Mercurial > dive4elements > river
comparison gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java @ 9497:d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
Some cleanup/refaktoring.
author | gernotbelger |
---|---|
date | Thu, 27 Sep 2018 17:40:39 +0200 |
parents | 5e38e2924c07 |
children | ca19b7186294 |
comparison
equal
deleted
inserted
replaced
9486:ce13a2f07290 | 9497:d6d5ca6d4af0 |
---|---|
10 | 10 |
11 import java.io.IOException; | 11 import java.io.IOException; |
12 import java.io.InputStream; | 12 import java.io.InputStream; |
13 import java.io.StringBufferInputStream; | 13 import java.io.StringBufferInputStream; |
14 | 14 |
15 import javax.servlet.ServletContext; | |
15 import javax.servlet.ServletException; | 16 import javax.servlet.ServletException; |
16 import javax.servlet.ServletContext; | |
17 import javax.servlet.http.HttpServletRequest; | 17 import javax.servlet.http.HttpServletRequest; |
18 import javax.servlet.http.HttpServletResponse; | 18 import javax.servlet.http.HttpServletResponse; |
19 | 19 |
20 import org.apache.commons.codec.binary.Base64InputStream; | 20 import org.apache.commons.codec.binary.Base64InputStream; |
21 | |
22 import org.apache.log4j.Logger; | 21 import org.apache.log4j.Logger; |
23 | |
24 import org.dive4elements.river.client.server.auth.AuthenticationException; | 22 import org.dive4elements.river.client.server.auth.AuthenticationException; |
25 import org.dive4elements.river.client.server.auth.User; | 23 import org.dive4elements.river.client.server.auth.User; |
24 import org.dive4elements.river.client.server.auth.saml.Assertion; | |
26 import org.dive4elements.river.client.server.auth.saml.TicketValidator; | 25 import org.dive4elements.river.client.server.auth.saml.TicketValidator; |
27 import org.dive4elements.river.client.server.auth.saml.Assertion; | 26 import org.dive4elements.river.client.server.auth.was.Response; |
28 import org.dive4elements.river.client.server.features.Features; | 27 import org.dive4elements.river.client.server.features.Features; |
29 | |
30 | 28 |
31 public class SamlServlet extends AuthenticationServlet { | 29 public class SamlServlet extends AuthenticationServlet { |
32 | 30 |
33 private static Logger log = Logger.getLogger(SamlServlet.class); | 31 private static Logger log = Logger.getLogger(SamlServlet.class); |
34 | 32 |
35 @Override | 33 @Override |
36 protected void doPost(HttpServletRequest req, HttpServletResponse resp) | 34 protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { |
37 throws ServletException, IOException | 35 // final String encoding = req.getCharacterEncoding(); |
38 { | 36 final String samlTicketXML = req.getParameter("saml"); |
39 String encoding = req.getCharacterEncoding(); | |
40 String samlTicketXML = req.getParameter("saml"); | |
41 | 37 |
42 log.debug("Processing post request"); | 38 log.debug("Processing post request"); |
43 | 39 |
44 if (samlTicketXML == null) { | 40 if (samlTicketXML == null) { |
45 log.debug("No saml ticket provided"); | 41 log.debug("No saml ticket provided"); |
46 this.redirectFailure(resp, req.getContextPath()); | 42 this.redirectFailure(resp, req.getContextPath()); |
47 return; | 43 return; |
48 } | 44 } |
49 | 45 |
50 try { | 46 try { |
51 User user = this.auth(samlTicketXML); | 47 final User user = this.auth(samlTicketXML); |
52 if (user == null) { | 48 if (user == null) { |
53 log.debug("Authentication not successful"); | 49 log.debug("Authentication not successful"); |
54 this.redirectFailure(resp, req.getContextPath()); | 50 this.redirectFailure(resp, req.getContextPath()); |
55 return; | 51 return; |
56 } | 52 } |
57 this.performLogin(req, resp, user); | 53 this.performLogin(req, resp, user); |
58 log.info("Authentication with existing SAML ticket."); | 54 log.info("Authentication with existing SAML ticket."); |
59 } | 55 } |
60 catch(AuthenticationException e) { | 56 catch (final AuthenticationException e) { |
61 log.error(e, e); | 57 log.error(e, e); |
62 this.redirectFailure(resp, req.getContextPath(), e); | 58 this.redirectFailure(resp, req.getContextPath(), e); |
63 } | 59 } |
64 } | 60 } |
65 | 61 |
66 private User auth(String samlTicketXML) | 62 private User auth(final String samlTicketXML) throws AuthenticationException { |
67 throws AuthenticationException, IOException | 63 final ServletContext sc = this.getServletContext(); |
68 { | |
69 ServletContext sc = this.getServletContext(); | |
70 | 64 |
71 Assertion assertion = null; | 65 Assertion assertion = null; |
72 try { | 66 try { |
73 String keyfile = | 67 final String keyfile = sc.getInitParameter("saml-trusted-public-key"); |
74 (String)sc.getInitParameter("saml-trusted-public-key"); | 68 final int timeEps = Integer.parseInt(sc.getInitParameter("saml-time-tolerance")); |
75 int timeEps = Integer.parseInt( | 69 final TicketValidator validator = new TicketValidator(sc.getRealPath(keyfile), timeEps); |
76 sc.getInitParameter("saml-time-tolerance")); | |
77 TicketValidator validator = | |
78 new TicketValidator(sc.getRealPath(keyfile), timeEps); | |
79 | 70 |
80 InputStream in = new StringBufferInputStream(samlTicketXML); | 71 final InputStream in = new StringBufferInputStream(samlTicketXML); |
81 assertion = validator.checkTicket(new Base64InputStream(in)); | 72 assertion = validator.checkTicket(new Base64InputStream(in)); |
82 } | 73 } |
83 catch (Exception e) { | 74 catch (final Exception e) { |
84 log.error(e.getLocalizedMessage(), e); | 75 log.error(e.getLocalizedMessage(), e); |
85 } | 76 } |
86 if (assertion == null) { | 77 |
78 if (assertion == null) | |
87 throw new AuthenticationException("Login failed."); | 79 throw new AuthenticationException("Login failed."); |
88 } | |
89 | 80 |
90 Features features = (Features)sc.getAttribute( | 81 final Features features = (Features) sc.getAttribute(Features.CONTEXT_ATTRIBUTE); |
91 Features.CONTEXT_ATTRIBUTE); | 82 |
92 return new org.dive4elements.river.client.server.auth.saml.User( | 83 return Response.createUser(null, samlTicketXML, assertion, features); |
93 assertion, samlTicketXML, | |
94 features.getFeatures(assertion.getRoles()), null); | |
95 } | 84 } |
96 } | 85 } |