Mercurial > dive4elements > river

annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 8856:5e38e2924c07 3.2.x

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix code style.
author Tom Gottfried <tom@intevation.de>
date Thu, 18 Jan 2018 20:12:01 +0100
parents 2c8259176c46
children d6d5ca6d4af0 0a5239a1e46e
rev   line source
5861
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
2 * Software engineering by Intevation GmbH
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
3 *
5993
ea9eef426962 Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5948
diff changeset
4 * This file is Free Software under the GNU AGPL (>=v3)
5861
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the
5993
ea9eef426962 Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5948
diff changeset
6 * documentation coming with Dive4Elements River for details.
5861
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
7 */
172338b1407f GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5838
diff changeset
8
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
9 package org.dive4elements.river.client.server.auth.was;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
10
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
11 import java.io.IOException;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
12 import java.io.InputStream;
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
13 import java.io.StringBufferInputStream;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
14 import java.util.List;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
15
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
16 import org.apache.commons.codec.binary.Base64InputStream;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
17
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
18 import org.apache.http.HttpEntity;
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
19 import org.apache.http.util.EntityUtils;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
20
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
21 import org.apache.log4j.Logger;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
22
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
23 import org.w3c.dom.Document;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
24 import org.w3c.dom.Element;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
25
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
26 import org.dive4elements.artifacts.httpclient.utils.XMLUtils;
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
27 import org.dive4elements.river.client.server.auth.Authentication;
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
28 import org.dive4elements.river.client.server.auth.AuthenticationException;
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
29 import org.dive4elements.river.client.server.auth.saml.Assertion;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
30 import org.dive4elements.river.client.server.auth.saml.XPathUtils;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
31 import org.dive4elements.river.client.server.auth.saml.TicketValidator;
5947
0b092a1d136b Move User class from was to saml sub-package.
Bernhard Herzog <bh@intevation.de>
parents: 5944
diff changeset
32 import org.dive4elements.river.client.server.auth.saml.User;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
33
5835
821a02bbfb4e Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents: 5834
diff changeset
34 import org.dive4elements.river.client.server.features.Features;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
35
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
36
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
37 public class Response implements Authentication {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
38
8203
238fc722f87a sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents: 6187
diff changeset
39 private static Logger log = Logger.getLogger(Response.class);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
40
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
41 private Element root;
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
42 private String samlTicketXML;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
43 private Assertion assertion;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
44 private String username;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
45 private String password;
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
46 private Features features;
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
47 private String trustedKeyFile;
8839
2c8259176c46 Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents: 8525
diff changeset
48 private String timeEpsilon;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
49
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
50
5943
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents: 5936
diff changeset
51 public Response(HttpEntity entity, String username, String password,
8839
2c8259176c46 Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents: 8525
diff changeset
52 Features features, String trustedKeyFile, String timeEpsilon)
5943
a96350a1c160 Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents: 5936
diff changeset
53 throws AuthenticationException, IOException {
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
54
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
55 if (entity == null) {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
56 throw new ServiceException("Invalid response");
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
57 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
58
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
59 String contenttype = entity.getContentType().getValue();
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
60 String samlTicketXML = EntityUtils.toString(entity);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
61
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
62 InputStream in = new StringBufferInputStream(samlTicketXML);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
63
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
64 if (!contenttype.equals("application/vnd.ogc.se_xml")) {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
65 // XXX: Assume base64 encoded content.
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
66 in = new Base64InputStream(in);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
67 }
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
68
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
69 Document doc = XMLUtils.readDocument(in);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
70 Element root = doc.getDocumentElement();
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
71 String rname = root.getTagName();
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
72
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
73 if (rname != null && rname.equals("ServiceExceptionReport")) {
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
74 throw new ServiceException(XPathUtils.xpathString(root,
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
75 "ServiceException"));
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
76 }
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
77
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
78 this.samlTicketXML = samlTicketXML;
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
79 this.root = root;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
80 this.username = username;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
81 this.password = password;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
82 this.features = features;
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
83 this.trustedKeyFile = trustedKeyFile;
8839
2c8259176c46 Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents: 8525
diff changeset
84 this.timeEpsilon = timeEpsilon;
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
85 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
86
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
87 @Override
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
88 public boolean isSuccess() {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
89 String status = getStatus();
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
90 return status != null && status.equals("samlp:Success");
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
91 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
92
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
93 public String getStatus() {
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
94 return XPathUtils.xpathString(this.root,
8856
5e38e2924c07 Fix code style.
Tom Gottfried <tom@intevation.de>
parents: 8839
diff changeset
95 "./samlp:Status/samlp:StatusCode/@Value");
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
96 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
97
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
98
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
99 public Assertion getAssertion() {
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
100 if (this.assertion == null && this.root != null) {
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
101 try {
8839
2c8259176c46 Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents: 8525
diff changeset
102 int timeEps = Integer.parseInt(this.timeEpsilon);
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
103 TicketValidator validator =
8839
2c8259176c46 Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents: 8525
diff changeset
104 new TicketValidator(this.trustedKeyFile, timeEps);
5944
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
105 this.assertion = validator.checkTicket(this.root);
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
106 }
d6f13dba21fe Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents: 5943
diff changeset
107 catch (Exception e) {
8203
238fc722f87a sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents: 6187
diff changeset
108 log.error(e.getLocalizedMessage(), e);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
109 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
110 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
111 return this.assertion;
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
112 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
113
2959
5ba0a6efdf3b Auth: added simple file based authentication.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 2956
diff changeset
114 @Override
2968
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
115 public User getUser() throws AuthenticationException {
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
116 Assertion assertion = this.getAssertion();
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
117 if (assertion == null) {
8856
5e38e2924c07 Fix code style.
Tom Gottfried <tom@intevation.de>
parents: 8839
diff changeset
118 throw new AuthenticationException(
5e38e2924c07 Fix code style.
Tom Gottfried <tom@intevation.de>
parents: 8839
diff changeset
119 "Response doesn't contain an assertion");
2968
3e0567e02577 Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2959
diff changeset
120 }
3486
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
121 List<String> features = this.features.getFeatures(
23095983c249 Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 2981
diff changeset
122 this.assertion.getRoles());
8203
238fc722f87a sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents: 6187
diff changeset
123 log.debug("User " + this.username + " with features " + features +
3489
6f36f79676a7 Add debug log of a successfull authentification
Bjoern Ricks <bjoern.ricks@intevation.de>
parents: 3486
diff changeset
124 " successfully authenticated.");
6187
7bc35bbd8b27 Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents: 5993
diff changeset
125 return new User(assertion, this.samlTicketXML, features, this.password);
2956
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
126 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
127 }
d7f76f197d89 Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff changeset
128 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:
http://dive4elements.wald.intevation.org