WIP convert CommunityRestConf to JaxRsEndpoint

This change also required us to convert LightyServerBuilder to use JettyWebServer since it
is used in CommunityRestConf to initialize JaxRsEndpoint.

Signed-off-by: tobias.pobocik <[email protected]>

Author: Tobianas

lighty-applications/lighty-rnc-app-aggregator/lighty-rnc-module/src/main/java/io/lighty/applications/rnc/module/RncLightyModule.java

@@ -29,7 +29,7 @@
 import io.lighty.openapi.OpenApiLighty;
 import io.lighty.server.Http2LightyServerBuilder;
 import io.lighty.server.HttpsLightyServerBuilder;
-import io.lighty.server.LightyServerBuilder;
+import io.lighty.server.LightyJettyServerProvider;
 import io.lighty.server.config.LightyServerConfig;
 import java.net.InetSocketAddress;
 import java.security.Security;
@@ -52,7 +52,7 @@ public class RncLightyModule {
     private CommunityRestConf lightyRestconf;
     private NetconfSBPlugin lightyNetconf;
     private AAALighty aaaLighty;
-    private LightyServerBuilder jettyServerBuilder;
+    private LightyJettyServerProvider jettyServerBuilder;
     private OpenApiLighty openApi;
 
     public RncLightyModule(final RncLightyModuleConfiguration rncModuleConfig) {
@@ -127,7 +127,7 @@ private CommunityRestConf initRestconf(final RestConfConfiguration rcConfig, fin
         } else if (serverConfig.isUseHttps()) {
             jettyServerBuilder = new HttpsLightyServerBuilder(inetSocketAddress, serverConfig.getSecurityConfig());
         } else {
-            jettyServerBuilder = new LightyServerBuilder(inetSocketAddress);
+            jettyServerBuilder = new LightyJettyServerProvider(inetSocketAddress);
         }
 
         return CommunityRestConfBuilder.from(restConfConfiguration)
@@ -143,7 +143,7 @@ private AAALighty initAAA(final AAAConfiguration config, final LightyServices se
     }
 
     private OpenApiLighty initOpenApiLighty(final RestConfConfiguration config,
-            final LightyServerBuilder serverBuilder, final LightyServices services) {
+            final LightyJettyServerProvider serverBuilder, final LightyServices services) {
         return new OpenApiLighty(config, serverBuilder, services);
     }
 

lighty-examples/lighty-community-aaa-restconf-app/src/main/java/io/lighty/kit/examples/community/aaa/restconf/Main.java

@@ -24,7 +24,7 @@
 import io.lighty.modules.northbound.restconf.community.impl.CommunityRestConfBuilder;
 import io.lighty.modules.northbound.restconf.community.impl.config.RestConfConfiguration;
 import io.lighty.modules.northbound.restconf.community.impl.util.RestConfConfigUtils;
-import io.lighty.server.LightyServerBuilder;
+import io.lighty.server.LightyJettyServerProvider;
 import java.net.InetSocketAddress;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -108,18 +108,8 @@ private void startLighty(final ControllerConfiguration controllerConfiguration,
         }
 
         // 2. Initialize and start Restconf server
-        final LightyServerBuilder jettyServerBuilder = new LightyServerBuilder(new InetSocketAddress(
+        final LightyJettyServerProvider jettyServerBuilder = new LightyJettyServerProvider(new InetSocketAddress(
                 restconfConfiguration.getInetAddress(), restconfConfiguration.getHttpPort()));
-        this.restconf = CommunityRestConfBuilder
-                .from(RestConfConfigUtils.getRestConfConfiguration(restconfConfiguration,
-                    this.lightyController.getServices()))
-                .withLightyServer(jettyServerBuilder)
-                .build();
-        final boolean restconfStartOk = this.restconf.start()
-                .get(modulesConfig.getModuleTimeoutSeconds(), TimeUnit.SECONDS);
-        if (!restconfStartOk) {
-            throw new ModuleStartupException("Community Restconf startup failed!");
-        }
 
         // 3. Initialize and start Lighty AAA
         final DataBroker bindingDataBroker = this.lightyController.getServices().getBindingDataBroker();
@@ -134,6 +124,18 @@ private void startLighty(final ControllerConfiguration controllerConfiguration,
             throw new ModuleStartupException("AAA module startup failed!");
         }
 
