Mercurial > dive4elements > river
annotate gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Authenticator.java @ 9801:1d7a72a50183 3.2.x tip
Assume Compose V2, consistently
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Thu, 23 Nov 2023 10:14:13 +0100 |
| parents | cfc0aab9947f |
| children |
| rev | line source |
|---|---|
|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
1 /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde |
|
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
3 * |
|
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5943
diff
changeset
|
4 * This file is Free Software under the GNU AGPL (>=v3) |
|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out the |
|
5993
ea9eef426962
Removed trailing whitespace.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5943
diff
changeset
|
6 * documentation coming with Dive4Elements River for details. |
|
5861
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
7 */ |
|
172338b1407f
GWT client: Added copyright header.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5838
diff
changeset
|
8 |
|
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
9 package org.dive4elements.river.client.server.auth.was; |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
10 |
|
9747
cfc0aab9947f
Enable bind-mounting client configuration in docker container
Tom Gottfried <tom@intevation.de>
parents:
8839
diff
changeset
|
11 import java.io.File; |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
12 import java.io.IOException; |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
13 import java.security.GeneralSecurityException; |
|
5933
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
14 import javax.servlet.ServletContext; |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
15 |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
16 import org.apache.http.HttpEntity; |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
17 import org.apache.http.HttpResponse; |
|
4488
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
18 import org.apache.http.StatusLine; |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
19 import org.apache.http.client.HttpClient; |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
20 import org.apache.http.conn.scheme.Scheme; |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
21 import org.apache.http.conn.ssl.SSLSocketFactory; |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
22 import org.apache.http.impl.client.DefaultHttpClient; |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
23 |
|
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
24 import org.dive4elements.river.client.server.GGInATrustStrategy; |
|
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
25 import org.dive4elements.river.client.server.auth.Authentication; |
|
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
26 import org.dive4elements.river.client.server.auth.AuthenticationException; |
|
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
27 import org.dive4elements.river.client.server.features.Features; |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
28 |
|
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
29 public class Authenticator |
|
5835
821a02bbfb4e
Fixed internal java dependencies
Sascha L. Teichmann <teichmann@intevation.de>
parents:
5834
diff
changeset
|
30 implements org.dive4elements.river.client.server.auth.Authenticator { |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
31 |
|
3485
71ba3cf3ec5e
Refactor Authentication to allow to pass the Freatures to the user class
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
2956
diff
changeset
|
32 @Override |
|
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
33 public Authentication auth( |
|
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
34 String username, |
|
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
35 String password, |
|
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
36 String encoding, |
|
5933
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
37 Features features, |
|
1b939742629e
Pass LoginServlet's ServletContext to the Authenticators.
Bernhard Herzog <bh@intevation.de>
parents:
5861
diff
changeset
|
38 ServletContext context |
|
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
39 ) throws |
|
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
40 AuthenticationException, |
|
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
41 IOException |
|
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
42 { |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
43 try { |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
44 SSLSocketFactory sf = new SSLSocketFactory( |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
45 new GGInATrustStrategy()); |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
46 Scheme https = new Scheme("https", 443, sf); |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
47 HttpClient httpclient = new DefaultHttpClient(); |
|
3486
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
48 httpclient.getConnectionManager().getSchemeRegistry().register( |
|
23095983c249
Implement Features handling for WAS authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
3485
diff
changeset
|
49 https); |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
50 |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
51 Request httpget = new Request("https://geoportal.bafg.de/" + |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
52 "administration/WAS", username, password, encoding); |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
53 HttpResponse response = httpclient.execute(httpget); |
|
4488
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
54 StatusLine stline = response.getStatusLine(); |
|
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
55 if (stline.getStatusCode() != 200) { |
|
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
56 throw new AuthenticationException("GGInA Server Error. " + |
|
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
57 "Statuscode: " + stline.getStatusCode() + |
|
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
58 ". Reason: " + stline.getReasonPhrase()); |
|
5041105d2edd
Check if response code from GGInA is 200 OK
Björn Ricks <bjoern.ricks@intevation.de>
parents:
3486
diff
changeset
|
59 } |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
60 HttpEntity entity = response.getEntity(); |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
61 if (entity == null) { |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
62 //FIXME throw AuthenticationException |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
63 return null; |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
64 } |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
65 else { |
|
9747
cfc0aab9947f
Enable bind-mounting client configuration in docker container
Tom Gottfried <tom@intevation.de>
parents:
8839
diff
changeset
|
66 File trustedKey = new File( |
|
cfc0aab9947f
Enable bind-mounting client configuration in docker container
Tom Gottfried <tom@intevation.de>
parents:
8839
diff
changeset
|
67 context.getInitParameter("saml-trusted-public-key")); |
|
cfc0aab9947f
Enable bind-mounting client configuration in docker container
Tom Gottfried <tom@intevation.de>
parents:
8839
diff
changeset
|
68 String path = trustedKey.isAbsolute() |
|
cfc0aab9947f
Enable bind-mounting client configuration in docker container
Tom Gottfried <tom@intevation.de>
parents:
8839
diff
changeset
|
69 ? trustedKey.getPath() |
|
cfc0aab9947f
Enable bind-mounting client configuration in docker container
Tom Gottfried <tom@intevation.de>
parents:
8839
diff
changeset
|
70 : context.getRealPath(trustedKey.getPath()); |
|
8839
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
5993
diff
changeset
|
71 String timeEpsilon = context.getInitParameter( |
|
2c8259176c46
Add configurable time tolerance to SAML ticket validation.
Tom Gottfried <tom@intevation.de>
parents:
5993
diff
changeset
|
72 "saml-time-tolerance"); |
|
5943
a96350a1c160
Pass trusted key filename to Response in WAS Authenticator.
Bernhard Herzog <bh@intevation.de>
parents:
5933
diff
changeset
|
73 return new Response(entity, username, password, features, |
|
9747
cfc0aab9947f
Enable bind-mounting client configuration in docker container
Tom Gottfried <tom@intevation.de>
parents:
8839
diff
changeset
|
74 path, timeEpsilon); |
|
2956
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
75 } |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
76 } |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
77 catch(GeneralSecurityException e) { |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
78 throw new AuthenticationException(e); |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
79 } |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
80 } |
|
d7f76f197d89
Refactor GGInA authentication
Bjoern Ricks <bjoern.ricks@intevation.de>
parents:
diff
changeset
|
81 } |