diff options
Diffstat (limited to 'upstream/odl-aaa-moon/aaa/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/filters/AuthenticationTokenUtils.java')
| -rw-r--r-- | upstream/odl-aaa-moon/aaa/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/filters/AuthenticationTokenUtils.java | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/upstream/odl-aaa-moon/aaa/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/filters/AuthenticationTokenUtils.java b/upstream/odl-aaa-moon/aaa/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/filters/AuthenticationTokenUtils.java new file mode 100644 index 00000000..a5f0c10d --- /dev/null +++ b/upstream/odl-aaa-moon/aaa/aaa-shiro/src/main/java/org/opendaylight/aaa/shiro/filters/AuthenticationTokenUtils.java @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2016 Brocade Communications Systems, Inc. and others. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ + +package org.opendaylight.aaa.shiro.filters; + +import com.google.common.base.Preconditions; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.UsernamePasswordToken; + +/** + * Utility methods for forming audit trail output based on an <code>AuthenticationToken</code>. + * + * @author Ryan Goulding (ryandgoulding@gmail.com) + */ +public class AuthenticationTokenUtils { + + /** + * default value used in messaging when the "user" field is unparsable from the HTTP REST request + */ + static final String DEFAULT_USERNAME = "an unknown user"; + + /** + * default value used in messaging when the "user" field is not present in the HTTP REST request, implying + * a different implementation of <code>AuthenticationToken</code> such as <code>CasToken</code>. + */ + static final String DEFAULT_TOKEN = "an un-parsable token type"; + + /** + * default value used in messaging when the "host" field cannot be determined. + */ + static final String DEFAULT_HOSTNAME = "an unknown host"; + + private AuthenticationTokenUtils() { + // private to prevent instantiation + } + + /** + * Determines whether the supplied <code>Token</code> is a <code>UsernamePasswordToken</code>. + * + * @param token A generic <code>Token</code>, which might be a <code>UsernamePasswordToken</code> + * @return Whether the supplied <code>Token</code> is a <code>UsernamePasswordToken</code> + */ + public static boolean isUsernamePasswordToken(final AuthenticationToken token) { + return token instanceof UsernamePasswordToken; + } + + /** + * Extracts the username if possible. If the supplied token is a <code>UsernamePasswordToken</code> + * and the username field is not set, <code>DEFAULT_USERNAME</code> is returned. If the supplied + * token is not a <code>UsernamePasswordToken</code> (i.e., a <code>CasToken</code> or other + * implementation of <code>AuthenticationToken</code>), then <code>DEFAULT_TOKEN</code> is + * returned. + * + * @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code> + * @return the username, <code>DEFAULT_USERNAME</code> or <code>DEFAULT_TOKEN</code> depending on input + */ + public static String extractUsername(final AuthenticationToken token) { + if (isUsernamePasswordToken(token)) { + final UsernamePasswordToken upt = (UsernamePasswordToken) token; + return extractField(upt.getUsername(), DEFAULT_USERNAME); + } + return DEFAULT_TOKEN; + } + + /** + * Extracts the hostname if possible. If the supplied token is a <code>UsernamePasswordToken</code> + * and the hostname field is not set, <code>DEFAULT_HOSTNAME</code> is returned. If the supplied + * token is not a <code>UsernamePasswordToken</code> (i.e., a <code>CasToken</code> or other + * implementation of <code>AuthenticationToken</code>), then <code>DEFAULT_HOSTNAME</code> is + * returned. + * + * @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code> + * @return the hostname, or <code>DEFAULT_USERNAME</code> depending on input + */ + public static String extractHostname(final AuthenticationToken token) { + if (isUsernamePasswordToken(token)) { + final UsernamePasswordToken upt = (UsernamePasswordToken) token; + return extractField(upt.getHost(), DEFAULT_HOSTNAME); + } + return DEFAULT_HOSTNAME; + } + + /** + * Utility method to generate a generic message indicating Authentication was unsuccessful. + * + * @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code> + * @return A message indicating authentication was unsuccessful + */ + public static String generateUnsuccessfulAuthenticationMessage(final AuthenticationToken token) { + final String username = extractUsername(token); + final String remoteHostname = extractHostname(token); + return String.format("Unsuccessful authentication attempt by %s from %s", username, remoteHostname); + } + + /** + * Utility method to generate a generic message indicating Authentication was successful. + * + * @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code> + * @return A message indicating authentication was successful + */ + public static String generateSuccessfulAuthenticationMessage(final AuthenticationToken token) { + final String username = extractUsername(token); + final String remoteHostname = extractHostname(token); + return String.format("Successful authentication attempt by %s from %s", username, remoteHostname); + } + + /** + * Utility method that returns <code>field</code>, or <code>defaultValue</code> if <code>field</code> is null. + * + * @param field A generic string, which is possibly null. + * @param defaultValue A non-null value returned if <code>field</code> is null + * @return <code>field</code> or <code>defaultValue</code> if field is null + * @throws IllegalArgumentException If <code>defaultValue</code> is null + */ + private static String extractField(final String field, final String defaultValue) + throws IllegalArgumentException { + + Preconditions.checkNotNull(defaultValue, "defaultValue can't be null"); + if (field != null) { + return field; + } + return defaultValue; + } +} |