Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Authenticator.java @ 9648:c5a496bf1b0b
Fixed: Duplizieren einer Fixierungsanalyse schlägt fehl.
author | Gernot Belger <g.belger@bjoernsen.de> |
---|---|
date | Wed, 04 Dec 2019 16:10:28 +0100 |
parents | bc50ecfc58c5 |
children | 295b3cb5ebc8 |
rev | line source |
---|---|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
2 * Software engineering by Intevation GmbH |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
3 * |
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5943
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5943
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
7 */ |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
8 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
9 package org.dive4elements.river.client.server.auth.was; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
10 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
11 import java.io.IOException; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
12 import java.security.GeneralSecurityException; |
5933
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
13 import javax.servlet.ServletContext; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
14 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
15 import org.apache.http.HttpEntity; |
9648
c5a496bf1b0b
Fixed: Duplizieren einer Fixierungsanalyse schlägt fehl.
Gernot Belger <g.belger@bjoernsen.de>
parents:
9628
diff
changeset
|
16 import org.apache.http.HttpHost; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
17 import org.apache.http.HttpResponse; |
4488
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
18 import org.apache.http.StatusLine; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
19 import org.apache.http.client.HttpClient; |
9648
c5a496bf1b0b
Fixed: Duplizieren einer Fixierungsanalyse schlägt fehl.
Gernot Belger <g.belger@bjoernsen.de>
parents:
9628
diff
changeset
|
20 import org.apache.http.conn.params.ConnRoutePNames; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
21 import org.apache.http.conn.scheme.Scheme; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
22 import org.apache.http.conn.ssl.SSLSocketFactory; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
23 import org.apache.http.impl.client.DefaultHttpClient; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
24 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
25 import org.dive4elements.river.client.server.GGInATrustStrategy; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
26 import org.dive4elements.river.client.server.auth.Authentication; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
27 import org.dive4elements.river.client.server.auth.AuthenticationException; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
28 import org.dive4elements.river.client.server.features.Features; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
29 |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
30 public class Authenticator |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
31 implements org.dive4elements.river.client.server.auth.Authenticator { |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
32 |
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2956
diff
changeset
|
33 @Override |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
34 public Authentication auth( |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
35 String username, |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
36 String password, |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
37 String encoding, |
5933
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
38 Features features, |
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
39 ServletContext context |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
40 ) throws |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
41 AuthenticationException, |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
42 IOException |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
43 { |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
44 try { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
45 SSLSocketFactory sf = new SSLSocketFactory( |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
46 new GGInATrustStrategy()); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
47 Scheme https = new Scheme("https", 443, sf); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
48 HttpClient httpclient = new DefaultHttpClient(); |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
49 httpclient.getConnectionManager().getSchemeRegistry().register( |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
50 https); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
51 |
9648
c5a496bf1b0b
Fixed: Duplizieren einer Fixierungsanalyse schlägt fehl.
Gernot Belger <g.belger@bjoernsen.de>
parents:
9628
diff
changeset
|
52 HttpHost proxy = new HttpHost("proxy.bce01.de",8080); |
c5a496bf1b0b
Fixed: Duplizieren einer Fixierungsanalyse schlägt fehl.
Gernot Belger <g.belger@bjoernsen.de>
parents:
9628
diff
changeset
|
53 httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY,proxy); |
c5a496bf1b0b
Fixed: Duplizieren einer Fixierungsanalyse schlägt fehl.
Gernot Belger <g.belger@bjoernsen.de>
parents:
9628
diff
changeset
|
54 |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
55 Request httpget = new Request("https://geoportal.bafg.de/" + |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
56 "administration/WAS", username, password, encoding); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
57 HttpResponse response = httpclient.execute(httpget); |
4488
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
58 StatusLine stline = response.getStatusLine(); |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
59 if (stline.getStatusCode() != 200) { |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
60 throw new AuthenticationException("GGInA Server Error. " + |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
61 "Statuscode: " + stline.getStatusCode() + |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
62 ". Reason: " + stline.getReasonPhrase()); |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
63 } |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
64 HttpEntity entity = response.getEntity(); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
65 if (entity == null) { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
66 //FIXME throw AuthenticationException |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
67 return null; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
68 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
69 else { |
5943
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5933
diff
changeset
|
70 String trustedKey = |
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5933
diff
changeset
|
71 (String)context.getInitParameter("saml-trusted-public-key"); |
8839
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
5993
diff
changeset
|
72 String timeEpsilon = context.getInitParameter( |
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
5993
diff
changeset
|
73 "saml-time-tolerance"); |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8839
diff
changeset
|
74 return new Response(entity, password, features, |
8839
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
5993
diff
changeset
|
75 context.getRealPath(trustedKey), timeEpsilon); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
76 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
77 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
78 catch(GeneralSecurityException e) { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
79 throw new AuthenticationException(e); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
80 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
81 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
82 } |