Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 5947:0b092a1d136b
Move User class from was to saml sub-package.
author | Bernhard Herzog <bh@intevation.de> |
---|---|
date | Wed, 08 May 2013 17:56:14 +0200 |
parents | d6f13dba21fe |
children | d7b9b3e3c61a |
rev | line source |
---|---|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
2 * Software engineering by Intevation GmbH |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
3 * |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
7 */ |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
8 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
9 package org.dive4elements.river.client.server.auth.was; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
10 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
11 import java.io.IOException; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
12 import java.io.InputStream; |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
13 import java.util.List; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
14 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
15 import org.apache.commons.codec.binary.Base64InputStream; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
16 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
17 import org.apache.http.HttpEntity; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
18 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
19 import org.apache.log4j.Logger; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
20 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
21 import org.w3c.dom.Document; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
22 import org.w3c.dom.Element; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
23 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
24 import org.dive4elements.artifacts.httpclient.utils.XMLUtils; |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
25 import org.dive4elements.river.client.server.auth.Authentication; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
26 import org.dive4elements.river.client.server.auth.AuthenticationException; |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
27 import org.dive4elements.river.client.server.auth.saml.Assertion; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
28 import org.dive4elements.river.client.server.auth.saml.XPathUtils; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
29 import org.dive4elements.river.client.server.auth.saml.TicketValidator; |
5947
0b092a1d136b
Move User class from was to saml sub-package.
Bernhard Herzog <bh@intevation.de>
parents:
5944
diff
changeset
|
30 import org.dive4elements.river.client.server.auth.saml.User; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
31 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
32 import org.dive4elements.river.client.server.features.Features; |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
33 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
34 |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
35 public class Response implements Authentication { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
36 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
37 private static Logger logger = Logger.getLogger(Response.class); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
38 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
39 private Element root; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
40 private Assertion assertion; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
41 private String username; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
42 private String password; |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
43 private Features features; |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
44 private String trustedKeyFile; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
45 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
46 |
5943
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5936
diff
changeset
|
47 public Response(HttpEntity entity, String username, String password, |
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5936
diff
changeset
|
48 Features features, String trustedKeyFile) |
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5936
diff
changeset
|
49 throws AuthenticationException, IOException { |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
50 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
51 if (entity == null) { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
52 throw new ServiceException("Invalid response"); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
53 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
54 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
55 String contenttype = entity.getContentType().getValue(); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
56 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
57 InputStream in = entity.getContent(); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
58 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
59 if (!contenttype.equals("application/vnd.ogc.se_xml")) { |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
60 // XXX: Assume base64 encoded content. |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
61 in = new Base64InputStream(in); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
62 } |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
63 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
64 Document doc = XMLUtils.readDocument(in); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
65 Element root = doc.getDocumentElement(); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
66 String rname = root.getTagName(); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
67 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
68 if (rname != null && rname.equals("ServiceExceptionReport")) { |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
69 throw new ServiceException(XPathUtils.xpathString(root, |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
70 "ServiceException")); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
71 } |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
72 |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
73 this.root = root; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
74 this.username = username; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
75 this.password = password; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
76 this.features = features; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
77 this.trustedKeyFile = trustedKeyFile; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
78 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
79 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
80 @Override |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
81 public boolean isSuccess() { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
82 String status = getStatus(); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
83 return status != null && status.equals("samlp:Success"); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
84 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
85 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
86 public String getStatus() { |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
87 return XPathUtils.xpathString(this.root, |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
88 "./samlp:Status/samlp:StatusCode/@Value"); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
89 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
90 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
91 |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
92 public Assertion getAssertion() { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
93 if (this.assertion == null && this.root != null) { |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
94 try { |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
95 TicketValidator validator = |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
96 new TicketValidator(this.trustedKeyFile); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
97 this.assertion = validator.checkTicket(this.root); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
98 } |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
99 catch (Exception e) { |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
100 logger.error(e.getLocalizedMessage(), e); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
101 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
102 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
103 return this.assertion; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
104 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
105 |
2959
5ba0a6efdf3b
Auth: added simple file based authentication.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
2956
diff
changeset
|
106 @Override |
2968
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
107 public User getUser() throws AuthenticationException { |
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
108 Assertion assertion = this.getAssertion(); |
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
109 if (assertion == null) { |
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
110 throw new AuthenticationException("Response doesn't contain an assertion"); |
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
111 } |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
112 List<String> features = this.features.getFeatures( |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
113 this.assertion.getRoles()); |
3489
6f36f79676a7
Add debug log of a successfull authentification
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
114 logger.debug("User " + this.username + " with features " + features + |
6f36f79676a7
Add debug log of a successfull authentification
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
115 " successfully authenticated."); |
3504
1387cdeb8d93
Add account information to flys-client user classes
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3489
diff
changeset
|
116 return new User(this.username, this.password, assertion.getNameID(), |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
117 this.assertion.getRoles(), assertion, features); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
118 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
119 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
120 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: |