From 0c6384672253e0b4b5c6c29811c2cfcac8c8d39c Mon Sep 17 00:00:00 2001
From: Robert Varga <robert.varga@pantheon.tech>
Date: Fri, 29 Dec 2023 08:58:20 +0100
Subject: [PATCH] Use simple DataListener

Reuse the utility provided from mdsal-binding-api rather than rolling
our own -- making things a lot simpler.

Change-Id: I04a7deb174a362d89957211c63bd660af551ee40
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
---
 .../OSGiEncryptionServiceConfigurator.java    | 28 +++------
 ...OSGiEncryptionServiceConfiguratorTest.java | 24 +++-----
 .../OSGiPasswordServiceConfigBootstrap.java   | 29 +++------
 .../MDSALDynamicAuthorizationFilter.java      | 23 +++----
 .../aaa/shiro/realm/MdsalRealm.java           | 60 +++++++------------
 .../MDSALDynamicAuthorizationFilterTest.java  |  8 +--
 6 files changed, 56 insertions(+), 116 deletions(-)

diff --git a/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfigurator.java b/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfigurator.java
index 8110baa47..139d9ff68 100644
--- a/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfigurator.java
+++ b/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfigurator.java
@@ -10,13 +10,11 @@
 import static java.util.Objects.requireNonNull;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Iterables;
 import com.google.common.util.concurrent.FutureCallback;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.MoreExecutors;
 import java.security.SecureRandom;
 import java.util.Base64;
-import java.util.Collection;
 import java.util.Objects;
 import java.util.concurrent.ExecutionException;
 import org.apache.commons.lang3.RandomStringUtils;
@@ -24,10 +22,9 @@
 import org.checkerframework.checker.lock.qual.Holding;
 import org.eclipse.jdt.annotation.NonNull;
 import org.eclipse.jdt.annotation.Nullable;
-import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
 import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.DataListener;
 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
 import org.opendaylight.mdsal.common.api.CommitInfo;
 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
 import org.opendaylight.odlparent.logging.markers.Markers;
@@ -52,12 +49,11 @@
  * <p>
  * We primarily listen to the configuration being present. Whenever the salt is missing or the password does not match
  * the required length, we generate them and persist them. This mode of operation means we potentially have a loop, i.e.
- * our touching the datastore will trigger again {@link #onDataTreeChanged(Collection)}, which will re-evaluate the
- * conditions and we try again.
+ * our touching the datastore will trigger again {@link #dataChangedTo(AaaEncryptServiceConfig)}, which will re-evaluate
+ * the conditions and we try again.
  */
 @Component(service = { })
-public final class OSGiEncryptionServiceConfigurator
-        implements ClusteredDataTreeChangeListener<AaaEncryptServiceConfig> {
+public final class OSGiEncryptionServiceConfigurator implements DataListener<AaaEncryptServiceConfig> {
     private static final Logger LOG = LoggerFactory.getLogger(OSGiEncryptionServiceConfigurator.class);
     private static final SecureRandom RANDOM = new SecureRandom();
     private static final @NonNull AaaEncryptServiceConfig DEFAULT_CONFIG = new AaaEncryptServiceConfigBuilder()
@@ -86,7 +82,7 @@ public OSGiEncryptionServiceConfigurator(@Reference final DataBroker dataBroker,
             final ComponentFactory<AAAEncryptionServiceImpl> factory) {
         this.dataBroker = requireNonNull(dataBroker);
         this.factory = requireNonNull(factory);
-        reg = dataBroker.registerDataTreeChangeListener(
+        reg = dataBroker.registerDataListener(
             DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION,
                 InstanceIdentifier.create(AaaEncryptServiceConfig.class)),
             this);
@@ -102,23 +98,17 @@ public synchronized void deactivate() {
     }
 
