2 * Copyright (c) 2016 - 2017 Brocade Communications Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.aaa.shiro.filters;
11 import com.google.common.base.Preconditions;
12 import org.apache.shiro.authc.AuthenticationToken;
13 import org.apache.shiro.authc.UsernamePasswordToken;
16 * Utility methods for forming audit trail output based on an <code>AuthenticationToken</code>.
18 public class AuthenticationTokenUtils {
21 * default value used in messaging when the "user" field is unparsable from the HTTP REST request
23 static final String DEFAULT_USERNAME = "an unknown user";
26 * default value used in messaging when the "user" field is not present in the HTTP REST request, implying
27 * a different implementation of <code>AuthenticationToken</code> such as <code>CasToken</code>.
29 static final String DEFAULT_TOKEN = "an un-parsable token type";
32 * default value used in messaging when the "host" field cannot be determined.
34 static final String DEFAULT_HOSTNAME = "an unknown host";
36 private AuthenticationTokenUtils() {
37 // private to prevent instantiation
41 * Determines whether the supplied <code>Token</code> is a <code>UsernamePasswordToken</code>.
43 * @param token A generic <code>Token</code>, which might be a <code>UsernamePasswordToken</code>
44 * @return Whether the supplied <code>Token</code> is a <code>UsernamePasswordToken</code>
46 public static boolean isUsernamePasswordToken(final AuthenticationToken token) {
47 return token instanceof UsernamePasswordToken;
51 * Extracts the username if possible. If the supplied token is a <code>UsernamePasswordToken</code>
52 * and the username field is not set, <code>DEFAULT_USERNAME</code> is returned. If the supplied
53 * token is not a <code>UsernamePasswordToken</code> (i.e., a <code>CasToken</code> or other
54 * implementation of <code>AuthenticationToken</code>), then <code>DEFAULT_TOKEN</code> is
57 * @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code>
58 * @return the username, <code>DEFAULT_USERNAME</code> or <code>DEFAULT_TOKEN</code> depending on input
60 public static String extractUsername(final AuthenticationToken token) {
61 if (isUsernamePasswordToken(token)) {
62 final UsernamePasswordToken upt = (UsernamePasswordToken) token;
63 return extractField(upt.getUsername(), DEFAULT_USERNAME);
69 * Extracts the hostname if possible. If the supplied token is a <code>UsernamePasswordToken</code>
70 * and the hostname field is not set, <code>DEFAULT_HOSTNAME</code> is returned. If the supplied
71 * token is not a <code>UsernamePasswordToken</code> (i.e., a <code>CasToken</code> or other
72 * implementation of <code>AuthenticationToken</code>), then <code>DEFAULT_HOSTNAME</code> is
75 * @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code>
76 * @return the hostname, or <code>DEFAULT_USERNAME</code> depending on input
78 public static String extractHostname(final AuthenticationToken token) {
79 if (isUsernamePasswordToken(token)) {
80 final UsernamePasswordToken upt = (UsernamePasswordToken) token;
81 return extractField(upt.getHost(), DEFAULT_HOSTNAME);
83 return DEFAULT_HOSTNAME;
87 * Utility method to generate a generic message indicating Authentication was unsuccessful.
89 * @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code>
90 * @return A message indicating authentication was unsuccessful
92 public static String generateUnsuccessfulAuthenticationMessage(final AuthenticationToken token) {
93 final String username = extractUsername(token);
94 final String remoteHostname = extractHostname(token);
95 return String.format("Unsuccessful authentication attempt by %s from %s", username, remoteHostname);
99 * Utility method to generate a generic message indicating Authentication was successful.
101 * @param token An <code>AuthenticationToken</code>, possibly a <code>UsernamePasswordToken</code>
102 * @return A message indicating authentication was successful
104 public static String generateSuccessfulAuthenticationMessage(final AuthenticationToken token) {
105 final String username = extractUsername(token);
106 final String remoteHostname = extractHostname(token);
107 return String.format("Successful authentication attempt by %s from %s", username, remoteHostname);
111 * Utility method that returns <code>field</code>, or <code>defaultValue</code> if <code>field</code> is null.
113 * @param field A generic string, which is possibly null.
114 * @param defaultValue A non-null value returned if <code>field</code> is null
115 * @return <code>field</code> or <code>defaultValue</code> if field is null
116 * @throws IllegalArgumentException If <code>defaultValue</code> is null
118 private static String extractField(final String field, final String defaultValue)
119 throws IllegalArgumentException {
121 Preconditions.checkNotNull(defaultValue, "defaultValue can't be null");