Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/Assertion.java @ 8839:2c8259176c46
Add configurable time tolerance to SAML ticket validation.
This allows e.g. to account for time skew between the ISP and
the server this servlet is run on.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Wed, 28 Jun 2017 20:09:53 +0200 |
| parents | 238fc722f87a |
| children | 0a5239a1e46e |
| rev | line source |
|---|---|
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
3 * |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
7 */ |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
8 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
9 package org.dive4elements.river.client.server.auth.saml; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
10 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
11 import java.text.ParseException; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
12 import java.text.SimpleDateFormat; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
13 import java.util.Calendar; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
14 import java.util.Date; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
15 import java.util.List; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
16 import java.util.LinkedList; |
|
5958
a51adfc957bf
Removed obsolete imports.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5940
diff
changeset
|
17 |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
18 import javax.xml.namespace.QName; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
19 import javax.xml.xpath.XPathConstants; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
20 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
21 import org.apache.log4j.Logger; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
22 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
23 import org.w3c.dom.Element; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
24 import org.w3c.dom.NodeList; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
25 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
26 /** |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
27 * Represents a SAML assertion about a user. |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
28 */ |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
29 public class Assertion { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
30 |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5958
diff
changeset
|
31 private static Logger log = Logger.getLogger(Assertion.class); |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
32 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
33 private Element assertion; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
34 private LinkedList<String> roles; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
35 private String user_id; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
36 private String name_id; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
37 private String group_id; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
38 private String group_name; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
39 private Date notbefore; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
40 private Date notonorafter; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
41 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
42 private static final String ATTR_CONT_USER_ID = |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
43 "urn:conterra:names:sdi-suite:policy:attribute:user-id"; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
44 private static final String ATTR_CONT_GROUP_ID = |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
45 "urn:conterra:names:sdi-suite:policy:attribute:group-id"; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
46 private static final String ATTR_CONT_GROUP_NAME = |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
47 "urn:conterra:names:sdi-suite:policy:attribute:group-name"; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
48 private static final String ATTR_CONT_ROLE = |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
49 "urn:conterra:names:sdi-suite:policy:attribute:role"; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
50 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
51 public Assertion(Element assertion) { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
52 this.assertion = assertion; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
53 this.roles = new LinkedList<String>(); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
54 this.parseCondition(); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
55 this.parseAttributeStatement(); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
56 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
57 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
58 private void parseCondition() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
59 Element conditions = (Element)XPathUtils.xpathNode(this.assertion, |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
60 "saml:Conditions"); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
61 if (conditions == null) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5958
diff
changeset
|
62 log.error("Cannot find Assertion conditions element"); |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
63 return; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
64 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
65 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
66 this.notbefore = parseDateAttribute(conditions, "NotBefore"); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
67 if (this.notbefore == null) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5958
diff
changeset
|
68 log.warn("Could not extract NotBefore date."); |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
69 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
70 this.notonorafter = parseDateAttribute(conditions, "NotOnOrAfter"); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
71 if (this.notonorafter == null) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5958
diff
changeset
|
72 log.warn("Could not extract NotOnOrAfter date."); |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
73 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
74 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
75 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
76 private Date parseDateAttribute(Element element, String name) { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
77 SimpleDateFormat dateformat = new SimpleDateFormat(); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
78 // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
79 // only available in java 7+. However, parsing without the |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
80 // time-zone yields Date values in the local time-zone, |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
81 // therefore we need to convert to GMT ourselves. |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
82 dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
83 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
84 String value = element.getAttribute(name); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
85 try { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
86 return toGMT(dateformat.parse(value)); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
87 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
88 catch(ParseException e) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5958
diff
changeset
|
89 log.error("Cannot parse Condition attribute " |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
90 + name + " with value " + value |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
91 + " (" + e.getLocalizedMessage() + ")"); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
92 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
93 return null; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
94 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
95 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
96 private Date toGMT(Date date) { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
97 Calendar cal = Calendar.getInstance(); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
98 cal.setTime(date); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
99 cal.set(Calendar.ZONE_OFFSET, 0); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
100 cal.set(Calendar.DST_OFFSET, 0); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
101 return cal.getTime(); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
102 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
103 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
104 private void parseAttributeStatement() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
105 Element attrstatement = (Element)XPathUtils.xpathNode(this.assertion, |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
106 "saml:AttributeStatement"); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
107 if (attrstatement == null) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5958
diff
changeset
|
108 log.error("Cannot find Assertion AttributeStatement element"); |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
109 return; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
110 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
111 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
112 this.name_id = XPathUtils.xpathString(attrstatement, |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
113 "saml:Subject" |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
114 + "/saml:NameIdentifier"); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
115 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
116 this.user_id = getAttrValue(attrstatement, ATTR_CONT_USER_ID); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
117 this.group_id = getAttrValue(attrstatement, ATTR_CONT_GROUP_ID); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
118 this.group_name = getAttrValue(attrstatement, ATTR_CONT_GROUP_NAME); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
119 this.roles = getAttrValues(attrstatement, ATTR_CONT_ROLE); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
120 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
121 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
122 static Object getAttrObject(Element attrs, String name, QName returnType) { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
123 return XPathUtils.xpath(attrs, |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
124 "saml:Attribute[@AttributeName='" + name + "']" |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
125 + "/saml:AttributeValue", |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
126 returnType); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
127 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
128 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
129 static String getAttrValue(Element attrs, String name) { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
130 return (String)getAttrObject(attrs, name, XPathConstants.STRING); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
131 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
132 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
133 static LinkedList<String> getAttrValues(Element attrs, String name) { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
134 LinkedList<String> strings = new LinkedList<String>(); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
135 NodeList nodes = (NodeList)getAttrObject(attrs, name, |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
136 XPathConstants.NODESET); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
137 for (int i = 0; i < nodes.getLength(); i++) { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
138 strings.add(nodes.item(i).getTextContent()); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
139 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
140 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
141 return strings; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
142 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
143 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
144 public List<String> getRoles() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
145 return this.roles; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
146 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
147 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
148 public String getUserID() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
149 return this.user_id; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
150 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
151 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
152 public String getNameID() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
153 return this.name_id; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
154 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
155 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
156 public String getGroupID() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
157 return this.group_id; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
158 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
159 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
160 public String getGroupName() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
161 return this.group_name; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
162 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
163 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
164 public Date getFrom() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
165 return this.notbefore; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
166 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
167 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
168 public Date getUntil() { |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
169 return this.notonorafter; |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
170 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
171 |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
172 /** |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
173 * Returns whether the ticket to which the assertion belongs is |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
174 * valid at the time the method is called. The method returns true, |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
175 * if both dates (notbefore and notonorafter) have been determined |
|
8839
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
8203
diff
changeset
|
176 * successfully and the current date/time is between both (with given |
|
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
8203
diff
changeset
|
177 * tolerance). |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
178 * @return Whether the ticket is valid now. |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
179 */ |
|
8839
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
8203
diff
changeset
|
180 public boolean isValidNow(int timeEps) { |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
181 Date now = new Date(); |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
182 return (this.notbefore != null && this.notonorafter != null |
|
8839
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
8203
diff
changeset
|
183 && now.after(new Date(this.notbefore.getTime() - timeEps)) |
|
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
8203
diff
changeset
|
184 && now.before(new Date(this.notonorafter.getTime() + timeEps))); |
|
5940
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
185 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
186 } |
|
05da3cfa4054
Add new SAML Assertion class based on WAS Assertion.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
187 // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: |