+        this.restconf = CommunityRestConfBuilder
+            .from(RestConfConfigUtils.getRestConfConfiguration(restconfConfiguration,
+                this.lightyController.getServices()))
+            .withLightyServer(jettyServerBuilder)
+            .withWebSecurer(aaaLighty.getWebContextSecurer())
+            .build();
+        final boolean restconfStartOk = this.restconf.start()
+            .get(modulesConfig.getModuleTimeoutSeconds(), TimeUnit.SECONDS);
+        if (!restconfStartOk) {
+            throw new ModuleStartupException("Community Restconf startup failed!");
+        }
+
         // 4. Start Lighty jetty server
         this.restconf.startServer();
     }

lighty-examples/lighty-community-restconf-actions-app/src/main/java/io/lighty/examples/controllers/actions/Main.java

@@ -29,7 +29,7 @@
 import io.lighty.modules.southbound.netconf.impl.config.NetconfConfiguration;
 import io.lighty.modules.southbound.netconf.impl.util.NetconfConfigUtils;
 import io.lighty.openapi.OpenApiLighty;
-import io.lighty.server.LightyServerBuilder;
+import io.lighty.server.LightyJettyServerProvider;
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.nio.file.Files;
@@ -150,7 +150,7 @@ private void startLighty(final ControllerConfiguration controllerConfiguration,
         }
 
         //2. build RestConf server
-        LightyServerBuilder jettyServerBuilder = new LightyServerBuilder(new InetSocketAddress(
+        LightyJettyServerProvider jettyServerBuilder = new LightyJettyServerProvider(new InetSocketAddress(
                 restconfConfiguration.getInetAddress(), restconfConfiguration.getHttpPort()));
         this.restconf = CommunityRestConfBuilder
                 .from(RestConfConfigUtils.getRestConfConfiguration(restconfConfiguration,

lighty-examples/lighty-community-restconf-netconf-app/src/main/java/io/lighty/examples/controllers/restconfapp/Main.java

@@ -27,7 +27,7 @@
 import io.lighty.modules.southbound.netconf.impl.config.NetconfConfiguration;
 import io.lighty.modules.southbound.netconf.impl.util.NetconfConfigUtils;
 import io.lighty.openapi.OpenApiLighty;
-import io.lighty.server.LightyServerBuilder;
+import io.lighty.server.LightyJettyServerProvider;
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.nio.file.Files;
@@ -143,7 +143,7 @@ private void startLighty(final ControllerConfiguration controllerConfiguration,
         }
 
         //2. build RestConf server
-        LightyServerBuilder jettyServerBuilder = new LightyServerBuilder(new InetSocketAddress(
+        LightyJettyServerProvider jettyServerBuilder = new LightyJettyServerProvider(new InetSocketAddress(
                 restconfConfiguration.getInetAddress(), restconfConfiguration.getHttpPort()));
         this.restconf = CommunityRestConfBuilder
                 .from(RestConfConfigUtils.getRestConfConfiguration(restconfConfiguration,

lighty-modules/lighty-aaa-aggregator/lighty-aaa/src/main/java/io/lighty/aaa/AAALighty.java

@@ -9,24 +9,26 @@
 
 import io.lighty.aaa.config.AAAConfiguration;
 import io.lighty.core.controller.api.AbstractLightyModule;
-import io.lighty.server.LightyServerBuilder;
+import io.lighty.server.LightyJettyServerProvider;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CountDownLatch;
 import org.opendaylight.aaa.api.CredentialAuth;
 import org.opendaylight.aaa.api.PasswordCredentials;
+import org.opendaylight.aaa.web.WebContextSecurer;
 import org.opendaylight.mdsal.binding.api.DataBroker;
 
 public final class AAALighty extends AbstractLightyModule {
 
     private final AAAShiroProviderHandler aaaShiroProviderHandler;
-    private final LightyServerBuilder server;
+    private final LightyJettyServerProvider server;
     private final CredentialAuth<PasswordCredentials> credentialAuth;
     private final DataBroker dataBroker;
+    private WebContextSecurer webContextSecurer;
 
     private final AAAConfiguration aaaConfiguration;
 
     public AAALighty(final DataBroker dataBroker, final CredentialAuth<PasswordCredentials> credentialAuth,
-            final LightyServerBuilder server, final AAAConfiguration config) {
+            final LightyJettyServerProvider server, final AAAConfiguration config) {
         this.dataBroker = dataBroker;
         this.aaaConfiguration = config;
         this.credentialAuth = credentialAuth;
@@ -41,6 +43,7 @@ protected boolean initProcedure() throws InterruptedException {
         final CountDownLatch cdl = new CountDownLatch(1);
         newInstance.whenComplete((t, u) -> {
             AAALighty.this.aaaShiroProviderHandler.setAaaLightyShiroProvider(t);
+            this.webContextSecurer = aaaShiroProviderHandler.getAaaLightyShiroProvider().getWebContextSecurer();
             cdl.countDown();
         });
 
