All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.opendaylight.aaa.tokenauthrealm.auth.HttpBasicAuth Maven / Gradle / Ivy

There is a newer version: 0.20.3
Show newest version
/*
 * Copyright (c) 2014, 2017 Hewlett-Packard Development Company, L.P. and others.  All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
 * and is available at http://www.eclipse.org/legal/epl-v10.html
 */

package org.opendaylight.aaa.tokenauthrealm.auth;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import org.opendaylight.aaa.api.Authentication;
import org.opendaylight.aaa.api.AuthenticationException;
import org.opendaylight.aaa.api.Claim;
import org.opendaylight.aaa.api.CredentialAuth;
import org.opendaylight.aaa.api.PasswordCredentials;
import org.opendaylight.aaa.api.TokenAuth;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * An HTTP Basic authenticator. Note that this is provided as a Hydrogen
 * backward compatible authenticator, but usage of this authenticator or HTTP
 * Basic Authentication is highly discouraged due to its vulnerability.
 *
 * 

* To obtain a token using the HttpBasicAuth Strategy, add a header to your HTTP * request in the form: * Authorization: Basic BASE_64_ENCODED_CREDENTIALS * *

* Where BASE_64_ENCODED_CREDENTIALS is the base 64 encoded value * of the user's credentials in the following form: user:password * *

* For example, assuming the user is "admin" and the password is "admin": * Authorization: Basic YWRtaW46YWRtaW4= * * @author liemmn */ public class HttpBasicAuth implements TokenAuth { public static final String AUTH_HEADER = "Authorization"; public static final String AUTH_SEP = ":"; public static final String BASIC_PREFIX = "Basic "; // TODO relocate this constant public static final String DEFAULT_DOMAIN = "sdn"; /** * username and password. */ private static final int NUM_HEADER_CREDS = 2; /** * username, password and domain. */ private static final int NUM_TOKEN_CREDS = 3; private static final Logger LOG = LoggerFactory.getLogger(HttpBasicAuth.class); private final CredentialAuth credentialAuth; public HttpBasicAuth(CredentialAuth credentialAuth) { this.credentialAuth = credentialAuth; } private static boolean checkAuthHeaderFormat(final String authHeader) { return authHeader != null && authHeader.startsWith(BASIC_PREFIX); } private static String extractAuthHeader(final Map> headers) { return headers.get(AUTH_HEADER).get(0); } private static String[] extractCredentialArray(final String authHeader) { return new String(Base64.getDecoder().decode(authHeader.substring(BASIC_PREFIX.length())), StandardCharsets.UTF_8).split(AUTH_SEP); } private static boolean verifyCredentialArray(final String[] creds) { return creds != null && creds.length == NUM_HEADER_CREDS; } private static String[] addDomainToCredentialArray(final String[] creds) { String[] newCredentialArray = new String[NUM_TOKEN_CREDS]; System.arraycopy(creds, 0, newCredentialArray, 0, creds.length); newCredentialArray[2] = DEFAULT_DOMAIN; return newCredentialArray; } private static Authentication generateAuthentication( CredentialAuth credentialAuth, final String[] creds) throws ArrayIndexOutOfBoundsException { final PasswordCredentials pc = new PasswordCredentialBuilder().setUserName(creds[0]) .setPassword(creds[1]).setDomain(creds[2]).build(); final Claim claim = credentialAuth.authenticate(pc); return new AuthenticationBuilder(claim).build(); } @Override public Authentication validate(final Map> headers) throws AuthenticationException { if (headers.containsKey(AUTH_HEADER)) { final String authHeader = extractAuthHeader(headers); if (checkAuthHeaderFormat(authHeader)) { // HTTP Basic Auth String[] creds = extractCredentialArray(authHeader); // If no domain was supplied then use the default one, which is // "sdn". if (verifyCredentialArray(creds)) { creds = addDomainToCredentialArray(creds); } // Assumes correct formatting in form Base64("user:password"). // Throws an exception if an unknown format is used. try { return generateAuthentication(this.credentialAuth, creds); } catch (ArrayIndexOutOfBoundsException e) { final String message = "Login Attempt in Bad Format." + " Please provide user:password in Base64 format."; LOG.info(message); throw new AuthenticationException(message, e); } } } return null; } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy