Mercurial > dive4elements > river
comparison gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java @ 5953:24dc13ac8e6c
Add AuthenticationServlet, a common base class for the login servlets
LoginServlet and SamlServlet to reduce code duplication.
| author | Bernhard Herzog <bh@intevation.de> |
|---|---|
| date | Wed, 08 May 2013 17:57:51 +0200 |
| parents | 38d161edba77 |
| children | ea9eef426962 |
comparison
equal
deleted
inserted
replaced
| 5952:42b8447fa7ef | 5953:24dc13ac8e6c |
|---|---|
| 12 import java.io.InputStream; | 12 import java.io.InputStream; |
| 13 import java.io.StringBufferInputStream; | 13 import java.io.StringBufferInputStream; |
| 14 | 14 |
| 15 import javax.servlet.ServletException; | 15 import javax.servlet.ServletException; |
| 16 import javax.servlet.ServletContext; | 16 import javax.servlet.ServletContext; |
| 17 import javax.servlet.http.HttpServlet; | |
| 18 import javax.servlet.http.HttpServletRequest; | 17 import javax.servlet.http.HttpServletRequest; |
| 19 import javax.servlet.http.HttpServletResponse; | 18 import javax.servlet.http.HttpServletResponse; |
| 20 import javax.servlet.http.HttpSession; | |
| 21 | 19 |
| 22 import org.apache.commons.codec.binary.Base64InputStream; | 20 import org.apache.commons.codec.binary.Base64InputStream; |
| 23 | 21 |
| 24 import org.apache.log4j.Logger; | 22 import org.apache.log4j.Logger; |
| 25 | 23 |
| 26 import org.dive4elements.river.client.server.auth.AuthenticationException; | 24 import org.dive4elements.river.client.server.auth.AuthenticationException; |
| 27 import org.dive4elements.river.client.server.auth.User; | 25 import org.dive4elements.river.client.server.auth.User; |
| 28 import org.dive4elements.river.client.server.auth.UserClient; | |
| 29 import org.dive4elements.river.client.server.auth.saml.TicketValidator; | 26 import org.dive4elements.river.client.server.auth.saml.TicketValidator; |
| 30 import org.dive4elements.river.client.server.auth.saml.Assertion; | 27 import org.dive4elements.river.client.server.auth.saml.Assertion; |
| 31 import org.dive4elements.river.client.server.features.Features; | 28 import org.dive4elements.river.client.server.features.Features; |
| 32 | 29 |
| 33 | 30 |
| 34 public class SamlServlet extends HttpServlet { | 31 public class SamlServlet extends AuthenticationServlet { |
| 35 | 32 |
| 36 private static Logger logger = Logger.getLogger(SamlServlet.class); | 33 private static Logger logger = Logger.getLogger(SamlServlet.class); |
| 37 | |
| 38 private static final String FLYS_PAGE = "FLYS.html"; | |
| 39 private static final String LOGIN_PAGE = "login.jsp"; | |
| 40 | |
| 41 private void redirectFailure(HttpServletResponse resp, String path) | |
| 42 throws IOException { | |
| 43 resp.sendRedirect(path + "/" + LOGIN_PAGE); | |
| 44 } | |
| 45 | |
| 46 private void redirectFailure(HttpServletResponse resp, String path, | |
| 47 Exception e) throws IOException { | |
| 48 this.redirectFailure(resp, path, e.getMessage()); | |
| 49 } | |
| 50 | |
| 51 private void redirectFailure(HttpServletResponse resp, String path, | |
| 52 String message) throws IOException { | |
| 53 resp.sendRedirect(path + "/" + LOGIN_PAGE + "?error=" + message); | |
| 54 } | |
| 55 | |
| 56 private void redirectSuccess(HttpServletResponse resp, String path, | |
| 57 String uri) throws IOException { | |
| 58 if (uri == null) { | |
| 59 String redirecturl = getServletContext().getInitParameter("redirect-url"); | |
| 60 if (redirecturl == null) { | |
| 61 redirecturl = FLYS_PAGE; | |
| 62 } | |
| 63 uri = "/" + redirecturl; | |
| 64 } | |
| 65 resp.sendRedirect(uri); | |
| 66 } | |
| 67 | |
| 68 @Override | |
| 69 protected void doGet(HttpServletRequest req, HttpServletResponse resp) | |
| 70 throws ServletException, IOException { | |
| 71 logger.debug("Processing get request"); | |
| 72 this.redirectFailure(resp, req.getContextPath()); | |
| 73 } | |
| 74 | 34 |
| 75 @Override | 35 @Override |
| 76 protected void doPost(HttpServletRequest req, HttpServletResponse resp) | 36 protected void doPost(HttpServletRequest req, HttpServletResponse resp) |
| 77 throws ServletException, IOException | 37 throws ServletException, IOException |
| 78 { | 38 { |
| 92 if (user == null) { | 52 if (user == null) { |
| 93 logger.debug("Authentication not successful"); | 53 logger.debug("Authentication not successful"); |
| 94 this.redirectFailure(resp, req.getContextPath()); | 54 this.redirectFailure(resp, req.getContextPath()); |
| 95 return; | 55 return; |
| 96 } | 56 } |
| 97 | 57 this.performLogin(req, resp, user); |
| 98 String url = getServletContext().getInitParameter("server-url"); | |
| 99 UserClient client = new UserClient(url); | |
| 100 if (!client.userExists(user)) { | |
| 101 logger.debug("Creating db user"); | |
| 102 if (!client.createUser(user)) { | |
| 103 this.redirectFailure(resp, req.getContextPath(), | |
| 104 "Could not create new user"); | |
| 105 return; | |
| 106 } | |
| 107 } | |
| 108 | |
| 109 HttpSession session = req.getSession(); | |
| 110 session.setAttribute("user", user); | |
| 111 | |
| 112 String uri = (String)session.getAttribute("requesturi"); | |
| 113 | |
| 114 this.redirectSuccess(resp, req.getContextPath(), uri); | |
| 115 } | 58 } |
| 116 catch(AuthenticationException e) { | 59 catch(AuthenticationException e) { |
| 117 logger.error(e, e); | 60 logger.error(e, e); |
| 118 this.redirectFailure(resp, req.getContextPath(), e); | 61 this.redirectFailure(resp, req.getContextPath(), e); |
| 119 } | 62 } |