1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
/*
* Copyright (c) 2016 Brocade Communications Systems, Inc. and others. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
package org.opendaylight.aaa.shiro.filters;
import com.google.common.base.Preconditions;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
/**
* Utility methods for forming audit trail output based on an <code>AuthenticationToken</code>.
*
* @author Ryan Goulding (ryandgoulding@gmail.com)
*/
public class AuthenticationTokenUtils {
/**
* default value used in messaging when the "user" field is unparsable from the HTTP REST request
*/
static final String DEFAULT_USERNAME = "an unknown user";
/**
* default value used in messaging when the "user" field is not present in the HTTP REST request, implying
* a different implementation of <code>AuthenticationToken</code> such as <code>CasToken</code>.
*/
static final String DEFAULT_TOKEN = "an un-parsable token type";
/**
* default value used in messaging when the "host" field cannot be determined.
*/
static final String DEFAULT_HOSTNAME = "an unknown host";
private AuthenticationTokenUtils() {
// private to prevent instantiation
}
/**
* Determines whether the supplied <code>Token</code> is a <code>UsernamePasswordToken</code>.
*
* @param token A generic <code>Token</code>, which might be a <code>UsernamePasswordToken</code>
* @return Whether the supplied <code>Token</code> is a <code>UsernamePasswordToken</code>
*/
public static boolean isUsernamePasswordToken(final AuthenticationToken token) {
return token instanceof UsernamePasswordToken;
}
/**
* Extracts the username if possible. If the supplied token is a <code>UsernamePasswordToken</code>
* and the username field is not set, <code>DEFAULT_USERNAME</code> is returned. If the supplied
* token is not a <code>UsernamePasswordToken</code> (i.e., a <code>CasToken</code> or other
* implementation of <code>AuthenticationToken</code>), then <code>DEFAULT_TOKEN</code> is
* returned.
*
* @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code>
* @return the username, <code>DEFAULT_USERNAME</code> or <code>DEFAULT_TOKEN</code> depending on input
*/
public static String extractUsername(final AuthenticationToken token) {
if (isUsernamePasswordToken(token)) {
final UsernamePasswordToken upt = (UsernamePasswordToken) token;
return extractField(upt.getUsername(), DEFAULT_USERNAME);
}
return DEFAULT_TOKEN;
}
/**
* Extracts the hostname if possible. If the supplied token is a <code>UsernamePasswordToken</code>
* and the hostname field is not set, <code>DEFAULT_HOSTNAME</code> is returned. If the supplied
* token is not a <code>UsernamePasswordToken</code> (i.e., a <code>CasToken</code> or other
* implementation of <code>AuthenticationToken</code>), then <code>DEFAULT_HOSTNAME</code> is
* returned.
*
* @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code>
* @return the hostname, or <code>DEFAULT_USERNAME</code> depending on input
*/
public static String extractHostname(final AuthenticationToken token) {
if (isUsernamePasswordToken(token)) {
final UsernamePasswordToken upt = (UsernamePasswordToken) token;
return extractField(upt.getHost(), DEFAULT_HOSTNAME);
}
return DEFAULT_HOSTNAME;
}
/**
* Utility method to generate a generic message indicating Authentication was unsuccessful.
*
* @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code>
* @return A message indicating authentication was unsuccessful
*/
public static String generateUnsuccessfulAuthenticationMessage(final AuthenticationToken token) {
final String username = extractUsername(token);
final String remoteHostname = extractHostname(token);
return String.format("Unsuccessful authentication attempt by %s from %s", username, remoteHostname);
}
/**
* Utility method to generate a generic message indicating Authentication was successful.
*
* @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code>
* @return A message indicating authentication was successful
*/
public static String generateSuccessfulAuthenticationMessage(final AuthenticationToken token) {
final String username = extractUsername(token);
final String remoteHostname = extractHostname(token);
return String.format("Successful authentication attempt by %s from %s", username, remoteHostname);
}
/**
* Utility method that returns <code>field</code>, or <code>defaultValue</code> if <code>field</code> is null.
*
* @param field A generic string, which is possibly null.
* @param defaultValue A non-null value returned if <code>field</code> is null
* @return <code>field</code> or <code>defaultValue</code> if field is null
* @throws IllegalArgumentException If <code>defaultValue</code> is null
*/
private static String extractField(final String field, final String defaultValue)
throws IllegalArgumentException {
Preconditions.checkNotNull(defaultValue, "defaultValue can't be null");
if (field != null) {
return field;
}
return defaultValue;
}
}
|