Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java @ 5950:38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
This is the main part of single-sign-on for flys from issue1265.
SamlServlet is an adapted copy of LoginServlet. The code shared by both
classes will be extracted into a base class later.
| author | Bernhard Herzog <bh@intevation.de> |
|---|---|
| date | Wed, 08 May 2013 17:56:14 +0200 |
| parents | |
| children | 24dc13ac8e6c |
| rev | line source |
|---|---|
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
3 * |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
7 */ |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
8 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
9 package org.dive4elements.river.client.server; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
10 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
11 import java.io.IOException; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
12 import java.io.InputStream; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
13 import java.io.StringBufferInputStream; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
14 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
15 import javax.servlet.ServletException; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
16 import javax.servlet.ServletContext; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
17 import javax.servlet.http.HttpServlet; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
18 import javax.servlet.http.HttpServletRequest; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
19 import javax.servlet.http.HttpServletResponse; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
20 import javax.servlet.http.HttpSession; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
21 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
22 import org.apache.commons.codec.binary.Base64InputStream; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
23 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
24 import org.apache.log4j.Logger; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
25 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
26 import org.dive4elements.river.client.server.auth.AuthenticationException; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
27 import org.dive4elements.river.client.server.auth.User; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
28 import org.dive4elements.river.client.server.auth.UserClient; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
29 import org.dive4elements.river.client.server.auth.saml.TicketValidator; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
30 import org.dive4elements.river.client.server.auth.saml.Assertion; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
31 import org.dive4elements.river.client.server.features.Features; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
32 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
33 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
34 public class SamlServlet extends HttpServlet { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
35 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
36 private static Logger logger = Logger.getLogger(SamlServlet.class); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
37 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
38 private static final String FLYS_PAGE = "FLYS.html"; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
39 private static final String LOGIN_PAGE = "login.jsp"; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
40 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
41 private void redirectFailure(HttpServletResponse resp, String path) |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
42 throws IOException { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
43 resp.sendRedirect(path + "/" + LOGIN_PAGE); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
44 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
45 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
46 private void redirectFailure(HttpServletResponse resp, String path, |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
47 Exception e) throws IOException { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
48 this.redirectFailure(resp, path, e.getMessage()); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
49 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
50 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
51 private void redirectFailure(HttpServletResponse resp, String path, |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
52 String message) throws IOException { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
53 resp.sendRedirect(path + "/" + LOGIN_PAGE + "?error=" + message); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
54 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
55 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
56 private void redirectSuccess(HttpServletResponse resp, String path, |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
57 String uri) throws IOException { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
58 if (uri == null) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
59 String redirecturl = getServletContext().getInitParameter("redirect-url"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
60 if (redirecturl == null) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
61 redirecturl = FLYS_PAGE; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
62 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
63 uri = "/" + redirecturl; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
64 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
65 resp.sendRedirect(uri); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
66 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
67 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
68 @Override |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
69 protected void doGet(HttpServletRequest req, HttpServletResponse resp) |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
70 throws ServletException, IOException { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
71 logger.debug("Processing get request"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
72 this.redirectFailure(resp, req.getContextPath()); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
73 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
74 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
75 @Override |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
76 protected void doPost(HttpServletRequest req, HttpServletResponse resp) |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
77 throws ServletException, IOException |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
78 { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
79 String encoding = req.getCharacterEncoding(); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
80 String samlTicketXML = req.getParameter("samlTicket"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
81 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
82 logger.debug("Processing post request"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
83 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
84 if (samlTicketXML == null) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
85 logger.debug("No saml ticket provided"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
86 this.redirectFailure(resp, req.getContextPath()); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
87 return; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
88 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
89 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
90 try { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
91 User user = this.auth(samlTicketXML); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
92 if (user == null) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
93 logger.debug("Authentication not successful"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
94 this.redirectFailure(resp, req.getContextPath()); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
95 return; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
96 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
97 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
98 String url = getServletContext().getInitParameter("server-url"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
99 UserClient client = new UserClient(url); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
100 if (!client.userExists(user)) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
101 logger.debug("Creating db user"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
102 if (!client.createUser(user)) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
103 this.redirectFailure(resp, req.getContextPath(), |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
104 "Could not create new user"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
105 return; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
106 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
107 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
108 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
109 HttpSession session = req.getSession(); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
110 session.setAttribute("user", user); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
111 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
112 String uri = (String)session.getAttribute("requesturi"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
113 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
114 this.redirectSuccess(resp, req.getContextPath(), uri); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
115 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
116 catch(AuthenticationException e) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
117 logger.error(e, e); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
118 this.redirectFailure(resp, req.getContextPath(), e); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
119 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
120 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
121 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
122 private User auth(String samlTicketXML) |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
123 throws AuthenticationException, IOException |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
124 { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
125 ServletContext sc = this.getServletContext(); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
126 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
127 Assertion assertion = null; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
128 try { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
129 String keyfile = |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
130 (String)sc.getInitParameter("saml-trusted-public-key"); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
131 TicketValidator validator = |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
132 new TicketValidator(sc.getRealPath(keyfile)); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
133 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
134 InputStream in = new StringBufferInputStream(samlTicketXML); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
135 assertion = validator.checkTicket(new Base64InputStream(in)); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
136 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
137 catch (Exception e) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
138 logger.error(e.getLocalizedMessage(), e); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
139 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
140 if (assertion == null) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
141 throw new AuthenticationException("Login failed."); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
142 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
143 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
144 Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
145 return new org.dive4elements.river.client.server.auth.saml.User( |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
146 assertion, features.getFeatures(assertion.getRoles()), null); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
147 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
148 } |