aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa-authn/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'odl-aaa-moon/aaa-authn/src/main')
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/Activator.java51
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/AuthenticationBuilder.java122
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/AuthenticationManager.java77
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/ClaimBuilder.java160
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/ClientManager.java88
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/EqualUtil.java42
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/HashCodeUtil.java104
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/PasswordCredentialBuilder.java87
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/SecureBlockingQueue.java258
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/resources/OSGI-INF/metatype/metatype.properties12
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/resources/OSGI-INF/metatype/metatype.xml16
-rw-r--r--odl-aaa-moon/aaa-authn/src/main/resources/authn.cfg2
12 files changed, 1019 insertions, 0 deletions
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/Activator.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/Activator.java
new file mode 100644
index 00000000..cfe27ef0
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/Activator.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.aaa;
+
+import java.util.Dictionary;
+import org.apache.felix.dm.DependencyActivatorBase;
+import org.apache.felix.dm.DependencyManager;
+import org.opendaylight.aaa.api.AuthenticationService;
+import org.opendaylight.aaa.api.ClientService;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.Constants;
+import org.osgi.service.cm.ManagedService;
+
+/**
+ * Activator to register {@link AuthenticationService} with OSGi.
+ *
+ * @author liemmn
+ *
+ */
+public class Activator extends DependencyActivatorBase {
+
+ private static final String AUTHN_PID = "org.opendaylight.aaa.authn";
+
+ @Override
+ public void init(BundleContext context, DependencyManager manager) throws Exception {
+ manager.add(createComponent().setInterface(
+ new String[] { AuthenticationService.class.getName() }, null).setImplementation(
+ AuthenticationManager.instance()));
+
+ ClientManager cm = new ClientManager();
+ manager.add(createComponent().setInterface(new String[] { ClientService.class.getName() },
+ null).setImplementation(cm));
+ context.registerService(ManagedService.class.getName(), cm, addPid(ClientManager.defaults));
+ context.registerService(ManagedService.class.getName(), AuthenticationManager.instance(),
+ addPid(AuthenticationManager.defaults));
+ }
+
+ @Override
+ public void destroy(BundleContext context, DependencyManager manager) throws Exception {
+ }
+
+ private Dictionary<String, ?> addPid(Dictionary<String, String> dict) {
+ dict.put(Constants.SERVICE_PID, AUTHN_PID);
+ return dict;
+ }
+}
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/AuthenticationBuilder.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/AuthenticationBuilder.java
new file mode 100644
index 00000000..948cbac6
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/AuthenticationBuilder.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.aaa;
+
+import static org.opendaylight.aaa.EqualUtil.areEqual;
+import static org.opendaylight.aaa.HashCodeUtil.hash;
+
+import java.io.Serializable;
+import java.util.Set;
+import org.opendaylight.aaa.api.Authentication;
+import org.opendaylight.aaa.api.Claim;
+
+/**
+ * A builder for the authentication context.
+ *
+ * The expiration defaults to 0.
+ *
+ * @author liemmn
+ *
+ */
+public class AuthenticationBuilder {
+
+ private long expiration = 0L;
+ private Claim claim;
+
+ public AuthenticationBuilder(Claim claim) {
+ this.claim = claim;
+ }
+
+ public AuthenticationBuilder setExpiration(long expiration) {
+ this.expiration = expiration;
+ return this;
+ }
+
+ public Authentication build() {
+ return new ImmutableAuthentication(this);
+ }
+
+ private static final class ImmutableAuthentication implements Authentication, Serializable {
+ private static final long serialVersionUID = 4919078164955609987L;
+ private int hashCode = 0;
+ long expiration = 0L;
+ Claim claim;
+
+ private ImmutableAuthentication(AuthenticationBuilder base) {
