Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java @ 8870:c26fb37899ca
Introduced groups for modules. Modules marked with the same group-id, will be put together in the ui.
Also using now the localization info from the server instead of localizing the modules again on the client side.
| author | gernotbelger |
|---|---|
| date | Wed, 07 Feb 2018 11:59:13 +0100 |
| parents | 5e38e2924c07 |
| children | d6d5ca6d4af0 0a5239a1e46e |
| rev | line source |
|---|---|
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
3 * |
|
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5953
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
|
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5953
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
7 */ |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
8 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
9 package org.dive4elements.river.client.server; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
10 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
11 import java.io.IOException; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
12 import java.io.InputStream; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
13 import java.io.StringBufferInputStream; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
14 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
15 import javax.servlet.ServletException; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
16 import javax.servlet.ServletContext; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
17 import javax.servlet.http.HttpServletRequest; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
18 import javax.servlet.http.HttpServletResponse; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
19 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
20 import org.apache.commons.codec.binary.Base64InputStream; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
21 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
22 import org.apache.log4j.Logger; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
23 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
24 import org.dive4elements.river.client.server.auth.AuthenticationException; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
25 import org.dive4elements.river.client.server.auth.User; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
26 import org.dive4elements.river.client.server.auth.saml.TicketValidator; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
27 import org.dive4elements.river.client.server.auth.saml.Assertion; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
28 import org.dive4elements.river.client.server.features.Features; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
29 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
30 |
|
5953
24dc13ac8e6c
Add AuthenticationServlet, a common base class for the login servlets
Bernhard Herzog <bh@intevation.de>
parents:
5950
diff
changeset
|
31 public class SamlServlet extends AuthenticationServlet { |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
32 |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
6187
diff
changeset
|
33 private static Logger log = Logger.getLogger(SamlServlet.class); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
34 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
35 @Override |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
36 protected void doPost(HttpServletRequest req, HttpServletResponse resp) |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
37 throws ServletException, IOException |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
38 { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
39 String encoding = req.getCharacterEncoding(); |
|
6120
b689d2b9d167
Fix saml parameter name to fix SSO
Andre Heinecke <aheinecke@intevation.de>
parents:
5993
diff
changeset
|
40 String samlTicketXML = req.getParameter("saml"); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
41 |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
6187
diff
changeset
|
42 log.debug("Processing post request"); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
43 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
44 if (samlTicketXML == null) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
6187
diff
changeset
|
45 log.debug("No saml ticket provided"); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
46 this.redirectFailure(resp, req.getContextPath()); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
47 return; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
48 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
49 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
50 try { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
51 User user = this.auth(samlTicketXML); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
52 if (user == null) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
6187
diff
changeset
|
53 log.debug("Authentication not successful"); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
54 this.redirectFailure(resp, req.getContextPath()); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
55 return; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
56 } |
|
5953
24dc13ac8e6c
Add AuthenticationServlet, a common base class for the login servlets
Bernhard Herzog <bh@intevation.de>
parents:
5950
diff
changeset
|
57 this.performLogin(req, resp, user); |
|
8525
5aff82e77ec3
(issue1777) Move logging code for existing tickets to the correct location
Andre Heinecke <andre.heinecke@intevation.de>
parents:
8203
diff
changeset
|
58 log.info("Authentication with existing SAML ticket."); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
59 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
60 catch(AuthenticationException e) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
6187
diff
changeset
|
61 log.error(e, e); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
62 this.redirectFailure(resp, req.getContextPath(), e); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
63 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
64 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
65 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
66 private User auth(String samlTicketXML) |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
67 throws AuthenticationException, IOException |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
68 { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
69 ServletContext sc = this.getServletContext(); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
70 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
71 Assertion assertion = null; |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
72 try { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
73 String keyfile = |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
74 (String)sc.getInitParameter("saml-trusted-public-key"); |
| 8840 | 75 int timeEps = Integer.parseInt( |
| 76 sc.getInitParameter("saml-time-tolerance")); | |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
77 TicketValidator validator = |
| 8840 | 78 new TicketValidator(sc.getRealPath(keyfile), timeEps); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
79 |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
80 InputStream in = new StringBufferInputStream(samlTicketXML); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
81 assertion = validator.checkTicket(new Base64InputStream(in)); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
82 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
83 catch (Exception e) { |
|
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
6187
diff
changeset
|
84 log.error(e.getLocalizedMessage(), e); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
85 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
86 if (assertion == null) { |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
87 throw new AuthenticationException("Login failed."); |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
88 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
89 |
| 8856 | 90 Features features = (Features)sc.getAttribute( |
| 91 Features.CONTEXT_ATTRIBUTE); | |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
92 return new org.dive4elements.river.client.server.auth.saml.User( |
|
6187
7bc35bbd8b27
Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents:
6120
diff
changeset
|
93 assertion, samlTicketXML, |
|
7bc35bbd8b27
Store the SAML ticket in the user object after authentication.
Bernhard Herzog <bh@intevation.de>
parents:
6120
diff
changeset
|
94 features.getFeatures(assertion.getRoles()), null); |
|
5950
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
95 } |
|
38d161edba77
Add SamlServlet to implement actual login via SAML Ticket.
Bernhard Herzog <bh@intevation.de>
parents:
diff
changeset
|
96 } |