From 8321d21fd3fb6524d783f959aae7392828cef7f2 Mon Sep 17 00:00:00 2001
From: Ivan Hrasko <ivan.hrasko@pantheon.tech>
Date: Mon, 6 Mar 2023 13:52:51 +0100
Subject: [PATCH] Remove ODLHttpAuthenticationFilter

ODLHttpAuthenticationFilter is a remnant from times ODL
supported OAuth2.

Remove it and replace in AAA configuration with Shiro's
default BasicHttpAuthenticationFilter. Thus we do no need to
set used filter explicitly in configuration.

JIRA: AAA-255
Change-Id: I13fb22ff7c2c36e7a504eaf5baa5b7c069ee3f2a
Signed-off-by: Ivan Hrasko <ivan.hrasko@pantheon.tech>
Signed-off-by: OleksandrZharov <Oleksandr.Zharov@pantheon.tech>
---
 .../filters/ODLHttpAuthenticationFilter.java  | 74 -------------------
 .../main/resources/initial/aaa-app-config.xml |  5 --
 2 files changed, 79 deletions(-)
 delete mode 100644 aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/filters/ODLHttpAuthenticationFilter.java

diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/filters/ODLHttpAuthenticationFilter.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/filters/ODLHttpAuthenticationFilter.java
deleted file mode 100644
index e8dbf5b2d..000000000
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/filters/ODLHttpAuthenticationFilter.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 2015, 2017 Brocade Communications Systems, Inc. and others.  All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.shiro.filters;
-
-import java.util.Locale;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import org.apache.shiro.codec.Base64;
-import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
-import org.apache.shiro.web.util.WebUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Extends <code>BasicHttpAuthenticationFilter</code> to include ability to
- * authenticate OAuth2 tokens.
- *
- * <p>
- * This behavior is enabled by default for backwards compatibility. To disable
- * OAuth2 functionality, just comment out the following line from the
- * <code>etc/shiro.ini</code> file:
- * <code>authcBasic = ODLHttpAuthenticationFilter</code>
- * then restart the karaf container.
- */
-public class ODLHttpAuthenticationFilter extends BasicHttpAuthenticationFilter {
-
-    private static final Logger LOG = LoggerFactory.getLogger(ODLHttpAuthenticationFilter.class);
-
-    // defined in lower-case for more efficient string comparison
-    protected static final String BEARER_SCHEME = "bearer";
-
-    protected static final String OPTIONS_HEADER = "OPTIONS";
-
-    public ODLHttpAuthenticationFilter() {
-        LOG.info("Creating the ODLHttpAuthenticationFilter");
-    }
-
-    @Override
-    protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
-        final String decoded = Base64.decodeToString(encoded);
-        // attempt to decode username/password; otherwise decode as token
-        if (decoded.contains(":")) {
-            return decoded.split(":");
-        }
-        return new String[] { encoded };
-    }
-
-    @Override
-    protected boolean isLoginAttempt(String authzHeader) {
-        final String authzScheme = getAuthzScheme().toLowerCase(Locale.ROOT);
-        final String authzHeaderLowerCase = authzHeader.toLowerCase(Locale.ROOT);
-        return authzHeaderLowerCase.startsWith(authzScheme)
-                || authzHeaderLowerCase.startsWith(BEARER_SCHEME);
-    }
-
-    @Override
-    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response,
-            Object mappedValue) {
-        final HttpServletRequest httpRequest = WebUtils.toHttp(request);
-        final String httpMethod = httpRequest.getMethod();
-        if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) {
-            return true;
-        } else {
-            return super.isAccessAllowed(httpRequest, response, mappedValue);
-        }
-    }
-}
diff --git a/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml b/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
index 03cfaf355..fe5806b1e 100644
--- a/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
+++ b/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
@@ -251,11 +251,6 @@
         <pair-key>securityManager.realms</pair-key>
         <pair-value>$tokenAuthRealm</pair-value>
     </main>
-    <!-- Used to support OAuth2 use case. -->
-    <main>
-        <pair-key>authcBasic</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
-    </main>
 
     <!-- Start moonAuthRealm commented out
     <main>
-- 
2.36.6