Mercurial > dive4elements > river

annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 5947:0b092a1d136b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Move User class from was to saml sub-package.
author Bernhard Herzog <bh@intevation.de>
date Wed, 08 May 2013 17:56:14 +0200
parents d6f13dba21fe
children d7b9b3e3c61a
rev   line source
5861
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
2 * Software engineering by Intevation GmbH
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
3 *
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
4 * This file is Free Software under the GNU AGPL (>=v3)
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
6 * documentation coming with Dive4Elements River for details.
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
7 */
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
8
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
9 package org.dive4elements.river.client.server.auth.was;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
10
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
11 import java.io.IOException;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
12 import java.io.InputStream;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
13 import java.util.List;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
14
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
15 import org.apache.commons.codec.binary.Base64InputStream;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
16
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
17 import org.apache.http.HttpEntity;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
18
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
19 import org.apache.log4j.Logger;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
20
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
21 import org.w3c.dom.Document;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
22 import org.w3c.dom.Element;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
23
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
24 import org.dive4elements.artifacts.httpclient.utils.XMLUtils;
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
25 import org.dive4elements.river.client.server.auth.Authentication;
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
26 import org.dive4elements.river.client.server.auth.AuthenticationException;
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
27 import org.dive4elements.river.client.server.auth.saml.Assertion;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
28 import org.dive4elements.river.client.server.auth.saml.XPathUtils;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
29 import org.dive4elements.river.client.server.auth.saml.TicketValidator;
5947
0b092a1d136b Move User class from was to saml sub-package.
Bernhard Herzog <bh@intevation.de>
parents: 5944
diff changeset
30 import org.dive4elements.river.client.server.auth.saml.User;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
31
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
32 import org.dive4elements.river.client.server.features.Features;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
33
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
34
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
35 public class Response implements Authentication {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
36
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
37 private static Logger logger = Logger.getLogger(Response.class);
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
38
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
39 private Element root;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
40 private Assertion assertion;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
41 private String username;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
42 private String password;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
43 private Features features;
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
44 private String trustedKeyFile;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
45
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
46
5943
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents: 5936
diff changeset
47 public Response(HttpEntity entity, String username, String password,
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents: 5936
diff changeset
48 Features features, String trustedKeyFile)
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents: 5936
diff changeset
49 throws AuthenticationException, IOException {
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
50
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
51 if (entity == null) {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
52 throw new ServiceException("Invalid response");
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
53 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
54
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
55 String contenttype = entity.getContentType().getValue();
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
56
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
57 InputStream in = entity.getContent();
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
58
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
59 if (!contenttype.equals("application/vnd.ogc.se_xml")) {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
60 // XXX: Assume base64 encoded content.
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
61 in = new Base64InputStream(in);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
62 }
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
63
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
64 Document doc = XMLUtils.readDocument(in);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
65 Element root = doc.getDocumentElement();
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
66 String rname = root.getTagName();
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
67
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
68 if (rname != null && rname.equals("ServiceExceptionReport")) {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
69 throw new ServiceException(XPathUtils.xpathString(root,
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
70 "ServiceException"));
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
71 }
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
72
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
73 this.root = root;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
74 this.username = username;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
75 this.password = password;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
76 this.features = features;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
77 this.trustedKeyFile = trustedKeyFile;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
78 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
79
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
80 @Override
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
81 public boolean isSuccess() {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
82 String status = getStatus();
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
83 return status != null && status.equals("samlp:Success");
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
84 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
85
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
86 public String getStatus() {
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
87 return XPathUtils.xpathString(this.root,
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
88 "./samlp:Status/samlp:StatusCode/@Value");
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
89 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
90
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
91
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
92 public Assertion getAssertion() {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
93 if (this.assertion == null && this.root != null) {
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
94 try {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
95 TicketValidator validator =
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
96 new TicketValidator(this.trustedKeyFile);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
97 this.assertion = validator.checkTicket(this.root);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
98 }
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
99 catch (Exception e) {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
100 logger.error(e.getLocalizedMessage(), e);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
101 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
102 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
103 return this.assertion;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
104 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
105
2959
5ba0a6efdf3b Auth: added simple file based authentication.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 2956
diff changeset
106 @Override
2968
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
107 public User getUser() throws AuthenticationException {
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
108 Assertion assertion = this.getAssertion();
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
109 if (assertion == null) {
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
110 throw new AuthenticationException("Response doesn't contain an assertion");
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
111 }
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
112 List<String> features = this.features.getFeatures(
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
113 this.assertion.getRoles());
3489
6f36f79676a7 Add debug log of a successfull authentification
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 3486
diff changeset
114 logger.debug("User " + this.username + " with features " + features +
6f36f79676a7 Add debug log of a successfull authentification
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 3486
diff changeset
115 " successfully authenticated.");
3504
1387cdeb8d93 Add account information to flys-client user classes
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 3489
diff changeset
116 return new User(this.username, this.password, assertion.getNameID(),
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
117 this.assertion.getRoles(), assertion, features);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
118 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
119 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
120 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:
http://dive4elements.wald.intevation.org