     @Override
-    public void onDataTreeChanged(final Collection<DataTreeModification<AaaEncryptServiceConfig>> changes) {
+    public void dataChangedTo(final AaaEncryptServiceConfig data) {
         // Acquire the last reported configuration and check if it needs to have salt/password generated.
-        final var dsConfig = Iterables.getLast(changes).getRootNode().getDataAfter();
-        if (dsConfig == null || needKey(dsConfig) || needSalt(dsConfig)) {
+        if (data == null || needKey(data) || needSalt(data)) {
             // Generate salt/key as needed and persist it -- causing us to be re-invoked later.
-            updateDatastore(dsConfig);
+            updateDatastore(data);
         } else {
             // Configuration is self-consistent, proceed to activate an instance based on it
-            updateInstance(dsConfig);
+            updateInstance(data);
         }
     }
 
-    @Override
-    public void onInitialData() {
-        updateDatastore(null);
-    }
-
     @VisibleForTesting
     static @NonNull AaaEncryptServiceConfig generateConfig(final @Nullable AaaEncryptServiceConfig datastoreConfig) {
         // Select template and decide which parts need to be updated
diff --git a/aaa-encrypt-service/impl/src/test/java/org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfiguratorTest.java b/aaa-encrypt-service/impl/src/test/java/org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfiguratorTest.java
index e7a375ebe..0b9bdadb2 100644
--- a/aaa-encrypt-service/impl/src/test/java/org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfiguratorTest.java
+++ b/aaa-encrypt-service/impl/src/test/java/org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfiguratorTest.java
@@ -19,7 +19,6 @@
 
 import java.util.Base64;
 import java.util.Dictionary;
-import java.util.List;
 import java.util.Optional;
 import org.eclipse.jdt.annotation.NonNull;
 import org.junit.Before;
@@ -30,16 +29,14 @@
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.opendaylight.mdsal.binding.api.DataBroker;
-import org.opendaylight.mdsal.binding.api.DataObjectModification;
-import org.opendaylight.mdsal.binding.api.DataTreeChangeListener;
+import org.opendaylight.mdsal.binding.api.DataListener;
 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
 import org.opendaylight.mdsal.binding.api.ReadWriteTransaction;
 import org.opendaylight.mdsal.common.api.CommitInfo;
 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
 import org.opendaylight.yang.gen.v1.config.aaa.authn.encrypt.service.config.rev160915.AaaEncryptServiceConfig;
 import org.opendaylight.yang.gen.v1.config.aaa.authn.encrypt.service.config.rev160915.EncryptServiceConfig;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
+import org.opendaylight.yangtools.concepts.Registration;
 import org.opendaylight.yangtools.util.concurrent.FluentFutures;
 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
 import org.osgi.service.component.ComponentFactory;
@@ -57,17 +54,13 @@ public class OSGiEncryptionServiceConfiguratorTest {
     @Mock
     private ComponentInstance<AAAEncryptionServiceImpl> instance;
     @Mock
-    private ListenerRegistration<?> registration;
+    private Registration registration;
     @Mock
     private ReadWriteTransaction transaction;
-    @Mock
-    private DataTreeModification<AaaEncryptServiceConfig> treeModification;
-    @Mock
-    private DataObjectModification<AaaEncryptServiceConfig> objectModification;
     @Captor
     private ArgumentCaptor<DataTreeIdentifier<AaaEncryptServiceConfig>> treeIdCaptor;
     @Captor
-    private ArgumentCaptor<DataTreeChangeListener<AaaEncryptServiceConfig>> listenerCaptor;
+    private ArgumentCaptor<DataListener<AaaEncryptServiceConfig>> listenerCaptor;
     @Captor
     private ArgumentCaptor<AaaEncryptServiceConfig> configCaptor;
     @Captor
@@ -77,8 +70,7 @@ public class OSGiEncryptionServiceConfiguratorTest {
 
     @Before
     public void before() {
-        doReturn(registration).when(dataBroker).registerDataTreeChangeListener(treeIdCaptor.capture(),
-            listenerCaptor.capture());
+        doReturn(registration).when(dataBroker).registerDataListener(treeIdCaptor.capture(), listenerCaptor.capture());
 
         configurator = new OSGiEncryptionServiceConfigurator(dataBroker, factory);
 
@@ -101,7 +93,7 @@ public void testEmptyDatastore() {
         doNothing().when(transaction).put(eq(LogicalDatastoreType.CONFIGURATION), eq(IID), configCaptor.capture());
         doReturn(CommitInfo.emptyFluentFuture()).when(transaction).commit();
 
