Mercurial > dive4elements > river
comparison gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 9497:d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
Some cleanup/refaktoring.
author | gernotbelger |
---|---|
date | Thu, 27 Sep 2018 17:40:39 +0200 |
parents | 5e38e2924c07 |
children |
comparison
equal
deleted
inserted
replaced
9486:ce13a2f07290 | 9497:d6d5ca6d4af0 |
---|---|
12 import java.io.InputStream; | 12 import java.io.InputStream; |
13 import java.io.StringBufferInputStream; | 13 import java.io.StringBufferInputStream; |
14 import java.util.List; | 14 import java.util.List; |
15 | 15 |
16 import org.apache.commons.codec.binary.Base64InputStream; | 16 import org.apache.commons.codec.binary.Base64InputStream; |
17 | |
18 import org.apache.http.HttpEntity; | 17 import org.apache.http.HttpEntity; |
19 import org.apache.http.util.EntityUtils; | 18 import org.apache.http.util.EntityUtils; |
20 | |
21 import org.apache.log4j.Logger; | 19 import org.apache.log4j.Logger; |
22 | |
23 import org.w3c.dom.Document; | |
24 import org.w3c.dom.Element; | |
25 | |
26 import org.dive4elements.artifacts.httpclient.utils.XMLUtils; | 20 import org.dive4elements.artifacts.httpclient.utils.XMLUtils; |
27 import org.dive4elements.river.client.server.auth.Authentication; | 21 import org.dive4elements.river.client.server.auth.Authentication; |
28 import org.dive4elements.river.client.server.auth.AuthenticationException; | 22 import org.dive4elements.river.client.server.auth.AuthenticationException; |
23 import org.dive4elements.river.client.server.auth.DefaultUser; | |
24 import org.dive4elements.river.client.server.auth.User; | |
29 import org.dive4elements.river.client.server.auth.saml.Assertion; | 25 import org.dive4elements.river.client.server.auth.saml.Assertion; |
26 import org.dive4elements.river.client.server.auth.saml.TicketValidator; | |
30 import org.dive4elements.river.client.server.auth.saml.XPathUtils; | 27 import org.dive4elements.river.client.server.auth.saml.XPathUtils; |
31 import org.dive4elements.river.client.server.auth.saml.TicketValidator; | |
32 import org.dive4elements.river.client.server.auth.saml.User; | |
33 | |
34 import org.dive4elements.river.client.server.features.Features; | 28 import org.dive4elements.river.client.server.features.Features; |
35 | 29 import org.w3c.dom.Document; |
30 import org.w3c.dom.Element; | |
36 | 31 |
37 public class Response implements Authentication { | 32 public class Response implements Authentication { |
38 | 33 |
39 private static Logger log = Logger.getLogger(Response.class); | 34 private static Logger log = Logger.getLogger(Response.class); |
40 | 35 |
41 private Element root; | 36 private final Element root; |
42 private String samlTicketXML; | 37 private final String samlTicketXML; |
43 private Assertion assertion; | 38 private Assertion assertion; |
44 private String username; | 39 private final String password; |
45 private String password; | 40 private final Features features; |
46 private Features features; | 41 private final String trustedKeyFile; |
47 private String trustedKeyFile; | 42 private final String timeEpsilon; |
48 private String timeEpsilon; | |
49 | 43 |
50 | 44 public Response(final HttpEntity entity, final String password, final Features features, final String trustedKeyFile, |
51 public Response(HttpEntity entity, String username, String password, | 45 final String timeEpsilon) throws AuthenticationException, IOException { |
52 Features features, String trustedKeyFile, String timeEpsilon) | |
53 throws AuthenticationException, IOException { | |
54 | 46 |
55 if (entity == null) { | 47 if (entity == null) { |
56 throw new ServiceException("Invalid response"); | 48 throw new ServiceException("Invalid response"); |
57 } | 49 } |
58 | 50 |
59 String contenttype = entity.getContentType().getValue(); | 51 final String contenttype = entity.getContentType().getValue(); |
60 String samlTicketXML = EntityUtils.toString(entity); | 52 final String samlTicketXML = EntityUtils.toString(entity); |
61 | 53 |
62 InputStream in = new StringBufferInputStream(samlTicketXML); | 54 InputStream in = new StringBufferInputStream(samlTicketXML); |
63 | 55 |
64 if (!contenttype.equals("application/vnd.ogc.se_xml")) { | 56 if (!contenttype.equals("application/vnd.ogc.se_xml")) { |
65 // XXX: Assume base64 encoded content. | 57 // XXX: Assume base64 encoded content. |
66 in = new Base64InputStream(in); | 58 in = new Base64InputStream(in); |
67 } | 59 } |
