Hi Brian,
Thanks for the response. I think I got it.
ODL Has has web.xml is configured with shiro filter, so when I re built the
sal-rest-connector module with this filter property it worked fine
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.opendaylight.aaa.shiro.filters.AAAFilter</filter-class>
<init-param>
<param-name>staticSecurityManagerEnabled</param-name>
<param-value>true</param-value>
</init-param>
</filter>
So for now, I got 2 options.
1. Bundle customized ODL sal-rest-connector with our product (with
this small change).
2. Use dummy user context (RPC cal) on startup of the karaf and
register my authentication listener.
will discuss with my colleagues and based on the decision will go with
one of them.
Thanks for the guidance.
Hari
On Mon, Dec 12, 2016 at 4:10 PM, Brian Demers <[email protected]>
wrote:
> I'm guessing your are referring to this:
> https://github.com/careerscale/opendaylight-demo/blob/
> 49b61437ccf7f19ec9633be450799971e7bca67f/impl/src/main/java/
> com/company/sdn/impl/ConnectorRpcProvider.java#L59
>
> Instead of looking up the static instance, can you just pass one into your
> constructor? Where is the constructor called? Ideally you should be able
> to get the SecurityManager instance from the frame work you are using
> (Guice, Spring, etc).
>
> I know this doesn't give you a concrete answer, but maybe we should back
> up a bit, so we can understand how your application is configured. How is
> the Shiro SecurityManager configured in your environment ?
>
> On Mon, Dec 12, 2016 at 6:24 PM, Harinath Mallepally <[email protected]>
> wrote:
>
>> Hi Brian,
>>
>> FYI
>>
>> I have sample project with ODL
>> https://github.com/careerscale/opendaylight-demo
>>
>> ConnectorRpcProvider has test code in couple of places. it is working
>> fine in RPC context (as there is user context available, but not in the
>> constructor method where the user context is not present.
>>
>> try {
>> AuthenticatingSecurityManager securityMgr =
>> (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();
>>
>> LOG.info("security mgr {}",securityMgr);
>>
>> AbstractAuthenticator authentication = (AbstractAuthenticator)
>> securityMgr.getAuthenticator();
>>
>> authentication.getAuthenticationListeners().add(new
>> CustomAuthenticationListener());
>>
>> } catch (Exception e) {
>> LOG.error("error {}", e);
>> }
>>
>>
>>
>>
>>
>>
>> On Fri, Dec 9, 2016 at 3:38 PM, Brian Demers <[email protected]>
>> wrote:
>>
>>> I'm not sure, but I'm guessing you will run into classloader issues with
>>> a static instance.
>>>
>>> Do you have an example project (something simple that can be used to
>>> illustrate the point)? Maybe that will help others as well.
>>>
>>> -Brian
>>>
>>> On Fri, Dec 9, 2016 at 4:58 PM, Harinath Mallepally <[email protected]>
>>> wrote:
>>>
>>>> Hi Brian,
>>>> I know it is not directly related with shiro, but trying to see how do
>>>> I configure this property in karaf?
>>>> staticSecurityManagerEnabled
>>>>
>>>>
>>>> Thanks
>>>> Hari
>>>>
>>>> On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[email protected]>
>>>> wrote:
>>>>
>>>>> I'd need to see a bit more of the stacktrace. But i'm guessing your
>>>>> call is not in the context of a request. If that is the case you would
>>>>> need to enable the static instance of the SecurityManager.
>>>>>
>>>>> See the note about 'staticSecurityManagerEnabled' in:
>>>>> https://shiro.apache.org/static/current/apidocs/org/apache/s
>>>>> hiro/web/servlet/AbstractShiroFilter.html
>>>>>
>>>>> On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[email protected]
>>>>> > wrote:
>>>>>
>>>>>> Hi Brian,
>>>>>>
>>>>>> it is same error , looks like something is wrong.