-        configurator.onInitialData();
+        configurator.dataChangedTo(null);
 
         final var config = configCaptor.getValue();
         assertEquals("AES/CBC/PKCS5Padding", config.getCipherTransforms());
@@ -119,11 +111,9 @@ public void testEmptyDatastore() {
         assertEquals(12, key.length());
 
         // Now we circle around are report that config. We expect the factory to be called
-        doReturn(config).when(objectModification).getDataAfter();
-        doReturn(objectModification).when(treeModification).getRootNode();
         doReturn(instance).when(factory).newInstance(propertiesCaptor.capture());
 
-        configurator.onDataTreeChanged(List.of(treeModification));
+        configurator.dataChangedTo(config);
 
         final var props = propertiesCaptor.getValue();
         assertNotNull(props);
diff --git a/aaa-password-service/impl/src/main/java/org/opendaylight/aaa/impl/password/service/OSGiPasswordServiceConfigBootstrap.java b/aaa-password-service/impl/src/main/java/org/opendaylight/aaa/impl/password/service/OSGiPasswordServiceConfigBootstrap.java
index 3c6183765..6f8dae183 100644
--- a/aaa-password-service/impl/src/main/java/org/opendaylight/aaa/impl/password/service/OSGiPasswordServiceConfigBootstrap.java
+++ b/aaa-password-service/impl/src/main/java/org/opendaylight/aaa/impl/password/service/OSGiPasswordServiceConfigBootstrap.java
@@ -10,17 +10,13 @@
 import static java.util.Objects.requireNonNull;
 
 import com.google.common.annotations.Beta;
-import com.google.common.collect.Iterables;
-import java.util.Collection;
-import org.checkerframework.checker.lock.qual.Holding;
-import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
 import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.DataListener;
 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfig;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfigBuilder;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
+import org.opendaylight.yangtools.concepts.Registration;
 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
 import org.osgi.service.component.ComponentFactory;
 import org.osgi.service.component.ComponentInstance;
@@ -33,12 +29,11 @@
 
 @Beta
 @Component(service = { })
-public final class OSGiPasswordServiceConfigBootstrap
-        implements ClusteredDataTreeChangeListener<PasswordServiceConfig> {
+public final class OSGiPasswordServiceConfigBootstrap implements DataListener<PasswordServiceConfig> {
     private static final Logger LOG = LoggerFactory.getLogger(OSGiPasswordServiceConfigBootstrap.class);
 
     private final ComponentFactory<OSGiPasswordServiceConfig> configFactory;
-    private ListenerRegistration<?> registration;
+    private Registration registration;
     private ComponentInstance<?> instance;
 
     @Activate
@@ -46,7 +41,7 @@ public OSGiPasswordServiceConfigBootstrap(@Reference final DataBroker dataBroker
             @Reference(target = "(component.factory=" + OSGiPasswordServiceConfig.FACTORY_NAME + ")")
             final ComponentFactory<OSGiPasswordServiceConfig> configFactory) {
         this.configFactory  = requireNonNull(configFactory);
-        registration = dataBroker.registerDataTreeChangeListener(
+        registration = dataBroker.registerDataListener(
             DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION,
                 InstanceIdentifier.create(PasswordServiceConfig.class)), this);
         LOG.info("Listening for password service configuration");
@@ -64,21 +59,11 @@ synchronized void deactivate() {
     }
 
     @Override
-    public synchronized void onInitialData() {
-        updateInstance(null);
-    }
-
-    @Override
-    public synchronized void onDataTreeChanged(final Collection<DataTreeModification<PasswordServiceConfig>> changes) {
+    public synchronized void dataChangedTo(final PasswordServiceConfig data) {
         // FIXME: at this point we need to populate default values -- from the XML file
-        updateInstance(Iterables.getLast(changes).getRootNode().getDataAfter());
-    }
-
-    @Holding("this")
-    private void updateInstance(final PasswordServiceConfig config) {
         if (registration != null) {
             final var newInstance = configFactory.newInstance(
-                OSGiPasswordServiceConfig.props(config != null ? config : new PasswordServiceConfigBuilder().build()));
+                OSGiPasswordServiceConfig.props(data != null ? data : new PasswordServiceConfigBuilder().build()));
             if (instance != null) {
                 instance.dispose();
             }
diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java
index 21b743773..282fef53a 100644
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java
@@ -10,11 +10,9 @@
 import static com.google.common.base.Verify.verifyNotNull;
 import static java.util.Objects.requireNonNull;
 