+ if (base.claim == null) {
+ throw new IllegalStateException("The Claim is null.");
+ }
+ claim = new ClaimBuilder(base.claim).build();
+ expiration = base.expiration;
+
+ if (base.expiration < 0) {
+ throw new IllegalStateException("The expiration is less than 0.");
+ }
+ }
+
+ @Override
+ public long expiration() {
+ return expiration;
+ }
+
+ @Override
+ public String clientId() {
+ return claim.clientId();
+ }
+
+ @Override
+ public String userId() {
+ return claim.userId();
+ }
+
+ @Override
+ public String user() {
+ return claim.user();
+ }
+
+ @Override
+ public String domain() {
+ return claim.domain();
+ }
+
+ @Override
+ public Set<String> roles() {
+ return claim.roles();
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (!(o instanceof Authentication)) {
+ return false;
+ }
+ Authentication a = (Authentication) o;
+ return areEqual(expiration, a.expiration()) && areEqual(claim.roles(), a.roles())
+ && areEqual(claim.domain(), a.domain()) && areEqual(claim.userId(), a.userId())
+ && areEqual(claim.user(), a.user()) && areEqual(claim.clientId(), a.clientId());
+ }
+
+ @Override
+ public int hashCode() {
+ if (hashCode == 0) {
+ int result = HashCodeUtil.SEED;
+ result = hash(result, expiration);
+ result = hash(result, claim.hashCode());
+ hashCode = result;
+ }
+ return hashCode;
+ }
+
+ @Override
+ public String toString() {
+ return "expiration:" + expiration + "," + claim.toString();
+ }
+ }
+} \ No newline at end of file
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/AuthenticationManager.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/AuthenticationManager.java
new file mode 100644
index 00000000..5f6420a3
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/AuthenticationManager.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.aaa;
+
+import java.util.Dictionary;
+import java.util.Hashtable;
+import org.opendaylight.aaa.api.Authentication;
+import org.opendaylight.aaa.api.AuthenticationService;
+import org.osgi.service.cm.ConfigurationException;
+import org.osgi.service.cm.ManagedService;
+
+/**
+ * An {@link InheritableThreadLocal}-based {@link AuthenticationService}.
+ *
+ * @author liemmn
+ */
+public class AuthenticationManager implements AuthenticationService, ManagedService {
+ private static final String AUTH_ENABLED_ERR = "Error setting authEnabled";
+
+ static final String AUTH_ENABLED = "authEnabled";
+ static final Dictionary<String, String> defaults = new Hashtable<>();
+ static {
+ defaults.put(AUTH_ENABLED, Boolean.FALSE.toString());
+ }
+
+ // In non-Karaf environments, authEnabled is set to false by default
+ private static volatile boolean authEnabled = false;
+
+ private final static AuthenticationManager am = new AuthenticationManager();
+ private final ThreadLocal<Authentication> auth = new InheritableThreadLocal<>();
+
+ private AuthenticationManager() {
+ }
+
+ static AuthenticationManager instance() {
+ return am;
+ }
+
+ @Override
+ public Authentication get() {
+ return auth.get();
+ }
+
+ @Override
+ public void set(Authentication a) {
+ auth.set(a);
+ }
+
+ @Override
+ public void clear() {
+ auth.remove();
+ }
+
+ @Override
+ public boolean isAuthEnabled() {
+ return authEnabled;
+ }
+
+ @Override
+ public void updated(Dictionary<String, ?> properties) throws ConfigurationException {
+ if (properties == null) {
+ return;
+ }
+
+ String propertyValue = (String) properties.get(AUTH_ENABLED);
+ boolean isTrueString = Boolean.parseBoolean(propertyValue);
+ if (!isTrueString && !"false".equalsIgnoreCase(propertyValue)) {
+ throw new ConfigurationException(AUTH_ENABLED, AUTH_ENABLED_ERR);
+ }
+ authEnabled = isTrueString;
+ }
+}
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/ClaimBuilder.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/ClaimBuilder.java
new file mode 100644
index 00000000..4e4a8ef3
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/ClaimBuilder.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.aaa;
+
+import static org.opendaylight.aaa.EqualUtil.areEqual;
+import static org.opendaylight.aaa.HashCodeUtil.hash;
+
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableSet;
+import java.io.Serializable;
+import java.util.LinkedHashSet;
+import java.util.Set;
+import org.opendaylight.aaa.api.Claim;
+
+/**
+ * Builder for a {@link Claim}. The userId, user, and roles information is
+ * mandatory.
