Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java @ 8839:2c8259176c46
Add configurable time tolerance to SAML ticket validation.
This allows e.g. to account for time skew between the ISP and
the server this servlet is run on.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Wed, 28 Jun 2017 20:09:53 +0200 |
| parents | 7bc35bbd8b27 |
| children |
| rev | line source |
|---|---|
|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
|
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
3 * |
|
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5983
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
|
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5983
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
7 */ |
|
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
8 |
|
5947
0b092a1d136b
Move User class from was to saml sub-package.
Bernhard Herzog <bh@intevation.de>
parents:
5944
diff
changeset
|
9 package org.dive4elements.river.client.server.auth.saml; |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
10 |
|
2978
98514ab2c9ba
Implement getting a list of roles from a logged in user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2966
diff
changeset
|
11 import java.util.List; |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
12 |
|
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
13 import org.dive4elements.river.client.server.auth.DefaultUser; |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
14 |
|
2966
d115f719f0c0
Derive was User class from new DefaultUser class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
15 public class User |
|
d115f719f0c0
Derive was User class from new DefaultUser class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
16 extends DefaultUser |
|
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
17 implements org.dive4elements.river.client.server.auth.User { |
|
2966
d115f719f0c0
Derive was User class from new DefaultUser class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
18 |
|
d115f719f0c0
Derive was User class from new DefaultUser class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
19 private Assertion assertion; |
|
d115f719f0c0
Derive was User class from new DefaultUser class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
20 |
|
6187
7bc35bbd8b27
Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents:
5993
diff
changeset
|
21 public User(Assertion assertion, String samlXML, List<String> features, |
|
7bc35bbd8b27
Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents:
5993
diff
changeset
|
22 String password) { |
|
5983
0c63ce5a7e74
Use name id as username in saml.User.
Bernhard Herzog <bh@intevation.de>
parents:
5958
diff
changeset
|
23 this.setName(assertion.getNameID()); |
|
5948
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
24 this.setAccount(assertion.getNameID()); |
|
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
25 this.setRoles(assertion.getRoles()); |
|
2966
d115f719f0c0
Derive was User class from new DefaultUser class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
26 this.assertion = assertion; |
|
6187
7bc35bbd8b27
Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents:
5993
diff
changeset
|
27 this.setSamlXMLBase64(samlXML); |
|
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2978
diff
changeset
|
28 this.setAllowedFeatures(features); |
|
5948
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
29 this.setPassword(password); |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
30 } |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
31 |
|
2966
d115f719f0c0
Derive was User class from new DefaultUser class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
32 @Override |
|
2959
5ba0a6efdf3b
Auth: added simple file based authentication.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
2956
diff
changeset
|
33 public boolean hasExpired() { |
|
5948
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
34 // We could check the validity dates of the assertion here, but |
|
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
35 // when using this for Single-Sign-On this would lead to the |
|
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
36 // code in GGInAFilter to re-authenticate with the password |
|
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
37 // stored in the User object, which isn't known in the case of |
|
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
38 // Single-Sign-On. |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
39 return false; |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
40 } |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
41 } |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
42 |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
43 // vim:set ts=4 sw=4 si et fenc=utf8 tw=80: |