-import com.google.common.collect.Iterables;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Optional;
@@ -25,16 +23,14 @@
 import javax.servlet.http.HttpServletRequest;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.filter.authz.AuthorizationFilter;
-import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
 import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.DataListener;
 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
 import org.opendaylight.mdsal.binding.api.ReadTransaction;
 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.permission.Permissions;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
 import org.opendaylight.yangtools.concepts.Registration;
 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
 import org.slf4j.Logger;
@@ -49,9 +45,7 @@
  * <p>This mechanism will only work when put behind <code>authcBasic</code>.
  */
 @SuppressWarnings("checkstyle:AbbreviationAsWordInName")
-public class MDSALDynamicAuthorizationFilter extends AuthorizationFilter
-        implements ClusteredDataTreeChangeListener<HttpAuthorization> {
-
+public class MDSALDynamicAuthorizationFilter extends AuthorizationFilter implements DataListener<HttpAuthorization> {
     private static final Logger LOG = LoggerFactory.getLogger(MDSALDynamicAuthorizationFilter.class);
 
     private static final DataTreeIdentifier<HttpAuthorization> AUTHZ_CONTAINER = DataTreeIdentifier.create(
@@ -61,7 +55,7 @@ public class MDSALDynamicAuthorizationFilter extends AuthorizationFilter
 
     private final DataBroker dataBroker;
 
-    private ListenerRegistration<?> reg;
+    private Registration reg;
     private volatile ListenableFuture<Optional<HttpAuthorization>> authContainer;
 
     public MDSALDynamicAuthorizationFilter() {
@@ -82,7 +76,7 @@ public Filter processPathConfig(final String path, final String config) {
         try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) {
             authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier());
         }
-        reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this);
+        reg = dataBroker.registerDataListener(AUTHZ_CONTAINER, this);
         return super.processPathConfig(path, config);
     }
 
@@ -96,10 +90,9 @@ public void destroy() {
     }
 
     @Override
-    public void onDataTreeChanged(final Collection<DataTreeModification<HttpAuthorization>> changes) {
-        final HttpAuthorization newVal = Iterables.getLast(changes).getRootNode().getDataAfter();
-        LOG.debug("Updating authorization information to {}", newVal);
-        authContainer = Futures.immediateFuture(Optional.ofNullable(newVal));
+    public void dataChangedTo(final HttpAuthorization data) {
+        LOG.debug("Updating authorization information to {}", data);
+        authContainer = Futures.immediateFuture(Optional.ofNullable(data));
     }
 
     @Override
@@ -149,7 +142,7 @@ public boolean isAccessAllowed(final ServletRequest request, final ServletRespon
                 LOG.debug("paths match for pattern={} and requestURI={}", resource, requestURI);
                 final String method = httpServletRequest.getMethod();
                 LOG.trace("method={}", method);
-                for (Permissions permission : policy.getPermissions()) {
+                for (Permissions permission : policy.nonnullPermissions()) {
                     final String role = permission.getRole();
                     LOG.trace("role={}", role);
                     for (Permissions.Actions action : permission.getActions()) {
diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MdsalRealm.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MdsalRealm.java
index bcc8954c7..2f6853fbd 100644
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MdsalRealm.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MdsalRealm.java
@@ -10,13 +10,10 @@
 import static com.google.common.base.Verify.verifyNotNull;
 import static java.util.Objects.requireNonNull;
 
