OvirtAuthPlugIn.java example

Explorer
ovirt-engine-master
package org.ovirt.engine.core.jboss_auth_plugin;

import java.io.IOException;
import java.util.Map;

import javax.naming.InitialContext;
import javax.naming.NamingException;

import org.jboss.as.domain.management.plugin.AbstractPlugIn;
import org.jboss.as.domain.management.plugin.Identity;
import org.jboss.as.domain.management.plugin.ValidatePasswordCredential;
import org.ovirt.engine.core.aaa.SsoOAuthServiceUtils;
import org.ovirt.engine.core.aaa.SsoUtils;
import org.ovirt.engine.core.aaa.filters.FiltersHelper;
import org.ovirt.engine.core.common.interfaces.BackendLocal;
import org.ovirt.engine.core.common.queries.VdcQueryParametersBase;
import org.ovirt.engine.core.common.queries.VdcQueryType;

public class OvirtAuthPlugIn extends AbstractPlugIn {

    private static final String scope = "ovirt-app-api";

    public void init(Map<String, String> configuration, Map<String, Object> sharedState) throws IOException {
        this.configuration = configuration;
        // This will allow an AuthorizationPlugIn to delegate back to this instance.
        sharedState.put(OvirtAuthPlugIn.class.getName(), this);
    }

    @Override
    public Identity loadIdentity(final String username, String realm) throws IOException {
        return new Identity<ValidatePasswordCredential>() {
            @Override
            public String getUserName() {
                return username;
            }

            @Override
            public ValidatePasswordCredential getCredential() {
                return chars -> {
                    BackendLocal backend;
                    try {
                        backend = (BackendLocal) new InitialContext().lookup(
                                        "java:global/engine/bll/Backend!" + BackendLocal.class.getName());
                    } catch (NamingException e) {
                        throw new RuntimeException("Can't communicate with the backend API");
                    }
                    String token = null;
                    String engineSessionId = null;
                    boolean loginSucceeded = true;
                    try {
                        Map<String, Object> jsonResponse = SsoOAuthServiceUtils.loginWithPassword(
                                username, new String(chars), scope);
                        FiltersHelper.isStatusOk(jsonResponse);
                        token = (String) jsonResponse.get("access_token");
                        engineSessionId = SsoUtils.createUserSession(null,
                                FiltersHelper.getPayloadForToken(token),
                                false);
                    } catch (Exception e) {
                        loginSucceeded = false;
                    }
                    try {
                        return loginSucceeded
                                && engineSessionId != null
                                && backend.runQuery(
                                VdcQueryType.IsUserApplicationContainerManager,
                                new VdcQueryParametersBase(engineSessionId)
                        ).getSucceeded();
                    } finally {
                        if (token != null) {
                            SsoOAuthServiceUtils.revoke(token, "");
                        }
                    }
                };
            }
        };
    }
}