@@ -70,4 +73,8 @@ AAALightyShiroProvider getAaaLightyShiroProvider() {
             return this.aaaLightyShiroProvider;
         }
     }
+
+    public WebContextSecurer getWebContextSecurer() {
+        return webContextSecurer;
+    }
 }

lighty-modules/lighty-aaa-aggregator/lighty-aaa/src/main/java/io/lighty/aaa/AAALightyShiroProvider.java

@@ -8,21 +8,16 @@
 package io.lighty.aaa;
 
 import io.lighty.aaa.config.AAAConfiguration;
-import io.lighty.server.LightyServerBuilder;
+import io.lighty.server.LightyJettyServerProvider;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
+import javax.servlet.ServletException;
 import org.eclipse.jetty.server.Handler;
-import org.eclipse.jetty.server.handler.ContextHandlerCollection;
-import org.eclipse.jetty.servlet.FilterHolder;
-import org.eclipse.jetty.servlet.ServletContextHandler;
-import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.servlets.CrossOriginFilter;
 import org.glassfish.jersey.internal.guava.Preconditions;
-import org.glassfish.jersey.server.ResourceConfig;
-import org.glassfish.jersey.servlet.ServletContainer;
 import org.opendaylight.aaa.api.AuthenticationService;
 import org.opendaylight.aaa.api.ClaimCache;
 import org.opendaylight.aaa.api.CredentialAuth;
@@ -44,15 +39,20 @@
 import org.opendaylight.aaa.shiro.idm.IdmLightProxy;
 import org.opendaylight.aaa.shiro.moon.MoonTokenEndpoint;
 import org.opendaylight.aaa.shiro.web.env.AAAWebEnvironment;
+import org.opendaylight.aaa.shiro.web.env.ShiroWebContextSecurer;
 import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationManager;
 import org.opendaylight.aaa.tokenauthrealm.auth.HttpBasicAuth;
 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
+import org.opendaylight.aaa.web.FilterDetails;
+import org.opendaylight.aaa.web.ServletDetails;
+import org.opendaylight.aaa.web.WebContext;
 import org.opendaylight.aaa.web.servlet.jersey2.JerseyServletSupport;
 import org.opendaylight.mdsal.binding.api.DataBroker;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.DatastoreConfig;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfig;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfigBuilder;
+import org.opendaylight.yangtools.concepts.Registration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -62,7 +62,6 @@ public final class AAALightyShiroProvider {
 
     private static AAALightyShiroProvider INSTANCE;
 
-    private final List<Handler> handlers;
     private final DataBroker dataBroker;
     private final ICertificateManager certificateManager;
     private final ShiroConfiguration shiroConfiguration;
@@ -73,18 +72,19 @@ public final class AAALightyShiroProvider {
     private ClaimCache claimCache;
     private PasswordHashService passwordHashService;
     private IIDMStore iidmStore;
+    private Registration registration;
+    private ShiroWebContextSecurer webContextSecurer;
 
     private AAAWebEnvironment aaaWebEnvironment;
 
     private AAALightyShiroProvider(final DataBroker dataBroker,
                                    final AAAConfiguration aaaConfiguration,
                                    final CredentialAuth<PasswordCredentials> credentialAuth,
-                                   final LightyServerBuilder server) {
+                                   final LightyJettyServerProvider server) {
         this.dataBroker = dataBroker;
         this.certificateManager = aaaConfiguration.getCertificateManager();
         this.credentialAuth = credentialAuth;
         this.shiroConfiguration = aaaConfiguration.getShiroConf();
-        this.handlers = new ArrayList<>();
         this.authenticationService = new AuthenticationManager();
         final DatastoreConfig datastoreConfig = aaaConfiguration.getDatastoreConf();
 
@@ -127,46 +127,71 @@ private AAALightyShiroProvider(final DataBroker dataBroker,
         initAAAonServer(server);
     }
 
-    private void initAAAonServer(final LightyServerBuilder server) {
-        final ContextHandlerCollection contexts = new ContextHandlerCollection();
-        final ServletContextHandler mainHandler = new ServletContextHandler(contexts, "/auth", true, false);
-        final IdmLightApplication idmLightApplication = new IdmLightApplication(iidmStore, claimCache);
-        final ServletHolder idmLightServlet = new ServletHolder(new ServletContainer(ResourceConfig.forApplication(
-                idmLightApplication)));
-        idmLightServlet.setInitParameter("jersey.config.server.provider.packages",
-                "org.opendaylight.aaa.impl.provider");
-        mainHandler.addServlet(idmLightServlet, "/*");
-        server.addContextHandler(contexts);
-        this.handlers.add(contexts);
-        this.handlers.add(mainHandler);
-        this.aaaWebEnvironment = new AAAWebEnvironment(shiroConfiguration,
-                dataBroker,
-                certificateManager,
-                authenticationService,
-                tokenAuthenticators,
-                passwordHashService,
-                new JerseyServletSupport());
-
+    private void initAAAonServer(final LightyJettyServerProvider server) {
         final Map<String, String> properties = new HashMap<>();
         final CustomFilterAdapterConfigurationImpl customFilterAdapterConfig =
-                new CustomFilterAdapterConfigurationImpl();
+            new CustomFilterAdapterConfigurationImpl();
         customFilterAdapterConfig.update(properties);
-        final FilterHolder customFilterAdapter = new FilterHolder(new CustomFilterAdapter(customFilterAdapterConfig));
-        server.addCommonFilter(customFilterAdapter, "/*");
 
