annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 8203:238fc722f87a

sed 's/logger/log/g' src/**/*.java
author Sascha L. Teichmann <teichmann@intevation.de>
date Fri, 05 Sep 2014 13:19:22 +0200
parents 7bc35bbd8b27
children a3bc62722239
rev   line source
5861
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
2 * Software engineering by Intevation GmbH
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
3 *
5993
ea9eef426962 Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5948
diff changeset
4 * This file is Free Software under the GNU AGPL (>=v3)
5861
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the
5993
ea9eef426962 Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5948
diff changeset
6 * documentation coming with Dive4Elements River for details.
5861
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
7 */
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
8
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
9 package org.dive4elements.river.client.server.auth.was;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
10
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
11 import java.io.IOException;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
12 import java.io.InputStream;
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
13 import java.io.StringBufferInputStream;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
14 import java.util.List;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
15
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
16 import org.apache.commons.codec.binary.Base64InputStream;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
17
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
18 import org.apache.http.HttpEntity;
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
19 import org.apache.http.util.EntityUtils;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
20
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
21 import org.apache.log4j.Logger;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
22
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
23 import org.w3c.dom.Document;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
24 import org.w3c.dom.Element;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
25
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
26 import org.dive4elements.artifacts.httpclient.utils.XMLUtils;
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
27 import org.dive4elements.river.client.server.auth.Authentication;
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
28 import org.dive4elements.river.client.server.auth.AuthenticationException;
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
29 import org.dive4elements.river.client.server.auth.saml.Assertion;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
30 import org.dive4elements.river.client.server.auth.saml.XPathUtils;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
31 import org.dive4elements.river.client.server.auth.saml.TicketValidator;
5947
0b092a1d136b Move User class from was to saml sub-package.
Bernhard Herzog <bh@intevation.de>
parents: 5944
diff changeset
32 import org.dive4elements.river.client.server.auth.saml.User;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
33
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
34 import org.dive4elements.river.client.server.features.Features;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
35
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
36
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
37 public class Response implements Authentication {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
38
8203
238fc722f87a sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents: 6187
diff changeset
39 private static Logger log = Logger.getLogger(Response.class);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
40
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
41 private Element root;
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
42 private String samlTicketXML;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
43 private Assertion assertion;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
44 private String username;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
45 private String password;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
46 private Features features;
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
47 private String trustedKeyFile;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
48
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
49
5943
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents: 5936
diff changeset
50 public Response(HttpEntity entity, String username, String password,
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents: 5936
diff changeset
51 Features features, String trustedKeyFile)
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents: 5936
diff changeset
52 throws AuthenticationException, IOException {
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
53
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
54 if (entity == null) {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
55 throw new ServiceException("Invalid response");
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
56 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
57
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
58 String contenttype = entity.getContentType().getValue();
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
59 String samlTicketXML = EntityUtils.toString(entity);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
60
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
61 InputStream in = new StringBufferInputStream(samlTicketXML);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
62
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
63 if (!contenttype.equals("application/vnd.ogc.se_xml")) {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
64 // XXX: Assume base64 encoded content.
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
65 in = new Base64InputStream(in);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
66 }
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
67
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
68 Document doc = XMLUtils.readDocument(in);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
69 Element root = doc.getDocumentElement();
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
70 String rname = root.getTagName();
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
71
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
72 if (rname != null && rname.equals("ServiceExceptionReport")) {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
73 throw new ServiceException(XPathUtils.xpathString(root,
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
74 "ServiceException"));
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
75 }
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
76
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
77 this.samlTicketXML = samlTicketXML;
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
78 this.root = root;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
79 this.username = username;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
80 this.password = password;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
81 this.features = features;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
82 this.trustedKeyFile = trustedKeyFile;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
83 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
84
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
85 @Override
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
86 public boolean isSuccess() {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
87 String status = getStatus();
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
88 return status != null && status.equals("samlp:Success");
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
89 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
90
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
91 public String getStatus() {
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
92 return XPathUtils.xpathString(this.root,
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
93 "./samlp:Status/samlp:StatusCode/@Value");
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
94 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
95
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
96
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
97 public Assertion getAssertion() {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
98 if (this.assertion == null && this.root != null) {
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
99 try {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
100 TicketValidator validator =
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
101 new TicketValidator(this.trustedKeyFile);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
102 this.assertion = validator.checkTicket(this.root);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
103 }
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
104 catch (Exception e) {
8203
238fc722f87a sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents: 6187
diff changeset
105 log.error(e.getLocalizedMessage(), e);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
106 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
107 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
108 return this.assertion;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
109 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
110
2959
5ba0a6efdf3b Auth: added simple file based authentication.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 2956
diff changeset
111 @Override
2968
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
112 public User getUser() throws AuthenticationException {
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
113 Assertion assertion = this.getAssertion();
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
114 if (assertion == null) {
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
115 throw new AuthenticationException("Response doesn't contain an assertion");
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
116 }
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
117 List<String> features = this.features.getFeatures(
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
118 this.assertion.getRoles());
8203
238fc722f87a sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents: 6187
diff changeset
119 log.debug("User " + this.username + " with features " + features +
3489
6f36f79676a7 Add debug log of a successfull authentification
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 3486
diff changeset
120 " successfully authenticated.");
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
121 return new User(assertion, this.samlTicketXML, features, this.password);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
122 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
123 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
124 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:

http://dive4elements.wald.intevation.org