+ *
+ * @author liemmn
+ *
+ */
+public class ClaimBuilder {
+ private String userId = "";
+ private String user = "";
+ private Set<String> roles = new LinkedHashSet<>();
+ private String clientId = "";
+ private String domain = "";
+
+ public ClaimBuilder() {
+ }
+
+ public ClaimBuilder(Claim claim) {
+ clientId = claim.clientId();
+ userId = claim.userId();
+ user = claim.user();
+ domain = claim.domain();
+ roles.addAll(claim.roles());
+ }
+
+ public ClaimBuilder setClientId(String clientId) {
+ this.clientId = Strings.nullToEmpty(clientId).trim();
+ return this;
+ }
+
+ public ClaimBuilder setUserId(String userId) {
+ this.userId = Strings.nullToEmpty(userId).trim();
+ return this;
+ }
+
+ public ClaimBuilder setUser(String userName) {
+ user = Strings.nullToEmpty(userName).trim();
+ return this;
+ }
+
+ public ClaimBuilder setDomain(String domain) {
+ this.domain = Strings.nullToEmpty(domain).trim();
+ return this;
+ }
+
+ public ClaimBuilder addRoles(Set<String> roles) {
+ for (String role : roles) {
+ addRole(role);
+ }
+ return this;
+ }
+
+ public ClaimBuilder addRole(String role) {
+ roles.add(Strings.nullToEmpty(role).trim());
+ return this;
+ }
+
+ public Claim build() {
+ return new ImmutableClaim(this);
+ }
+
+ protected static class ImmutableClaim implements Claim, Serializable {
+ private static final long serialVersionUID = -8115027645190209129L;
+ private int hashCode = 0;
+ protected String clientId;
+ protected String userId;
+ protected String user;
+ protected String domain;
+ protected ImmutableSet<String> roles;
+
+ protected ImmutableClaim(ClaimBuilder base) {
+ clientId = base.clientId;
+ userId = base.userId;
+ user = base.user;
+ domain = base.domain;
+ roles = ImmutableSet.<String> builder().addAll(base.roles).build();
+
+ if (userId.isEmpty() || user.isEmpty() || roles.isEmpty() || roles.contains("")) {
+ throw new IllegalStateException(
+ "The Claim is missing one or more of the required fields.");
+ }
+ }
+
+ @Override
+ public String clientId() {
+ return clientId;
+ }
+
+ @Override
+ public String userId() {
+ return userId;
+ }
+
+ @Override
+ public String user() {
+ return user;
+ }
+
+ @Override
+ public String domain() {
+ return domain;
+ }
+
+ @Override
+ public Set<String> roles() {
+ return roles;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o)
+ return true;
+ if (!(o instanceof Claim))
+ return false;
+ Claim a = (Claim) o;
+ return areEqual(roles, a.roles()) && areEqual(domain, a.domain())
+ && areEqual(userId, a.userId()) && areEqual(user, a.user())
+ && areEqual(clientId, a.clientId());
+ }
+
+ @Override
+ public int hashCode() {
+ if (hashCode == 0) {
+ int result = HashCodeUtil.SEED;
+ result = hash(result, clientId);
+ result = hash(result, userId);
+ result = hash(result, user);
+ result = hash(result, domain);
+ result = hash(result, roles);
+ hashCode = result;
+ }
+ return hashCode;
+ }
+
+ @Override
+ public String toString() {
+ return "clientId:" + clientId + "," + "userId:" + userId + "," + "userName:" + user
+ + "," + "domain:" + domain + "," + "roles:" + roles;
+ }
+ }
+}
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/ClientManager.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/ClientManager.java
new file mode 100644
index 00000000..e7e51424
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/ClientManager.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa;
+
+import java.util.Dictionary;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import org.apache.felix.dm.Component;
+import org.opendaylight.aaa.api.AuthenticationException;
+import org.opendaylight.aaa.api.ClientService;
+import org.osgi.service.cm.ConfigurationException;
+import org.osgi.service.cm.ManagedService;
+
+/**
+ * A configuration-based client manager.
+ *
+ * @author liemmn
+ *
+ */
+public class ClientManager implements ClientService, ManagedService {
+ static final String CLIENTS = "authorizedClients";
+ private static final String CLIENTS_FORMAT_ERR = "Clients are space-delimited in the form of <client_id>:<client_secret>";
+ private static final String UNAUTHORIZED_CLIENT_ERR = "Unauthorized client";
+
+ // Defaults (needed only for non-Karaf deployments)
+ static final Dictionary<String, String> defaults = new Hashtable<>();
+ static {
+ defaults.put(CLIENTS, "dlux:secrete");
+ }
+
+ private final Map<String, String> clients = new ConcurrentHashMap<>();
+
+ // This should be a singleton
+ ClientManager() {
+ }
+
+ // Called by DM when all required dependencies are satisfied.
