWickedCoolFilter
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [urls]
>>>>>>>>>>>>>>> /path/* = myFilter
>>>>>>>>>>>>>>> # or possibly
>>>>>>>>>>>>>>> /another/path/* = myFitler[anOption]
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <
>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> There's a SecurityUtils class that can access the static
>>>>>>>>>>>>>>>> SecurityManager object.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>> Allan C.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <
>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> is it possible to get reference of SecurityManager so that
>>>>>>>>>>>>>>>>> a custom AuthenticationFilter can be added?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Please let me know
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>> Hari
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
