dive4elements/river: gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Authenticator.java annotate

annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Authenticator.java @ 8839:2c8259176c46

Add configurable time tolerance to SAML ticket validation. This allows e.g. to account for time skew between the ISP and the server this servlet is run on.

author	Tom Gottfried <tom@intevation.de>
date	Wed, 28 Jun 2017 20:09:53 +0200
parents	ea9eef426962
children	d6d5ca6d4af0 cfc0aab9947f

rev	line source
5861 172338b1407f GWT client: Added copyright header. Sascha L. Teichmann <teichmann@intevation.de> parents: 5838 diff changeset	1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde
172338b1407f GWT client: Added copyright header. Sascha L. Teichmann <teichmann@intevation.de> parents: 5838 diff changeset	2 * Software engineering by Intevation GmbH
172338b1407f GWT client: Added copyright header. Sascha L. Teichmann <teichmann@intevation.de> parents: 5838 diff changeset	3 *
5993 ea9eef426962 Removed trailing whitespace. Sascha L. Teichmann <teichmann@intevation.de> parents: 5943 diff changeset	4 * This file is Free Software under the GNU AGPL (>=v3)
5861 172338b1407f GWT client: Added copyright header. Sascha L. Teichmann <teichmann@intevation.de> parents: 5838 diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY! Check out the
5993 ea9eef426962 Removed trailing whitespace. Sascha L. Teichmann <teichmann@intevation.de> parents: 5943 diff changeset	6 * documentation coming with Dive4Elements River for details.
5861 172338b1407f GWT client: Added copyright header. Sascha L. Teichmann <teichmann@intevation.de> parents: 5838 diff changeset	7 */
172338b1407f GWT client: Added copyright header. Sascha L. Teichmann <teichmann@intevation.de> parents: 5838 diff changeset	8
5835 821a02bbfb4e Fixed internal java dependencies Sascha L. Teichmann <teichmann@intevation.de> parents: 5834 diff changeset	9 package org.dive4elements.river.client.server.auth.was;
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	10
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	11 import java.io.IOException;
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	12 import java.security.GeneralSecurityException;
5933 1b939742629e Pass LoginServlet's ServletContext to the Authenticators. Bernhard Herzog <bh@intevation.de> parents: 5861 diff changeset	13 import javax.servlet.ServletContext;
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	14
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	15 import org.apache.http.HttpEntity;
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	16 import org.apache.http.HttpResponse;
4488 5041105d2edd Check if response code from GGInA is 200 OK Björn Ricks <bjoern.ricks@intevation.de> parents: 3486 diff changeset	17 import org.apache.http.StatusLine;
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	18 import org.apache.http.client.HttpClient;
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	19 import org.apache.http.conn.scheme.Scheme;
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	20 import org.apache.http.conn.ssl.SSLSocketFactory;
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	21 import org.apache.http.impl.client.DefaultHttpClient;
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	22
5835 821a02bbfb4e Fixed internal java dependencies Sascha L. Teichmann <teichmann@intevation.de> parents: 5834 diff changeset	23 import org.dive4elements.river.client.server.GGInATrustStrategy;
821a02bbfb4e Fixed internal java dependencies Sascha L. Teichmann <teichmann@intevation.de> parents: 5834 diff changeset	24 import org.dive4elements.river.client.server.auth.Authentication;
821a02bbfb4e Fixed internal java dependencies Sascha L. Teichmann <teichmann@intevation.de> parents: 5834 diff changeset	25 import org.dive4elements.river.client.server.auth.AuthenticationException;
821a02bbfb4e Fixed internal java dependencies Sascha L. Teichmann <teichmann@intevation.de> parents: 5834 diff changeset	26 import org.dive4elements.river.client.server.features.Features;
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	27
3486 23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	28 public class Authenticator
5835 821a02bbfb4e Fixed internal java dependencies Sascha L. Teichmann <teichmann@intevation.de> parents: 5834 diff changeset	29 implements org.dive4elements.river.client.server.auth.Authenticator {
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	30
3485 71ba3cf3ec5e Refactor Authentication to allow to pass the Freatures to the user class Bjoern Ricks <bjoern.ricks@intevation.de> parents: 2956 diff changeset	31 @Override
3486 23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	32 public Authentication auth(
23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	33 String username,
23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	34 String password,
23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	35 String encoding,