+ void init(Component c) throws ConfigurationException {
+ reconfig(defaults);
+ }
+
+ @Override
+ public void validate(String clientId, String clientSecret) throws AuthenticationException {
+ // TODO: Post-Helium, we will support a CRUD API
+ if (!clients.containsKey(clientId)) {
+ throw new AuthenticationException(UNAUTHORIZED_CLIENT_ERR);
+ }
+ if (!clients.get(clientId).equals(clientSecret)) {
+ throw new AuthenticationException(UNAUTHORIZED_CLIENT_ERR);
+ }
+ }
+
+ @Override
+ public void updated(Dictionary<String, ?> props) throws ConfigurationException {
+ if (props == null) {
+ props = defaults;
+ }
+ reconfig(props);
+ }
+
+ // Reconfigure the client map...
+ private void reconfig(@SuppressWarnings("rawtypes") Dictionary props)
+ throws ConfigurationException {
+ try {
+ String authorizedClients = (String) props.get(CLIENTS);
+ Map<String, String> newClients = new HashMap<>();
+ if (authorizedClients != null) {
+ for (String client : authorizedClients.split(" ")) {
+ String[] aClient = client.split(":");
+ newClients.put(aClient[0], aClient[1]);
+ }
+ }
+ clients.clear();
+ clients.putAll(newClients);
+ } catch (Throwable t) {
+ throw new ConfigurationException(null, CLIENTS_FORMAT_ERR);
+ }
+ }
+
+}
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/EqualUtil.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/EqualUtil.java
new file mode 100644
index 00000000..17204d0e
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/EqualUtil.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa;
+
+/**
+ * Simple class to aide in implementing equals.
+ * <p>
+ *
+ * <em>Arrays are not handled by this class</em>. This is because the
+ * <code>Arrays.equals</code> methods should be used for array fields.
+ */
+public final class EqualUtil {
+ static public boolean areEqual(boolean aThis, boolean aThat) {
+ return aThis == aThat;
+ }
+
+ static public boolean areEqual(char aThis, char aThat) {
+ return aThis == aThat;
+ }
+
+ static public boolean areEqual(long aThis, long aThat) {
+ return aThis == aThat;
+ }
+
+ static public boolean areEqual(float aThis, float aThat) {
+ return Float.floatToIntBits(aThis) == Float.floatToIntBits(aThat);
+ }
+
+ static public boolean areEqual(double aThis, double aThat) {
+ return Double.doubleToLongBits(aThis) == Double.doubleToLongBits(aThat);
+ }
+
+ static public boolean areEqual(Object aThis, Object aThat) {
+ return aThis == null ? aThat == null : aThis.equals(aThat);
+ }
+}
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/HashCodeUtil.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/HashCodeUtil.java
new file mode 100644
index 00000000..c295b3ed
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/HashCodeUtil.java
@@ -0,0 +1,104 @@
+/*****************************************************************************
+ * Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ *****************************************************************************/
+
+package org.opendaylight.aaa;
+
+import java.lang.reflect.Array;
+
+/**
+ * Collected methods which allow easy implementation of <tt>hashCode</tt>.
+ *
+ * Example use case:
+ *
+ * <pre>
+ * public int hashCode() {
+ * int result = HashCodeUtil.SEED;
+ * // collect the contributions of various fields
+ * result = HashCodeUtil.hash(result, fPrimitive);
+ * result = HashCodeUtil.hash(result, fObject);
+ * result = HashCodeUtil.hash(result, fArray);
+ * return result;
+ * }
+ * </pre>
+ */
+public final class HashCodeUtil {
+
+ /**
+ * An initial value for a <tt>hashCode</tt>, to which is added contributions
+ * from fields. Using a non-zero value decreases collisions of
+ * <tt>hashCode</tt> values.
