Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 5948:d7b9b3e3c61a
Make instantiation of saml.User easier.
Most of the parameters of the constructor can be taken from the
Assertion object, so there's no reason to pass them separately.
Also, trying to check the validity dates isn't useful for the single
sign on case. See comments in the hasExpired method.
author | Bernhard Herzog <bh@intevation.de> |
---|---|
date | Wed, 08 May 2013 17:56:14 +0200 |
parents | 0b092a1d136b |
children | ea9eef426962 |
rev | line source |
---|---|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
2 * Software engineering by Intevation GmbH |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
3 * |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
7 */ |
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
8 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
9 package org.dive4elements.river.client.server.auth.was; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
10 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
11 import java.io.IOException; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
12 import java.io.InputStream; |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
13 import java.util.List; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
14 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
15 import org.apache.commons.codec.binary.Base64InputStream; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
16 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
17 import org.apache.http.HttpEntity; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
18 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
19 import org.apache.log4j.Logger; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
20 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
21 import org.w3c.dom.Document; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
22 import org.w3c.dom.Element; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
23 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
24 import org.dive4elements.artifacts.httpclient.utils.XMLUtils; |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
25 import org.dive4elements.river.client.server.auth.Authentication; |
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
26 import org.dive4elements.river.client.server.auth.AuthenticationException; |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
27 import org.dive4elements.river.client.server.auth.saml.Assertion; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
28 import org.dive4elements.river.client.server.auth.saml.XPathUtils; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
29 import org.dive4elements.river.client.server.auth.saml.TicketValidator; |
5947
0b092a1d136b
Move User class from was to saml sub-package.
Bernhard Herzog <bh@intevation.de>
parents:
5944
diff
changeset
|
30 import org.dive4elements.river.client.server.auth.saml.User; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
31 |
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
32 import org.dive4elements.river.client.server.features.Features; |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
33 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
34 |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
35 public class Response implements Authentication { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
36 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
37 private static Logger logger = Logger.getLogger(Response.class); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
38 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
39 private Element root; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
40 private Assertion assertion; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
41 private String username; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
42 private String password; |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
43 private Features features; |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
44 private String trustedKeyFile; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
45 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
46 |
5943
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5936
diff
changeset
|
47 public Response(HttpEntity entity, String username, String password, |
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5936
diff
changeset
|
48 Features features, String trustedKeyFile) |
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5936
diff
changeset
|
49 throws AuthenticationException, IOException { |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
50 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
51 if (entity == null) { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
52 throw new ServiceException("Invalid response"); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
53 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
54 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
55 String contenttype = entity.getContentType().getValue(); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
56 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
57 InputStream in = entity.getContent(); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
58 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
59 if (!contenttype.equals("application/vnd.ogc.se_xml")) { |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
60 // XXX: Assume base64 encoded content. |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
61 in = new Base64InputStream(in); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
62 } |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
63 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
64 Document doc = XMLUtils.readDocument(in); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
65 Element root = doc.getDocumentElement(); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
66 String rname = root.getTagName(); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
67 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
68 if (rname != null && rname.equals("ServiceExceptionReport")) { |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
69 throw new ServiceException(XPathUtils.xpathString(root, |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
70 "ServiceException")); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
71 } |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
72 |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
73 this.root = root; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
74 this.username = username; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
75 this.password = password; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
76 this.features = features; |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
77 this.trustedKeyFile = trustedKeyFile; |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
78 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
79 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
80 @Override |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
81 public boolean isSuccess() { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
82 String status = getStatus(); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
83 return status != null && status.equals("samlp:Success"); |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
84 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
85 |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
86 public String getStatus() { |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
87 return XPathUtils.xpathString(this.root, |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
88 "./samlp:Status/samlp:StatusCode/@Value"); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
89 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
90 |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
91 |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
92 public Assertion getAssertion() { |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
93 if (this.assertion == null && this.root != null) { |
5944
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
94 try { |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
95 TicketValidator validator = |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
96 new TicketValidator(this.trustedKeyFile); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
97 this.assertion = validator.checkTicket(this.root); |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
98 } |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
99 catch (Exception e) { |
d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Bernhard Herzog <bh@intevation.de>
parents:
5943
diff
changeset
|
100 logger.error(e.getLocalizedMessage(), e); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
101 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
102 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
103 return this.assertion; |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
104 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
105 |
2959
5ba0a6efdf3b
Auth: added simple file based authentication.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
2956
diff
changeset
|
106 @Override |
2968
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
107 public User getUser() throws AuthenticationException { |
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
108 Assertion assertion = this.getAssertion(); |
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
109 if (assertion == null) { |
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
110 throw new AuthenticationException("Response doesn't contain an assertion"); |
3e0567e02577
Extend Authentication and Response to throw additional exceptions
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2959
diff
changeset
|
111 } |
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
112 List<String> features = this.features.getFeatures( |
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2981
diff
changeset
|
113 this.assertion.getRoles()); |
3489
6f36f79676a7
Add debug log of a successfull authentification
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
114 logger.debug("User " + this.username + " with features " + features + |
6f36f79676a7
Add debug log of a successfull authentification
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
115 " successfully authenticated."); |
5948
d7b9b3e3c61a
Make instantiation of saml.User easier.
Bernhard Herzog <bh@intevation.de>
parents:
5947
diff
changeset
|
116 return new User(assertion, features, this.password); |
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
117 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
118 } |
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
119 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: |