Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Authenticator.java @ 5948:d7b9b3e3c61a
Make instantiation of saml.User easier.
Most of the parameters of the constructor can be taken from the
Assertion object, so there's no reason to pass them separately.
Also, trying to check the validity dates isn't useful for the single
sign on case. See comments in the hasExpired method.
author | Bernhard Herzog <bh@intevation.de> |
---|---|
date | Wed, 08 May 2013 17:56:14 +0200 |
parents | a96350a1c160 |
children | ea9eef426962 |
rev | line source |
---|---|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
2 * Software engineering by Intevation GmbH |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
3 * |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
7 */ |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
8 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
9 package org.dive4elements.river.client.server.auth.was; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
10 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
11 import java.io.IOException; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
12 import java.security.GeneralSecurityException; |
5933
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
13 import javax.servlet.ServletContext; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
14 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
15 import org.apache.http.HttpEntity; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
16 import org.apache.http.HttpResponse; |
4488
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
17 import org.apache.http.StatusLine; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
18 import org.apache.http.client.HttpClient; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
19 import org.apache.http.conn.scheme.Scheme; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
20 import org.apache.http.conn.ssl.SSLSocketFactory; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
21 import org.apache.http.impl.client.DefaultHttpClient; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
22 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
23 import org.dive4elements.river.client.server.GGInATrustStrategy; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
24 import org.dive4elements.river.client.server.auth.Authentication; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
25 import org.dive4elements.river.client.server.auth.AuthenticationException; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
26 import org.dive4elements.river.client.server.features.Features; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
27 |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
28 public class Authenticator |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
29 implements org.dive4elements.river.client.server.auth.Authenticator { |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
30 |
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2956
diff
changeset
|
31 @Override |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
32 public Authentication auth( |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
33 String username, |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
34 String password, |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
35 String encoding, |
5933
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
36 Features features, |
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
37 ServletContext context |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
38 ) throws |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
39 AuthenticationException, |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
40 IOException |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
41 { |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
42 try { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
43 SSLSocketFactory sf = new SSLSocketFactory( |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
44 new GGInATrustStrategy()); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
45 Scheme https = new Scheme("https", 443, sf); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
46 HttpClient httpclient = new DefaultHttpClient(); |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
47 httpclient.getConnectionManager().getSchemeRegistry().register( |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
48 https); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
49 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
50 Request httpget = new Request("https://geoportal.bafg.de/" + |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
51 "administration/WAS", username, password, encoding); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
52 HttpResponse response = httpclient.execute(httpget); |
4488
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
53 StatusLine stline = response.getStatusLine(); |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
54 if (stline.getStatusCode() != 200) { |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
55 throw new AuthenticationException("GGInA Server Error. " + |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
56 "Statuscode: " + stline.getStatusCode() + |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
57 ". Reason: " + stline.getReasonPhrase()); |
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
58 } |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
59 HttpEntity entity = response.getEntity(); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
60 if (entity == null) { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
61 //FIXME throw AuthenticationException |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
62 return null; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
63 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
64 else { |
5943
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5933
diff
changeset
|
65 String trustedKey = |
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5933
diff
changeset
|
66 (String)context.getInitParameter("saml-trusted-public-key"); |
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5933
diff
changeset
|
67 return new Response(entity, username, password, features, |
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5933
diff
changeset
|
68 context.getRealPath(trustedKey)); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
69 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
70 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
71 catch(GeneralSecurityException e) { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
72 throw new AuthenticationException(e); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
73 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
74 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
75 } |