-        final FilterHolder shiroFilter = new FilterHolder(new AAAShiroFilter(aaaWebEnvironment));
-        server.addCommonFilter(shiroFilter, "/*");
+        this.aaaWebEnvironment = new AAAWebEnvironment(
+            shiroConfiguration,
+            dataBroker,
+            certificateManager,
+            authenticationService,
+            tokenAuthenticators,
+            passwordHashService,
+            new JerseyServletSupport()
+        );
+
+        final AAAShiroFilter aaaShiroFilter = new AAAShiroFilter(aaaWebEnvironment);
+
+        final var webContextBuilder = WebContext.builder()
+            .name("RealmManagement")
+            .contextPath("/auth")
+            .supportsSessions(true)
+
+            // Add servlet
+            .addServlet(ServletDetails.builder()
+                .servlet(new JerseyServletSupport().createHttpServletBuilder(
+                    new IdmLightApplication(iidmStore, claimCache)).build())
+                .addUrlPattern("/*")
+                .build())
+
+            // CustomFilterAdapter
+            .addFilter(FilterDetails.builder()
+                .filter(new CustomFilterAdapter(customFilterAdapterConfig))
+                .addUrlPattern("/*")
+                .build())
+
+            // Shiro filter
+            .addFilter(FilterDetails.builder()
+                .filter(aaaShiroFilter)
+                .addUrlPattern("/*")
+                .build())
+
+            // CORS filter
+            .addFilter(FilterDetails.builder()
+                .filter(new CrossOriginFilter())
+                .addUrlPattern("/*")
+                .putInitParam("allowedMethods", "GET,POST,OPTIONS,DELETE,PUT,HEAD")
+                .putInitParam("allowedHeaders", "origin, content-type, accept, authorization, Authorization")
+                .build());
 
-        final FilterHolder crossOriginFilter = new FilterHolder(new CrossOriginFilter());
-        crossOriginFilter.setInitParameter("allowedMethods", "GET,POST,OPTIONS,DELETE,PUT,HEAD");
-        crossOriginFilter.setInitParameter("allowedHeaders",
-                "origin, content-type, accept, authorization, Authorization");
-        server.addCommonFilter(crossOriginFilter, "/*");
+        this.webContextSecurer = new ShiroWebContextSecurer(aaaWebEnvironment);
+        this.webContextSecurer.requireAuthentication(webContextBuilder, "/*", "/moon/*");
+
+        aaaShiroFilter.init();
+
+        try {
+            this.registration = server.build().registerWebContext(webContextBuilder.build());
+        } catch (ServletException e) {
+            LOG.error("Failed to register AAA web context: {}!", server.getClass(), e);
+        }
     }
 
     public static CompletableFuture<AAALightyShiroProvider> newInstance(final DataBroker dataBroker,
             final AAAConfiguration aaaConfig, final CredentialAuth<PasswordCredentials> credentialAuth,
-            final LightyServerBuilder server) {
+            final LightyJettyServerProvider server) {
         final CompletableFuture<AAALightyShiroProvider> completableFuture = new CompletableFuture<>();
         INSTANCE = new AAALightyShiroProvider(dataBroker, aaaConfig, credentialAuth, server);
         completableFuture.complete(INSTANCE);
@@ -225,6 +250,10 @@ public static IIDMStore getIdmStore() {
         return INSTANCE.iidmStore;
     }
 
+    public ShiroWebContextSecurer getWebContextSecurer() {
+        return webContextSecurer;
+    }
+
     /**
      * Set IDM data store, only used for test.
      *
@@ -236,15 +265,7 @@ public static void setIdmStore(final IIDMStore store) {
 
     @SuppressWarnings("IllegalCatch")
     public void close() {
-        this.handlers.forEach((handler) -> {
-            try {
-                handler.stop();
-            } catch (Exception e) {
-                LOG.error("Failed to close AAA handler [{}]", handler, e);
-            } finally {
-                handler.destroy();
-            }
-        });
+        registration.close();
     }
 
     private static TokenAuthenticators buildTokenAuthenticators(