Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/LoginServlet.java @ 9577:ca19b7186294
Logging saml group-name in authentication log
author | gernotbelger |
---|---|
date | Tue, 13 Nov 2018 13:02:00 +0100 |
parents | d6d5ca6d4af0 |
children |
rev | line source |
---|---|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
2 * Software engineering by Intevation GmbH |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
3 * |
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5953
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5953
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
7 */ |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
8 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
9 package org.dive4elements.river.client.server; |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
10 |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
11 import java.io.IOException; |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
12 |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
13 import javax.servlet.ServletContext; |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
14 import javax.servlet.ServletException; |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
15 import javax.servlet.http.HttpServletRequest; |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
16 import javax.servlet.http.HttpServletResponse; |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
17 |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
18 import org.apache.log4j.Logger; |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
19 import org.dive4elements.river.client.server.auth.Authentication; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
20 import org.dive4elements.river.client.server.auth.AuthenticationException; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
21 import org.dive4elements.river.client.server.auth.AuthenticationFactory; |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
22 import org.dive4elements.river.client.server.auth.User; |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
23 import org.dive4elements.river.client.server.features.Features; |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
24 |
5953
24dc13ac8e6c
Add AuthenticationServlet, a common base class for the login servlets
Bernhard Herzog <bh@intevation.de>
parents:
5933
diff
changeset
|
25 public class LoginServlet extends AuthenticationServlet { |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
26 |
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5993
diff
changeset
|
27 private static Logger log = Logger.getLogger(LoginServlet.class); |
4451
e2d8f344491e
Use static variable for login page name in LoginServlet
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4450
diff
changeset
|
28 |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
29 @Override |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
30 protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
31 final String encoding = req.getCharacterEncoding(); |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
32 final String username = req.getParameter("username"); |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
33 final String password = req.getParameter("password"); |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
34 |
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5993
diff
changeset
|
35 log.debug("Processing post request"); |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
36 |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
37 if (username == null || password == null) { |
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5993
diff
changeset
|
38 log.debug("No username or password provided"); |
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3697
diff
changeset
|
39 this.redirectFailure(resp, req.getContextPath()); |
3696 | 40 return; |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
41 } |
3697
2e12518ff5b4
Removed trailing whitespace. Reverted functional change in parsing plain user file.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
3696
diff
changeset
|
42 |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
43 try { |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
44 final Authentication aresp = this.auth(username, password, encoding); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2950
diff
changeset
|
45 if (aresp == null || !aresp.isSuccess()) { |
8203
238fc722f87a
sed 's/logger/log/g' src/**/*.java
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5993
diff
changeset
|
46 log.debug("Authentication not successful"); |
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3697
diff
changeset
|
47 this.redirectFailure(resp, req.getContextPath()); |
4489
fea3e4b6faba
Return after sending a redirect
Björn Ricks <bjoern.ricks@intevation.de>
parents:
4451
diff
changeset
|
48 return; |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
49 } |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
50 |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
51 final User user = aresp.getUser(); |
9577
ca19b7186294
Logging saml group-name in authentication log
gernotbelger
parents:
9497
diff
changeset
|
52 |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
53 final String userGroup = user.getUserGroup(); |
9577
ca19b7186294
Logging saml group-name in authentication log
gernotbelger
parents:
9497
diff
changeset
|
54 log.info(String.format("Login-Authentication successfull: group = '%s'", userGroup)); |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
55 |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
56 this.performLogin(req, resp, user); |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
57 } |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
58 catch (final AuthenticationException e) { |
8399
c668520cc5fb
Log successful/unsuccessful authentication without traceback.
Tom Gottfried <tom@intevation.de>
parents:
8203
diff
changeset
|
59 log.error(e.getMessage()); |
3851
a4c9296f6efa
Use the Context PATH servlet variable when using URLs in the GGInAFilter
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3697
diff
changeset
|
60 this.redirectFailure(resp, req.getContextPath(), e); |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
61 } |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
62 } |
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
63 |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
64 private Authentication auth(final String username, final String password, final String encoding) throws AuthenticationException, IOException { |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
65 final ServletContext sc = this.getServletContext(); |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
66 final Features features = (Features) sc.getAttribute(Features.CONTEXT_ATTRIBUTE); |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
67 final String auth = sc.getInitParameter("authentication"); |
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
68 return AuthenticationFactory.getInstance(auth).auth(username, password, encoding, features, sc); |
2950
192eddbbd4cf
Implement a login page to be able to authenticate a user
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
69 } |
9497
d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
gernotbelger
parents:
8856
diff
changeset
|
70 } |