>>>>>>
>>>>>> org.apache.shiro.UnavailableSecurityManagerException: No
>>>>>> SecurityManager accessible to the calling code, either bound to the
>>>>>> org.apache.shiro.util.ThreadContext or as a vm static singleton.
>>>>>> This is an invalid application configuration.
>>>>>> at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUt
>>>>>> ils.java:123)
>>>>>> at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
>>>>>> at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)
>>>>>>
>>>>>>
>>>>>> couldn't figure it out. any thoughts?
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> in both cases. I understand that it needs a user context and during
>>>>>>> application start, this error makes sense.
>>>>>>>
>>>>>>> it failed in RPC requests, i expected it to work.
>>>>>>> i saw this working fine earlier, might be something got messed up.
>>>>>>> will do clean build and try again.
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Where is that method getting called from? Is it from the context of
>>>>>>>> a request or while your application is starting ?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Thanks for the response.
>>>>>>>>>
>>>>>>>>> I tried this way, but results in with error. any thoughts on how
>>>>>>>>> do I get handle on this? It looks like something is wrong with
>>>>>>>>> configuration or so.
>>>>>>>>>
>>>>>>>>> private void setListener(){
>>>>>>>>>
>>>>>>>>> try {
>>>>>>>>> //TODO temp code, remove it
>>>>>>>>> AuthenticatingSecurityManager securityMgr =
>>>>>>>>> (AuthenticatingSecurityManager) SecurityUtils.getSecurityManag
>>>>>>>>> er();
>>>>>>>>>
>>>>>>>>> System.out.println(securityMgr);
>>>>>>>>>
>>>>>>>>> AbstractAuthenticator authentication =
>>>>>>>>> (AbstractAuthenticator) securityMgr.getAuthenticator();
>>>>>>>>>
>>>>>>>>> authentication.getAuthenticationListeners().add(new
>>>>>>>>> CustomAuthenticationListener());
>>>>>>>>> }catch(Exception e){
>>>>>>>>> LOG.error("error {}", e);
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>> but resulted in with this
>>>>>>>>>
>>>>>>>>> error {}
>>>>>>>>> org.apache.shiro.UnavailableSecurityManagerException: No
>>>>>>>>> SecurityManager accessible to the calling code, either bound to the
>>>>>>>>> org.apache.shiro.util.ThreadContext or as a vm static singleton.
>>>>>>>>> This is an invalid application configuration.
>>>>>>>>> at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUt
>>>>>>>>> ils.java:123)
>>>>>>>>>
>>>>>>>>> .........
>>>>>>>>>
>>>>>>>>> On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> I'm not sure, but if I had to guess, I would say you need to
>>>>>>>>>> export your package in your bundles config
>>>>>>>>>>
>>>>>>>>>> On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <
>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>
>>>>>>>>>>> yes, I am using shiro.ini, my problem is my class is not being
>>>>>>>>>>> identified in karaf (doing it with opendaylight), didn't know how
>>>>>>>>>>> to add my
>>>>>>>>>>> class into classpath without modifying ODL feature.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <
>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> I you are using a shiro.ini just stick your filter in the
>>>>>>>>>>>> [main] section.
>>>>>>>>>>>>
>>>>>>>>>>>> For example:
>>>>>>>>>>>>
>>>>>>>>>>>> [main]
>>>>>>>>>>>> ...
>>>>>>>>>>>> myFilter = com.foo.bar.MyWickedCoolFilter
>>>>>>>>>>>>
>>>>>>>>>>>> [urls]
>>>>>>>>>>>> /path/* = myFilter
>>>>>>>>>>>> # or possibly
>>>>>>>>>>>> /another/path/* = myFitler[anOption]
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[email protected]>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> There's a SecurityUtils class that can access the static
>>>>>>>>>>>>> SecurityManager object.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Allan C.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <
>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> is it possible to get reference of SecurityManager so that a
>>>>>>>>>>>>>> custom AuthenticationFilter can be added?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Please let me know
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>> Hari
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