+ */
+ public static final int SEED = 23;
+
+ /** booleans. */
+ public static int hash(int aSeed, boolean aBoolean) {
+ return firstTerm(aSeed) + (aBoolean ? 1 : 0);
+ }
+
+ /*** chars. */
+ public static int hash(int aSeed, char aChar) {
+ return firstTerm(aSeed) + aChar;
+ }
+
+ /** ints. */
+ public static int hash(int aSeed, int aInt) {
+ return firstTerm(aSeed) + aInt;
+ }
+
+ /** longs. */
+ public static int hash(int aSeed, long aLong) {
+ return firstTerm(aSeed) + (int) (aLong ^ (aLong >>> 32));
+ }
+
+ /** floats. */
+ public static int hash(int aSeed, float aFloat) {
+ return hash(aSeed, Float.floatToIntBits(aFloat));
+ }
+
+ /** doubles. */
+ public static int hash(int aSeed, double aDouble) {
+ return hash(aSeed, Double.doubleToLongBits(aDouble));
+ }
+
+ /**
+ * <tt>aObject</tt> is a possibly-null object field, and possibly an array.
+ *
+ * If <tt>aObject</tt> is an array, then each element may be a primitive or
+ * a possibly-null object.
+ */
+ public static int hash(int aSeed, Object aObject) {
+ int result = aSeed;
+ if (aObject == null) {
+ result = hash(result, 0);
+ } else if (!isArray(aObject)) {
+ result = hash(result, aObject.hashCode());
+ } else {
+ int length = Array.getLength(aObject);
+ for (int idx = 0; idx < length; ++idx) {
+ Object item = Array.get(aObject, idx);
+ // if an item in the array references the array itself, prevent
+ // infinite looping
+ if (!(item == aObject)) {
+ result = hash(result, item);
+ }
+ }
+ }
+ return result;
+ }
+
+ // PRIVATE
+ private static final int fODD_PRIME_NUMBER = 37;
+
+ private static int firstTerm(int aSeed) {
+ return fODD_PRIME_NUMBER * aSeed;
+ }
+
+ private static boolean isArray(Object aObject) {
+ return aObject.getClass().isArray();
+ }
+} \ No newline at end of file
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/PasswordCredentialBuilder.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/PasswordCredentialBuilder.java
new file mode 100644
index 00000000..d8a2e87a
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/PasswordCredentialBuilder.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.aaa;
+
+import static org.opendaylight.aaa.EqualUtil.areEqual;
+import static org.opendaylight.aaa.HashCodeUtil.hash;
+
+import org.opendaylight.aaa.api.PasswordCredentials;
+
+/**
+ * {@link PasswordCredentials} builder.
+ *
+ * @author liemmn
+ *
+ */
+public class PasswordCredentialBuilder {
+ private final MutablePasswordCredentials pc = new MutablePasswordCredentials();
+
+ public PasswordCredentialBuilder setUserName(String username) {
+ pc.username = username;
+ return this;
+ }
+
+ public PasswordCredentialBuilder setPassword(String password) {
+ pc.password = password;
+ return this;
+ }
+
+ public PasswordCredentialBuilder setDomain(String domain) {
+ pc.domain = domain;
+ return this;
+ }
+
+ public PasswordCredentials build() {
+ return pc;
+ }
+
+ private static class MutablePasswordCredentials implements PasswordCredentials {
+ private int hashCode = 0;
+ private String username;
+ private String password;
+ private String domain;
+
+ @Override
+ public String username() {
+ return username;
+ }
+
+ @Override
+ public String password() {
+ return password;
+ }
+
+ @Override
+ public String domain() {
+ return domain;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (!(o instanceof PasswordCredentials)) {
+ return false;
+ }
+ PasswordCredentials p = (PasswordCredentials) o;
+ return areEqual(username, p.username()) && areEqual(password, p.password());
+ }
+
+ @Override
+ public int hashCode() {
+ if (hashCode == 0) {
+ int result = HashCodeUtil.SEED;
+ result = hash(result, username);
+ result = hash(result, password);
+ hashCode = result;
+ }
+ return hashCode;
+ }
+ }
+}
diff --git a/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/SecureBlockingQueue.java b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/SecureBlockingQueue.java
new file mode 100644
index 00000000..3ded52da
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/java/org/opendaylight/aaa/SecureBlockingQueue.java
@@ -0,0 +1,258 @@
+/*
+ * Copyright (c) 2014 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.aaa;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.TimeUnit;
+import org.opendaylight.aaa.api.Authentication;
+
+/**
+ * A {@link BlockingQueue} decorator with injected security context.
+ *
+ * @author liemmn
+ *
+ * @param <T>
+ * queue element type
+ */
+public class SecureBlockingQueue<T> implements BlockingQueue<T> {
+ private final BlockingQueue<SecureData<T>> queue;
+
+ /**
+ * Constructor.
