import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
import org.apache.shiro.codec.Base64;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
import org.jolokia.osgi.security.Authenticator;
import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
private static final long serialVersionUID = 1L;
private static final String BASEURI = "/oauth";
private static final String LOGINURI = BASEURI + "/login";
- //private static final String LOGOUTURI = BASEURI + "/logout";
+ private static final String LOGOUTURI = BASEURI + "/logout";
private static final String PROVIDERSURI = BASEURI + "/providers";
public static final String REDIRECTURI = BASEURI + "/redirect";
private static final String REDIRECTURI_FORMAT = REDIRECTURI + "/%s";
private static final String POLICIESURI = BASEURI + "/policies";
- //private static final String PROVIDERID_REGEX = "^\\" + BASEURI + "\\/providers\\/([^\\/]+)$";
private static final String REDIRECTID_REGEX = "^\\" + BASEURI + "\\/redirect\\/([^\\/]+)$";
private static final String LOGIN_REDIRECT_REGEX = "^\\" + LOGINURI + "\\/([^\\/]+)$";
- //private static final Pattern PROVIDERID_PATTERN = Pattern.compile(PROVIDERID_REGEX);
private static final Pattern REDIRECTID_PATTERN = Pattern.compile(REDIRECTID_REGEX);
private static final Pattern LOGIN_REDIRECT_PATTERN = Pattern.compile(LOGIN_REDIRECT_REGEX);
private final ObjectMapper mapper;
/* state <=> AuthProviderService> */
private final Map<String, AuthService> providerStore;
- private Authenticator odlAuthenticator;
- private IdMService odlIdentityService;
private final TokenCreator tokenCreator;
private final Config config;
- private ShiroConfiguration shiroConfiguration;
- private DataBroker dataBroker;
- private MdSalAuthorizationStore mdsalAuthStore;
+ private static Authenticator odlAuthenticator;
+ private static IdMService odlIdentityService;
+ private static ShiroConfiguration shiroConfiguration;
+ private static MdSalAuthorizationStore mdsalAuthStore;
public AuthHttpServlet() throws IOException {
this.config = Config.getInstance();
}
- public void setOdlAuthenticator(Authenticator odlAuthenticator) {
- this.odlAuthenticator = odlAuthenticator;
+ public void setOdlAuthenticator(Authenticator odlAuthenticator2) {
+ odlAuthenticator = odlAuthenticator2;
}
- public void setOdlIdentityService(IdMService odlIdentityService) {
- this.odlIdentityService = odlIdentityService;
+ public void setOdlIdentityService(IdMService odlIdentityService2) {
+ odlIdentityService = odlIdentityService2;
}
- public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) {
- this.shiroConfiguration = shiroConfiguration;
+ public void setShiroConfiguration(ShiroConfiguration shiroConfiguration2) {
+ shiroConfiguration = shiroConfiguration2;
}
public void setDataBroker(DataBroker dataBroker) {
- this.dataBroker = dataBroker;
- this.mdsalAuthStore = new MdSalAuthorizationStore(this.dataBroker);
+ mdsalAuthStore = new MdSalAuthorizationStore(dataBroker);
}
@Override
this.sendResponse(resp, HttpServletResponse.SC_OK, getConfigs(this.providerStore.values()));
} else if (req.getRequestURI().startsWith(LOGINURI)) {
this.handleLoginRedirect(req, resp);
+ } else if (req.getRequestURI().equals(LOGOUTURI)) {
+ this.handleLogout(req, resp);
} else if (POLICIESURI.equals(req.getRequestURI())) {
this.sendResponse(resp, HttpServletResponse.SC_OK, this.getPoliciesForUser(req));
} else if (req.getRequestURI().startsWith(REDIRECTURI)) {
}
+ private void handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ this.logout();
+ this.sendResponse(resp, HttpServletResponse.SC_OK, "");
+ }
+
private void handleLoginRedirect(HttpServletRequest req, HttpServletResponse resp) throws IOException {
final String uri = req.getRequestURI();
final Matcher matcher = LOGIN_REDIRECT_PATTERN.matcher(uri);
final String id = matcher.group(1);
AuthService provider = this.providerStore.getOrDefault(id, null);
if (provider != null) {
- //provider.setLocalHostUrl(getHost(req));
String redirectUrl = getHost(req) + String.format(REDIRECTURI_FORMAT, id);
provider.sendLoginRedirectResponse(resp, redirectUrl);
return;
* @return
*/
private List<OdlPolicy> getPoliciesForUser(HttpServletRequest req) {
- List<Urls> urlRules = this.shiroConfiguration.getUrls();
+ List<Urls> urlRules = shiroConfiguration.getUrls();
UserTokenPayload data = this.getUserInfo(req);
List<OdlPolicy> policies = new ArrayList<>();
if (urlRules != null) {
} else if (authClass.equals(CLASSNAME_ODLBEARERANDBASICAUTH)) {
policy = this.getTokenBasedPolicy(urlRule, matcher, data);
} else if (authClass.equals(CLASSNAME_ODLMDSALAUTH)) {
- policy = this.getMdSalBasedPolicy(urlRule, matcher, data);
+ policy = this.getMdSalBasedPolicy(urlRule, data);
}
if (policy.isPresent()) {
policies.add(policy.get());
* extract policy rule for user from MD-SAL not yet supported
*
* @param urlRule
- * @param matcher
* @param data
* @return
*/
- private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, Matcher matcher, UserTokenPayload data) {
- if (this.mdsalAuthStore != null) {
- return data != null ? this.mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles())
+ private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, UserTokenPayload data) {
+ if (mdsalAuthStore != null) {
+ return data != null ? mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles())
: Optional.of(OdlPolicy.denyAll(urlRule.getPairKey()));
}
return Optional.empty();
if ("anon".equals(key)) {
return null;
}
+ List<Main> list = shiroConfiguration.getMain();
Optional<Main> main =
- this.shiroConfiguration.getMain().stream().filter((e) -> e.getPairKey().equals(key)).findFirst();
+ list == null ? Optional.empty() : list.stream().filter(e -> e.getPairKey().equals(key)).findFirst();
if (main.isPresent()) {
return main.get().getPairValue();
}
if (!username.contains("@")) {
username = String.format("%s@%s", username, domain);
}
- List<String> roles = this.odlIdentityService.listRoles(username, domain);
+ List<String> roles = odlIdentityService.listRoles(username, domain);
return UserTokenPayload.create(username, roles);
}
}
}
HttpServletRequest req = new HeadersOnlyHttpServletRequest(
Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue(username, password)));
- if (this.odlAuthenticator.authenticate(req)) {
- List<String> roles = this.odlIdentityService.listRoles(username, domain);
+ if (odlAuthenticator.authenticate(req)) {
+ List<String> roles = odlIdentityService.listRoles(username, domain);
UserTokenPayload data = new UserTokenPayload();
data.setPreferredUsername(username);
data.setFamilyName("");
}
+ private void logout() {
+ final Subject subject = SecurityUtils.getSubject();
+ try {
+ subject.logout();
+ Session session = subject.getSession(false);
+ if (session != null) {
+ session.stop();
+ }
+ } catch (ShiroException e) {
+ LOG.debug("Couldn't log out {}", subject, e);
+ }
+ }
}