-import com.google.common.collect.Iterables;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
-import java.util.Collection;
 import java.util.HashSet;
 import java.util.Optional;
-import java.util.Set;
 import java.util.concurrent.ExecutionException;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
@@ -32,18 +29,11 @@
 import org.opendaylight.aaa.shiro.principal.ODLPrincipalImpl;
 import org.opendaylight.aaa.shiro.realm.util.TokenUtils;
 import org.opendaylight.aaa.shiro.realm.util.http.header.HeaderUtils;
-import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
 import org.opendaylight.mdsal.binding.api.DataBroker;
 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
 import org.opendaylight.mdsal.binding.api.ReadTransaction;
 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.Authentication;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.Grant;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.authentication.Grants;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.authentication.Roles;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.authentication.Users;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
 import org.opendaylight.yangtools.concepts.Registration;
 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
 import org.slf4j.Logger;
@@ -65,7 +55,7 @@ public class MdsalRealm extends AuthorizingRealm implements Destroyable {
     private static final ThreadLocal<DataBroker> DATABROKER_TL = new ThreadLocal<>();
 
     private final PasswordHashService passwordHashService;
-    private final ListenerRegistration<?> reg;
+    private final Registration reg;
 
     private volatile ListenableFuture<Optional<Authentication>> authentication;
 
@@ -84,8 +74,7 @@ public MdsalRealm(final PasswordHashService passwordHashService, final DataBroke
             authentication = tx.read(AUTH_TREE_ID.getDatastoreType(), AUTH_TREE_ID.getRootIdentifier());
         }
 
-        reg = dataBroker.registerDataTreeChangeListener(AUTH_TREE_ID,
-            (ClusteredDataTreeChangeListener<Authentication>) this::onAuthenticationChanged);
+        reg = dataBroker.registerDataListener(AUTH_TREE_ID, this::onAuthenticationChanged);
 
         LOG.info("MdsalRealm created");
     }
@@ -100,29 +89,24 @@ public static Registration prepareForLoad(final PasswordHashService passwordHash
         };
     }
 
-    private void onAuthenticationChanged(final Collection<DataTreeModification<Authentication>> changes) {
-        final Authentication newVal = Iterables.getLast(changes).getRootNode().getDataAfter();
-        LOG.debug("Updating authentication information to {}", newVal);
-        authentication = Futures.immediateFuture(Optional.ofNullable(newVal));
+    private void onAuthenticationChanged(final Authentication data) {
+        LOG.debug("Updating authentication information to {}", data);
+        authentication = Futures.immediateFuture(Optional.ofNullable(data));
     }
 
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principalCollection) {
         // the final set or roles to return to the caller;  empty to start
-        final Set<String> authRoles = new HashSet<>();
-        final ODLPrincipal odlPrincipal = (ODLPrincipal)principalCollection.getPrimaryPrincipal();
-        final Optional<Authentication> opt = getAuthenticationContainer();
-        if (opt.isPresent()) {
-            final Authentication auth = opt.orElseThrow();
-
+        final var authRoles = new HashSet<String>();
+        final var odlPrincipal = (ODLPrincipal) principalCollection.getPrimaryPrincipal();
+        getAuthenticationContainer().ifPresent(auth -> {
             // iterate through and determine the appropriate roles based on the programmed grants
-            final Grants grants = auth.getGrants();
-            for (Grant grant : grants.nonnullGrants().values()) {
+            final var grants = auth.getGrants();
+            for (var grant : grants.nonnullGrants().values()) {
                 if (grant.getUserid().equals(odlPrincipal.getUserId())) {
-                    final Roles roles = auth.getRoles();
+                    final var roles = auth.getRoles();
                     if (roles != null) {
-                        for (org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214
-                                .authentication.roles.Roles role : roles.nonnullRoles().values()) {
+                        for (var role : roles.nonnullRoles().values()) {
                             if (role.getRoleid().equals(grant.getRoleid())) {
                                 authRoles.add(role.getRoleid());
                             }
@@ -130,7 +114,7 @@ protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection pri
                     }
                 }
             }
-        }
+        });
         return new SimpleAuthorizationInfo(authRoles);
     }
 
@@ -151,14 +135,12 @@ private Optional<Authentication> getAuthenticationContainer() {
     @Override
     protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken authenticationToken)
             throws AuthenticationException {
-
-        final String username = TokenUtils.extractUsername(authenticationToken);
-        final Optional<Authentication> opt = getAuthenticationContainer();
+        final var username = TokenUtils.extractUsername(authenticationToken);
+        final var opt = getAuthenticationContainer();
         if (opt.isPresent()) {
-            final Authentication auth = opt.orElseThrow();
-            final Users users = auth.getUsers();
-            for (org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.authentication.users
-                    .Users u : users.nonnullUsers().values()) {
+            final var auth = opt.orElseThrow();
+            final var users = auth.getUsers();
+            for (var u : users.nonnullUsers().values()) {
                 final String inputUsername = HeaderUtils.extractUsername(username);
                 final String domainId = HeaderUtils.extractDomain(username);
                 final String inputUserId = String.format("%s@%s", inputUsername, domainId);
@@ -169,9 +151,9 @@ protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken a
                 if (userEnabled && u.getUserid().equals(inputUserId)) {
                     final String inputPassword = TokenUtils.extractPassword(authenticationToken);
                     if (passwordHashService.passwordsMatch(inputPassword, u.getPassword(), u.getSalt())) {
-                        final ODLPrincipal odlPrincipal = ODLPrincipalImpl
-                                .createODLPrincipal(inputUsername, domainId, inputUserId);
-                        return new SimpleAuthenticationInfo(odlPrincipal, inputPassword, getName());
+                        return new SimpleAuthenticationInfo(
+                            ODLPrincipalImpl.createODLPrincipal(inputUsername, domainId, inputUserId), inputPassword,
+                            getName());
                     }
                 }
             }
diff --git a/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java b/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java
index 852326bf7..364f6d0de 100644
--- a/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java
+++ b/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java
@@ -86,7 +86,7 @@ private static DataBroker getTestData(final String resource, final String role,
             .http.authorization.policies.Policies.class);
         when(innerPolicies.getResource()).thenReturn(resource);
         when(innerPolicies.getDescription()).thenReturn(description);
-        when(innerPolicies.getPermissions()).thenReturn(List.of(permissions));
+        when(innerPolicies.nonnullPermissions()).thenReturn(List.of(permissions));
         final Policies policies = mock(Policies.class);
         when(policies.getPolicies()).thenReturn(List.of(innerPolicies));
         final HttpAuthorization httpAuthorization = mock(HttpAuthorization.class);
@@ -216,7 +216,7 @@ public void testSeveralMatchingRules() throws Exception {
         when(innerPolicies.getResource()).thenReturn(resource);
         when(innerPolicies.getIndex()).thenReturn(Uint32.valueOf(5));
         when(innerPolicies.getDescription()).thenReturn(description);
-        when(innerPolicies.getPermissions()).thenReturn(List.of(permissions));
+        when(innerPolicies.nonnullPermissions()).thenReturn(List.of(permissions));
         final var innerPolicies2 = mock(org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214
             .http.authorization.policies.Policies.class);
         when(innerPolicies2.getResource()).thenReturn(resource2);
@@ -224,7 +224,7 @@ public void testSeveralMatchingRules() throws Exception {
         final Permissions permissions2 = mock(Permissions.class);
         when(permissions2.getRole()).thenReturn("dog");
         when(permissions2.getActions()).thenReturn(actionsList);
-        when(innerPolicies2.getPermissions()).thenReturn(List.of(permissions2));
+        when(innerPolicies2.nonnullPermissions()).thenReturn(List.of(permissions2));
         when(innerPolicies2.getDescription()).thenReturn("Specialized Rule");
         final Policies policies = mock(Policies.class);
         when(policies.getPolicies()).thenReturn(List.of(innerPolicies, innerPolicies2));
@@ -294,7 +294,7 @@ public void testMultiplePolicies() throws Exception {
             .http.authorization.policies.Policies.class);
         when(innerPolicies.getResource()).thenReturn(resource);
         when(innerPolicies.getDescription()).thenReturn(description);
-        when(innerPolicies.getPermissions()).thenReturn(List.of(permissions, permissions2));
+        when(innerPolicies.nonnullPermissions()).thenReturn(List.of(permissions, permissions2));
         final Policies policies = mock(Policies.class);
         when(policies.getPolicies()).thenReturn(List.of(innerPolicies));
         final HttpAuthorization httpAuthorization = mock(HttpAuthorization.class);