+ *
+ * @param queue
+ * blocking queue implementation to use
+ */
+ public SecureBlockingQueue(BlockingQueue<SecureData<T>> queue) {
+ this.queue = queue;
+ }
+
+ @Override
+ public T remove() {
+ return setAuth(queue.remove());
+ }
+
+ @Override
+ public T poll() {
+ return setAuth(queue.poll());
+ }
+
+ @Override
+ public T element() {
+ return setAuth(queue.element());
+ }
+
+ @Override
+ public T peek() {
+ return setAuth(queue.peek());
+ }
+
+ @Override
+ public int size() {
+ return queue.size();
+ }
+
+ @Override
+ public boolean isEmpty() {
+ return queue.isEmpty();
+ }
+
+ @Override
+ public Iterator<T> iterator() {
+ return new Iterator<T>() {
+ Iterator<SecureData<T>> it = queue.iterator();
+
+ @Override
+ public boolean hasNext() {
+ return it.hasNext();
+ }
+
+ @Override
+ public T next() {
+ return it.next().data;
+ }
+
+ @Override
+ public void remove() {
+ it.remove();
+ }
+ };
+ }
+
+ @Override
+ public Object[] toArray() {
+ return toData().toArray();
+ }
+
+ @SuppressWarnings("hiding")
+ @Override
+ public <T> T[] toArray(T[] a) {
+ return toData().toArray(a);
+ }
+
+ @Override
+ public boolean containsAll(Collection<?> c) {
+ return toData().containsAll(c);
+ }
+
+ @Override
+ public boolean addAll(Collection<? extends T> c) {
+ return queue.addAll(fromData(c));
+ }
+
+ @Override
+ public boolean removeAll(Collection<?> c) {
+ return queue.removeAll(fromData(c));
+ }
+
+ @Override
+ public boolean retainAll(Collection<?> c) {
+ return queue.retainAll(fromData(c));
+ }
+
+ @Override
+ public void clear() {
+ queue.clear();
+ }
+
+ @Override
+ public boolean add(T e) {
+ return queue.add(new SecureData<>(e));
+ }
+
+ @Override
+ public boolean offer(T e) {
+ return queue.offer(new SecureData<>(e));
+ }
+
+ @Override
+ public void put(T e) throws InterruptedException {
+ queue.put(new SecureData<T>(e));
+ }
+
+ @Override
+ public boolean offer(T e, long timeout, TimeUnit unit) throws InterruptedException {
+ return queue.offer(new SecureData<>(e), timeout, unit);
+ }
+
+ @Override
+ public T take() throws InterruptedException {
+ return setAuth(queue.take());
+ }
+
+ @Override
+ public T poll(long timeout, TimeUnit unit) throws InterruptedException {
+ return setAuth(queue.poll(timeout, unit));
+ }
+
+ @Override
+ public int remainingCapacity() {
+ return queue.remainingCapacity();
+ }
+
+ @Override
+ public boolean remove(Object o) {
+ Iterator<SecureData<T>> it = queue.iterator();
+ while (it.hasNext()) {
+ SecureData<T> sd = it.next();
+ if (sd.data.equals(o)) {
+ return queue.remove(sd);
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean contains(Object o) {
+ Iterator<SecureData<T>> it = queue.iterator();
+ while (it.hasNext()) {
+ SecureData<T> sd = it.next();
+ if (sd.data.equals(o)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public int drainTo(Collection<? super T> c) {
+ Collection<SecureData<T>> sd = new ArrayList<>();
+ int n = queue.drainTo(sd);
+ c.addAll(toData(sd));
+ return n;
+ }
+
+ @Override
+ public int drainTo(Collection<? super T> c, int maxElements) {
+ Collection<SecureData<T>> sd = new ArrayList<>();
+ int n = queue.drainTo(sd, maxElements);
+ c.addAll(toData(sd));
+ return n;
+ }
+
+ // Rehydrate security context
+ private T setAuth(SecureData<T> i) {
+ AuthenticationManager.instance().set(i.auth);
+ return i.data;
+ }
+
+ // Construct secure data collection from a plain old data collection
+ @SuppressWarnings("unchecked")
+ private Collection<SecureData<T>> fromData(Collection<?> c) {
+ Collection<SecureData<T>> sd = new ArrayList<>(c.size());
+ for (Object d : c) {
+ sd.add((SecureData<T>) new SecureData<>(d));
+ }
+ return sd;
+ }
+
+ // Extract the data portion out from the secure data
