Mercurial > dive4elements > river

comparison gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java @ 9497:d6d5ca6d4af0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Enabled logging of saml-group-name in log-ing logfile. Some cleanup/refaktoring.
author gernotbelger
date Thu, 27 Sep 2018 17:40:39 +0200
parents 5e38e2924c07
children ca19b7186294
comparison
equal deleted inserted replaced
9486:ce13a2f07290 9497:d6d5ca6d4af0
10 10
11 import java.io.IOException; 11 import java.io.IOException;
12 import java.io.InputStream; 12 import java.io.InputStream;
13 import java.io.StringBufferInputStream; 13 import java.io.StringBufferInputStream;
14 14
15 import javax.servlet.ServletContext;
15 import javax.servlet.ServletException; 16 import javax.servlet.ServletException;
16 import javax.servlet.ServletContext;
17 import javax.servlet.http.HttpServletRequest; 17 import javax.servlet.http.HttpServletRequest;
18 import javax.servlet.http.HttpServletResponse; 18 import javax.servlet.http.HttpServletResponse;
19 19
20 import org.apache.commons.codec.binary.Base64InputStream; 20 import org.apache.commons.codec.binary.Base64InputStream;
21
22 import org.apache.log4j.Logger; 21 import org.apache.log4j.Logger;
23
24 import org.dive4elements.river.client.server.auth.AuthenticationException; 22 import org.dive4elements.river.client.server.auth.AuthenticationException;
25 import org.dive4elements.river.client.server.auth.User; 23 import org.dive4elements.river.client.server.auth.User;
24 import org.dive4elements.river.client.server.auth.saml.Assertion;
26 import org.dive4elements.river.client.server.auth.saml.TicketValidator; 25 import org.dive4elements.river.client.server.auth.saml.TicketValidator;
27 import org.dive4elements.river.client.server.auth.saml.Assertion; 26 import org.dive4elements.river.client.server.auth.was.Response;
28 import org.dive4elements.river.client.server.features.Features; 27 import org.dive4elements.river.client.server.features.Features;
29
30 28
31 public class SamlServlet extends AuthenticationServlet { 29 public class SamlServlet extends AuthenticationServlet {
32 30
33 private static Logger log = Logger.getLogger(SamlServlet.class); 31 private static Logger log = Logger.getLogger(SamlServlet.class);
34 32
35 @Override 33 @Override
36 protected void doPost(HttpServletRequest req, HttpServletResponse resp) 34 protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
37 throws ServletException, IOException 35 // final String encoding = req.getCharacterEncoding();
38 { 36 final String samlTicketXML = req.getParameter("saml");
39 String encoding = req.getCharacterEncoding();
40 String samlTicketXML = req.getParameter("saml");
41 37
42 log.debug("Processing post request"); 38 log.debug("Processing post request");
43 39
44 if (samlTicketXML == null) { 40 if (samlTicketXML == null) {
45 log.debug("No saml ticket provided"); 41 log.debug("No saml ticket provided");
46 this.redirectFailure(resp, req.getContextPath()); 42 this.redirectFailure(resp, req.getContextPath());
47 return; 43 return;
48 } 44 }
49 45
50 try { 46 try {
51 User user = this.auth(samlTicketXML); 47 final User user = this.auth(samlTicketXML);
52 if (user == null) { 48 if (user == null) {
53 log.debug("Authentication not successful"); 49 log.debug("Authentication not successful");
54 this.redirectFailure(resp, req.getContextPath()); 50 this.redirectFailure(resp, req.getContextPath());
55 return; 51 return;
56 } 52 }
57 this.performLogin(req, resp, user); 53 this.performLogin(req, resp, user);
58 log.info("Authentication with existing SAML ticket."); 54 log.info("Authentication with existing SAML ticket.");
59 } 55 }
60 catch(AuthenticationException e) { 56 catch (final AuthenticationException e) {
61 log.error(e, e); 57 log.error(e, e);
62 this.redirectFailure(resp, req.getContextPath(), e); 58 this.redirectFailure(resp, req.getContextPath(), e);
63 } 59 }
64 } 60 }
65 61
66 private User auth(String samlTicketXML) 62 private User auth(final String samlTicketXML) throws AuthenticationException {
67 throws AuthenticationException, IOException 63 final ServletContext sc = this.getServletContext();
68 {
69 ServletContext sc = this.getServletContext();
70 64
71 Assertion assertion = null; 65 Assertion assertion = null;
72 try { 66 try {
73 String keyfile = 67 final String keyfile = sc.getInitParameter("saml-trusted-public-key");
74 (String)sc.getInitParameter("saml-trusted-public-key"); 68 final int timeEps = Integer.parseInt(sc.getInitParameter("saml-time-tolerance"));
75 int timeEps = Integer.parseInt( 69 final TicketValidator validator = new TicketValidator(sc.getRealPath(keyfile), timeEps);
76 sc.getInitParameter("saml-time-tolerance"));
77 TicketValidator validator =
78 new TicketValidator(sc.getRealPath(keyfile), timeEps);
79 70
80 InputStream in = new StringBufferInputStream(samlTicketXML); 71 final InputStream in = new StringBufferInputStream(samlTicketXML);
81 assertion = validator.checkTicket(new Base64InputStream(in)); 72 assertion = validator.checkTicket(new Base64InputStream(in));
82 } 73 }
83 catch (Exception e) { 74 catch (final Exception e) {
84 log.error(e.getLocalizedMessage(), e); 75 log.error(e.getLocalizedMessage(), e);
85 } 76 }
86 if (assertion == null) { 77
78 if (assertion == null)
87 throw new AuthenticationException("Login failed."); 79 throw new AuthenticationException("Login failed.");
88 }
89 80
90 Features features = (Features)sc.getAttribute( 81 final Features features = (Features) sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
91 Features.CONTEXT_ATTRIBUTE); 82
92 return new org.dive4elements.river.client.server.auth.saml.User( 83 return Response.createUser(null, samlTicketXML, assertion, features);
93 assertion, samlTicketXML,
94 features.getFeatures(assertion.getRoles()), null);
95 } 84 }
96 } 85 }
http://dive4elements.wald.intevation.org