Mercurial > dive4elements > river
comparison gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 8839:2c8259176c46
Add configurable time tolerance to SAML ticket validation.
This allows e.g. to account for time skew between the ISP and
the server this servlet is run on.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 28 Jun 2017 20:09:53 +0200 |
parents | 5aff82e77ec3 |
children | 5e38e2924c07 |
comparison
equal
deleted
inserted
replaced
8838:1fa03f3c9d3d | 8839:2c8259176c46 |
---|---|
43 private Assertion assertion; | 43 private Assertion assertion; |
44 private String username; | 44 private String username; |
45 private String password; | 45 private String password; |
46 private Features features; | 46 private Features features; |
47 private String trustedKeyFile; | 47 private String trustedKeyFile; |
48 private String timeEpsilon; | |
48 | 49 |
49 | 50 |
50 public Response(HttpEntity entity, String username, String password, | 51 public Response(HttpEntity entity, String username, String password, |
51 Features features, String trustedKeyFile) | 52 Features features, String trustedKeyFile, String timeEpsilon) |
52 throws AuthenticationException, IOException { | 53 throws AuthenticationException, IOException { |
53 | 54 |
54 if (entity == null) { | 55 if (entity == null) { |
55 throw new ServiceException("Invalid response"); | 56 throw new ServiceException("Invalid response"); |
56 } | 57 } |
78 this.root = root; | 79 this.root = root; |
79 this.username = username; | 80 this.username = username; |
80 this.password = password; | 81 this.password = password; |
81 this.features = features; | 82 this.features = features; |
82 this.trustedKeyFile = trustedKeyFile; | 83 this.trustedKeyFile = trustedKeyFile; |
84 this.timeEpsilon = timeEpsilon; | |
83 } | 85 } |
84 | 86 |
85 @Override | 87 @Override |
86 public boolean isSuccess() { | 88 public boolean isSuccess() { |
87 String status = getStatus(); | 89 String status = getStatus(); |
95 | 97 |
96 | 98 |
97 public Assertion getAssertion() { | 99 public Assertion getAssertion() { |
98 if (this.assertion == null && this.root != null) { | 100 if (this.assertion == null && this.root != null) { |
99 try { | 101 try { |
102 int timeEps = Integer.parseInt(this.timeEpsilon); | |
100 TicketValidator validator = | 103 TicketValidator validator = |
101 new TicketValidator(this.trustedKeyFile); | 104 new TicketValidator(this.trustedKeyFile, timeEps); |
102 this.assertion = validator.checkTicket(this.root); | 105 this.assertion = validator.checkTicket(this.root); |
103 } | 106 } |
104 catch (Exception e) { | 107 catch (Exception e) { |
105 log.error(e.getLocalizedMessage(), e); | 108 log.error(e.getLocalizedMessage(), e); |
106 } | 109 } |