/*
* Copyright (c) 2016 Brocade Communications Systems, Inc. and others. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
package org.opendaylight.aaa.shiro.filters;
import com.google.common.base.Preconditions;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
/**
* Utility methods for forming audit trail output based on an AuthenticationToken
.
*
* @author Ryan Goulding (ryandgoulding@gmail.com)
*/
public class AuthenticationTokenUtils {
/**
* default value used in messaging when the "user" field is unparsable from the HTTP REST request
*/
static final String DEFAULT_USERNAME = "an unknown user";
/**
* default value used in messaging when the "user" field is not present in the HTTP REST request, implying
* a different implementation of AuthenticationToken
such as CasToken
.
*/
static final String DEFAULT_TOKEN = "an un-parsable token type";
/**
* default value used in messaging when the "host" field cannot be determined.
*/
static final String DEFAULT_HOSTNAME = "an unknown host";
private AuthenticationTokenUtils() {
// private to prevent instantiation
}
/**
* Determines whether the supplied Token
is a UsernamePasswordToken
.
*
* @param token A generic Token
, which might be a UsernamePasswordToken
* @return Whether the supplied Token
is a UsernamePasswordToken
*/
public static boolean isUsernamePasswordToken(final AuthenticationToken token) {
return token instanceof UsernamePasswordToken;
}
/**
* Extracts the username if possible. If the supplied token is a UsernamePasswordToken
* and the username field is not set, DEFAULT_USERNAME
is returned. If the supplied
* token is not a UsernamePasswordToken
(i.e., a CasToken
or other
* implementation of AuthenticationToken
), then DEFAULT_TOKEN
is
* returned.
*
* @param token An AuthenticationToken
, possibly a UsernamePasswordToken
* @return the username, DEFAULT_USERNAME
or DEFAULT_TOKEN
depending on input
*/
public static String extractUsername(final AuthenticationToken token) {
if (isUsernamePasswordToken(token)) {
final UsernamePasswordToken upt = (UsernamePasswordToken) token;
return extractField(upt.getUsername(), DEFAULT_USERNAME);
}
return DEFAULT_TOKEN;
}
/**
* Extracts the hostname if possible. If the supplied token is a UsernamePasswordToken
* and the hostname field is not set, DEFAULT_HOSTNAME
is returned. If the supplied
* token is not a UsernamePasswordToken
(i.e., a CasToken
or other
* implementation of AuthenticationToken
), then DEFAULT_HOSTNAME
is
* returned.
*
* @param token An AuthenticationToken
, possibly a UsernamePasswordToken
* @return the hostname, or DEFAULT_USERNAME
depending on input
*/
public static String extractHostname(final AuthenticationToken token) {
if (isUsernamePasswordToken(token)) {
final UsernamePasswordToken upt = (UsernamePasswordToken) token;
return extractField(upt.getHost(), DEFAULT_HOSTNAME);
}
return DEFAULT_HOSTNAME;
}
/**
* Utility method to generate a generic message indicating Authentication was unsuccessful.
*
* @param token An AuthenticationToken
, possibly a UsernamePasswordToken
* @return A message indicating authentication was unsuccessful
*/
public static String generateUnsuccessfulAuthenticationMessage(final AuthenticationToken token) {
final String username = extractUsername(token);
final String remoteHostname = extractHostname(token);
return String.format("Unsuccessful authentication attempt by %s from %s", username, remoteHostname);
}
/**
* Utility method to generate a generic message indicating Authentication was successful.
*
* @param token An AuthenticationToken
, possibly a UsernamePasswordToken
* @return A message indicating authentication was successful
*/
public static String generateSuccessfulAuthenticationMessage(final AuthenticationToken token) {
final String username = extractUsername(token);
final String remoteHostname = extractHostname(token);
return String.format("Successful authentication attempt by %s from %s", username, remoteHostname);
}
/**
* Utility method that returns field
, or defaultValue
if field
is null.
*
* @param field A generic string, which is possibly null.
* @param defaultValue A non-null value returned if field
is null
* @return field
or defaultValue
if field is null
* @throws IllegalArgumentException If defaultValue
is null
*/
private static String extractField(final String field, final String defaultValue)
throws IllegalArgumentException {
Preconditions.checkNotNull(defaultValue, "defaultValue can't be null");
if (field != null) {
return field;
}
return defaultValue;
}
}