2 * Copyright (c) 2015, 2017 Brocade Communications Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.aaa.shiro.filters;
11 import java.util.Locale;
12 import javax.servlet.ServletRequest;
13 import javax.servlet.ServletResponse;
14 import javax.servlet.http.HttpServletRequest;
15 import org.apache.shiro.codec.Base64;
16 import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
17 import org.apache.shiro.web.util.WebUtils;
18 import org.slf4j.Logger;
19 import org.slf4j.LoggerFactory;
22 * Extends <code>BasicHttpAuthenticationFilter</code> to include ability to
23 * authenticate OAuth2 tokens.
26 * This behavior is enabled by default for backwards compatibility. To disable
27 * OAuth2 functionality, just comment out the following line from the
28 * <code>etc/shiro.ini</code> file:
29 * <code>authcBasic = ODLHttpAuthenticationFilter</code>
30 * then restart the karaf container.
32 public class ODLHttpAuthenticationFilter extends BasicHttpAuthenticationFilter {
34 private static final Logger LOG = LoggerFactory.getLogger(ODLHttpAuthenticationFilter.class);
36 // defined in lower-case for more efficient string comparison
37 protected static final String BEARER_SCHEME = "bearer";
39 protected static final String OPTIONS_HEADER = "OPTIONS";
41 public ODLHttpAuthenticationFilter() {
42 LOG.info("Creating the ODLHttpAuthenticationFilter");
46 protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
47 final String decoded = Base64.decodeToString(encoded);
48 // attempt to decode username/password; otherwise decode as token
49 if (decoded.contains(":")) {
50 return decoded.split(":");
52 return new String[] { encoded };
56 protected boolean isLoginAttempt(String authzHeader) {
57 final String authzScheme = getAuthzScheme().toLowerCase(Locale.ROOT);
58 final String authzHeaderLowerCase = authzHeader.toLowerCase(Locale.ROOT);
59 return authzHeaderLowerCase.startsWith(authzScheme)
60 || authzHeaderLowerCase.startsWith(BEARER_SCHEME);
64 protected boolean isAccessAllowed(ServletRequest request, ServletResponse response,
66 final HttpServletRequest httpRequest = WebUtils.toHttp(request);
67 final String httpMethod = httpRequest.getMethod();
68 if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) {
71 return super.isAccessAllowed(httpRequest, response, mappedValue);