5933 1b939742629e Pass LoginServlet's ServletContext to the Authenticators. Bernhard Herzog <bh@intevation.de> parents: 5861 diff changeset	36 Features features,
1b939742629e Pass LoginServlet's ServletContext to the Authenticators. Bernhard Herzog <bh@intevation.de> parents: 5861 diff changeset	37 ServletContext context
3486 23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	38 ) throws
23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	39 AuthenticationException,
23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	40 IOException
23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	41 {
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	42 try {
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	43 SSLSocketFactory sf = new SSLSocketFactory(
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	44 new GGInATrustStrategy());
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	45 Scheme https = new Scheme("https", 443, sf);
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	46 HttpClient httpclient = new DefaultHttpClient();
3486 23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	47 httpclient.getConnectionManager().getSchemeRegistry().register(
23095983c249 Implement Features handling for WAS authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: 3485 diff changeset	48 https);
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	49
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	50 Request httpget = new Request("https://geoportal.bafg.de/" +
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	51 "administration/WAS", username, password, encoding);
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	52 HttpResponse response = httpclient.execute(httpget);
4488 5041105d2edd Check if response code from GGInA is 200 OK Björn Ricks <bjoern.ricks@intevation.de> parents: 3486 diff changeset	53 StatusLine stline = response.getStatusLine();
5041105d2edd Check if response code from GGInA is 200 OK Björn Ricks <bjoern.ricks@intevation.de> parents: 3486 diff changeset	54 if (stline.getStatusCode() != 200) {
5041105d2edd Check if response code from GGInA is 200 OK Björn Ricks <bjoern.ricks@intevation.de> parents: 3486 diff changeset	55 throw new AuthenticationException("GGInA Server Error. " +
5041105d2edd Check if response code from GGInA is 200 OK Björn Ricks <bjoern.ricks@intevation.de> parents: 3486 diff changeset	56 "Statuscode: " + stline.getStatusCode() +
5041105d2edd Check if response code from GGInA is 200 OK Björn Ricks <bjoern.ricks@intevation.de> parents: 3486 diff changeset	57 ". Reason: " + stline.getReasonPhrase());
5041105d2edd Check if response code from GGInA is 200 OK Björn Ricks <bjoern.ricks@intevation.de> parents: 3486 diff changeset	58 }
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	59 HttpEntity entity = response.getEntity();
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	60 if (entity == null) {
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	61 //FIXME throw AuthenticationException
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	62 return null;
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	63 }
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	64 else {
5943 a96350a1c160 Pass trusted key filename to Response in WAS Authenticator. Bernhard Herzog <bh@intevation.de> parents: 5933 diff changeset	65 String trustedKey =
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator. Bernhard Herzog <bh@intevation.de> parents: 5933 diff changeset	66 (String)context.getInitParameter("saml-trusted-public-key");
8839 2c8259176c46 Add configurable time tolerance to SAML ticket validation. Tom Gottfried <tom@intevation.de> parents: 5993 diff changeset	67 String timeEpsilon = context.getInitParameter(
2c8259176c46 Add configurable time tolerance to SAML ticket validation. Tom Gottfried <tom@intevation.de> parents: 5993 diff changeset	68 "saml-time-tolerance");
5943 a96350a1c160 Pass trusted key filename to Response in WAS Authenticator. Bernhard Herzog <bh@intevation.de> parents: 5933 diff changeset	69 return new Response(entity, username, password, features,
8839 2c8259176c46 Add configurable time tolerance to SAML ticket validation. Tom Gottfried <tom@intevation.de> parents: 5993 diff changeset	70 context.getRealPath(trustedKey), timeEpsilon);
2956 d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	71 }
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	72 }
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	73 catch(GeneralSecurityException e) {
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	74 throw new AuthenticationException(e);
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	75 }
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	76 }
d7f76f197d89 Refactor GGInA authentication Bjoern Ricks <bjoern.ricks@intevation.de> parents: diff changeset	77 }

Mercurial > dive4elements > river

annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Authenticator.java @ 8839:2c8259176c46