+ @SuppressWarnings("unchecked")
+ private Collection<T> toData() {
+ return toData(Arrays.<SecureData<T>> asList(queue.toArray(new SecureData[0])));
+ }
+
+ // Extract the data portion out from the secure data
+ private Collection<T> toData(Collection<SecureData<T>> secureData) {
+ Collection<T> data = new ArrayList<>(secureData.size());
+ Iterator<SecureData<T>> it = secureData.iterator();
+ while (it.hasNext()) {
+ data.add(it.next().data);
+ }
+ return data;
+ }
+
+ // Inject security context
+ public static final class SecureData<T> {
+ private final T data;
+ private final Authentication auth;
+
+ private SecureData(T data) {
+ this.data = data;
+ this.auth = AuthenticationManager.instance().get();
+ }
+
+ @SuppressWarnings("rawtypes")
+ @Override
+ public boolean equals(Object o) {
+ if (o == null) {
+ return false;
+ }
+ return (o instanceof SecureData) ? data.equals(((SecureData) o).data) : false;
+ }
+
+ @Override
+ public int hashCode() {
+ return data.hashCode();
+ }
+ }
+}
diff --git a/odl-aaa-moon/aaa-authn/src/main/resources/OSGI-INF/metatype/metatype.properties b/odl-aaa-moon/aaa-authn/src/main/resources/OSGI-INF/metatype/metatype.properties
new file mode 100644
index 00000000..75537f6b
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/resources/OSGI-INF/metatype/metatype.properties
@@ -0,0 +1,12 @@
+org.opendaylight.aaa.authn.name = Opendaylight AAA Authentication Configuration
+org.opendaylight.aaa.authn.description = Configuration for AAA authorized clients
+org.opendaylight.aaa.authn.authorizedClients.name = Authorized Clients
+org.opendaylight.aaa.authn.authorizedClients.description = Space-delimited list of authorized \
+ clients, with client id and client password separated by a ':'. \
+ Example: dlux:secrete <client_id:client_secret>
+org.opendaylight.aaa.authn.authEnabled.name = Enable authentication
+org.opendaylight.aaa.authn.authEnabled.description = Enable authentication by setting it \
+to the value 'true', or 'false' if bypassing authentication. \
+Note that bypassing authentication may result in your controller being more \
+vulnerable to unauthorized accesses. Authorization, if enabled, will not work if \
+authentication is disabled. \ No newline at end of file
diff --git a/odl-aaa-moon/aaa-authn/src/main/resources/OSGI-INF/metatype/metatype.xml b/odl-aaa-moon/aaa-authn/src/main/resources/OSGI-INF/metatype/metatype.xml
new file mode 100644
index 00000000..10150587
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/resources/OSGI-INF/metatype/metatype.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<metatype:MetaData xmlns:metatype="http://www.osgi.org/xmlns/metatype/v1.0.0"
+ localization="OSGI-INF/metatype/metatype">
+ <OCD id="org.opendaylight.aaa.authn" name="%org.opendaylight.aaa.authn.name"
+ description="%org.opendaylight.aaa.authn.description">
+ <AD id="authorizedClients" type="String" default="dlux:secrete"
+ name="%org.opendaylight.aaa.authn.authorizedClients.name"
+ description="%org.opendaylight.aaa.authn.authorizedClients.description" />
+ <AD id="authEnabled" type="String" default="true"
+ name="%org.opendaylight.aaa.authn.authEnabled.name"
+ description="%org.opendaylight.aaa.authn.authEnabled.description" />
+ </OCD>
+ <Designate pid="org.opendaylight.aaa.authn">
+ <Object ocdref="org.opendaylight.aaa.authn" />
+ </Designate>
+</metatype:MetaData> \ No newline at end of file
diff --git a/odl-aaa-moon/aaa-authn/src/main/resources/authn.cfg b/odl-aaa-moon/aaa-authn/src/main/resources/authn.cfg
new file mode 100644
index 00000000..e7326f86
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn/src/main/resources/authn.cfg
@@ -0,0 +1,2 @@
+authorizedClients=dlux:secrete
+authEnabled=true \ No newline at end of file