-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
- Loading branch information
1 parent
9bf99b4
commit a73d42f
Showing
11 changed files
with
230 additions
and
48 deletions.
There are no files selected for viewing
37 changes: 0 additions & 37 deletions
37
plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/AuthTokenHandler.java
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
94 changes: 94 additions & 0 deletions
94
plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroTokenHandler.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
*/ | ||
|
||
package org.opensearch.identity.shiro; | ||
|
||
import java.nio.charset.StandardCharsets; | ||
import java.util.Base64; | ||
import java.util.Optional; | ||
|
||
import org.apache.shiro.SecurityUtils; | ||
import org.apache.shiro.authc.AuthenticationToken; | ||
import org.apache.shiro.authc.UsernamePasswordToken; | ||
import org.opensearch.identity.Subject; | ||
import org.opensearch.identity.tokens.AuthToken; | ||
import org.opensearch.identity.tokens.BasicAuthToken; | ||
import org.opensearch.identity.tokens.TokenManager; | ||
|
||
/** | ||
* Extracts Shiro's {@link AuthenticationToken} from different types of auth headers | ||
* | ||
* @opensearch.experimental | ||
*/ | ||
class ShiroTokenHandler implements TokenManager { | ||
|
||
/** | ||
* Translates into shiro auth token from the given header token | ||
* @param authenticationToken the token from which to translate | ||
* @return An optional of the shiro auth token for login | ||
*/ | ||
public Optional<AuthenticationToken> translateAuthToken(org.opensearch.identity.tokens.AuthToken authenticationToken) { | ||
if (authenticationToken instanceof BasicAuthToken) { | ||
final BasicAuthToken basicAuthToken = (BasicAuthToken) authenticationToken; | ||
return Optional.of(new UsernamePasswordToken(basicAuthToken.getUser(), basicAuthToken.getPassword())); | ||
} | ||
|
||
return Optional.empty(); | ||
} | ||
|
||
@Override | ||
public AuthToken generateToken() { | ||
|
||
Subject subject = new ShiroSubject(this, SecurityUtils.getSubject()); | ||
final byte[] rawEncoded = Base64.getEncoder().encode((subject.getPrincipal().getName() + ":" + generatePassword()).getBytes()); | ||
final String usernamePassword = new String(rawEncoded, StandardCharsets.UTF_8); | ||
final String header = "Basic " + usernamePassword; | ||
|
||
return new BasicAuthToken(header); | ||
} | ||
|
||
@Override | ||
public boolean validateToken(AuthToken token) { | ||
if (token instanceof BasicAuthToken) { | ||
final BasicAuthToken basicAuthToken = (BasicAuthToken) token; | ||
if (basicAuthToken.getUser().equals(SecurityUtils.getSubject()) && basicAuthToken.getPassword().equals(generatePassword())) { | ||
return true; | ||
} | ||
} | ||
return false; | ||
} | ||
|
||
@Override | ||
public String getTokenInfo(AuthToken token) { | ||
if (token instanceof BasicAuthToken) { | ||
final BasicAuthToken basicAuthToken = (BasicAuthToken) token; | ||
return basicAuthToken.toString(); | ||
} | ||
throw new UnsupportedAuthenticationToken(); | ||
} | ||
|
||
@Override | ||
public void revokeToken(AuthToken token) { | ||
if (token instanceof BasicAuthToken) { | ||
final BasicAuthToken basicAuthToken = (BasicAuthToken) token; | ||
basicAuthToken.revoke(); | ||
return; | ||
} | ||
throw new UnsupportedAuthenticationToken(); | ||
} | ||
|
||
@Override | ||
public void refreshToken(AuthToken token) { | ||
|
||
} | ||
|
||
public String generatePassword() { | ||
return "superSecurePassword1!"; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
server/src/main/java/org/opensearch/identity/noop/NoopTokenManager.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
*/ | ||
|
||
package org.opensearch.identity.noop; | ||
|
||
import org.opensearch.identity.tokens.AuthToken; | ||
import org.opensearch.identity.tokens.NoopToken; | ||
import org.opensearch.identity.tokens.TokenManager; | ||
|
||
public class NoopTokenManager implements TokenManager { | ||
@Override | ||
public AuthToken generateToken() { | ||
return new NoopToken(); | ||
} | ||
|
||
@Override | ||
public boolean validateToken(AuthToken token) { | ||
if (token instanceof NoopToken){ | ||
return true; | ||
} | ||
return false; | ||
} | ||
|
||
@Override | ||
public String getTokenInfo(AuthToken token) { | ||
return "Token is NoopToken"; | ||
} | ||
|
||
@Override | ||
public void revokeToken(AuthToken token) { | ||
|
||
} | ||
|
||
@Override | ||
public void refreshToken(AuthToken token) { | ||
|
||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
server/src/main/java/org/opensearch/identity/tokens/NoopToken.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
*/ | ||
|
||
package org.opensearch.identity.tokens; | ||
|
||
public class NoopToken implements AuthToken { | ||
public final static String TOKEN_IDENTIFIER = "Noop"; | ||
|
||
public String getTokenIdentifier() { | ||
return TOKEN_IDENTIFIER; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
server/src/main/java/org/opensearch/identity/tokens/TokenManager.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
*/ | ||
|
||
package org.opensearch.identity.tokens; | ||
|
||
public interface TokenManager { | ||
|
||
public AuthToken generateToken(); | ||
|
||
public boolean validateToken(AuthToken token); | ||
|
||
public String getTokenInfo(AuthToken token); | ||
|
||
public void revokeToken(AuthToken token); | ||
|
||
public void refreshToken(AuthToken token); | ||
} |