68 | 60 |
69 Document doc = XMLUtils.readDocument(in); | 61 final Document doc = XMLUtils.readDocument(in); |
70 Element root = doc.getDocumentElement(); | 62 final Element root = doc.getDocumentElement(); |
71 String rname = root.getTagName(); | 63 final String rname = root.getTagName(); |
72 | 64 |
73 if (rname != null && rname.equals("ServiceExceptionReport")) { | 65 if (rname != null && rname.equals("ServiceExceptionReport")) |
74 throw new ServiceException(XPathUtils.xpathString(root, | 66 throw new ServiceException(XPathUtils.xpathString(root, "ServiceException")); |
75 "ServiceException")); | |
76 } | |
77 | 67 |
78 this.samlTicketXML = samlTicketXML; | 68 this.samlTicketXML = samlTicketXML; |
79 this.root = root; | 69 this.root = root; |
80 this.username = username; | |
81 this.password = password; | 70 this.password = password; |
82 this.features = features; | 71 this.features = features; |
83 this.trustedKeyFile = trustedKeyFile; | 72 this.trustedKeyFile = trustedKeyFile; |
84 this.timeEpsilon = timeEpsilon; | 73 this.timeEpsilon = timeEpsilon; |
85 } | 74 } |
86 | 75 |
87 @Override | 76 @Override |
88 public boolean isSuccess() { | 77 public boolean isSuccess() { |
89 String status = getStatus(); | 78 final String status = getStatus(); |
90 return status != null && status.equals("samlp:Success"); | 79 return status != null && status.equals("samlp:Success"); |
91 } | 80 } |
92 | 81 |
93 public String getStatus() { | 82 private String getStatus() { |
94 return XPathUtils.xpathString(this.root, | 83 return XPathUtils.xpathString(this.root, "./samlp:Status/samlp:StatusCode/@Value"); |
95 "./samlp:Status/samlp:StatusCode/@Value"); | |
96 } | 84 } |
97 | 85 |
98 | 86 private Assertion getAssertion() { |
99 public Assertion getAssertion() { | |
100 if (this.assertion == null && this.root != null) { | 87 if (this.assertion == null && this.root != null) { |
101 try { | 88 try { |
102 int timeEps = Integer.parseInt(this.timeEpsilon); | 89 final int timeEps = Integer.parseInt(this.timeEpsilon); |
103 TicketValidator validator = | 90 final TicketValidator validator = new TicketValidator(this.trustedKeyFile, timeEps); |
104 new TicketValidator(this.trustedKeyFile, timeEps); | |
105 this.assertion = validator.checkTicket(this.root); | 91 this.assertion = validator.checkTicket(this.root); |
106 } | 92 } |
107 catch (Exception e) { | 93 catch (final Exception e) { |
108 log.error(e.getLocalizedMessage(), e); | 94 log.error(e.getLocalizedMessage(), e); |
109 } | 95 } |
110 } | 96 } |
111 return this.assertion; | 97 return this.assertion; |
112 } | 98 } |
113 | 99 |
114 @Override | 100 @Override |
115 public User getUser() throws AuthenticationException { | 101 public User getUser() throws AuthenticationException { |
116 Assertion assertion = this.getAssertion(); | 102 final Assertion assertion = this.getAssertion(); |
117 if (assertion == null) { | 103 if (assertion == null) |
118 throw new AuthenticationException( | 104 throw new AuthenticationException("Response doesn't contain an assertion"); |
119 "Response doesn't contain an assertion"); | 105 |
120 } | 106 final DefaultUser user = createUser(this.password, this.samlTicketXML, assertion, this.features); |
121 List<String> features = this.features.getFeatures( | 107 |
122 this.assertion.getRoles()); | 108 log.debug("User " + user.getName() + " with features " + user.getAllowedFeatures() + " successfully authenticated."); |
123 log.debug("User " + this.username + " with features " + features + | 109 |
124 " successfully authenticated."); | 110 return user; |
125 return new User(assertion, this.samlTicketXML, features, this.password); | 111 } |
112 | |
113 public static DefaultUser createUser(final String password, final String samlTicketXML, final Assertion assertion, final Features features) { | |
114 final List<String> roles = assertion.getRoles(); | |
115 | |
116 final List<String> allowedFeatures = features.getFeatures(roles); | |
117 | |
118 // We could check the validity dates of the assertion here, but | |
119 // when using this for Single-Sign-On this would lead to the | |
120 // code in GGInAFilter to re-authenticate with the password | |
121 // stored in the User object, which isn't known in the case of | |
122 // Single-Sign-On. | |
123 final boolean expired = false; | |
124 | |
125 final String username = assertion.getNameID(); | |
126 final String userGroup = assertion.getGroupName(); | |
127 | |
128 return new DefaultUser(username, password, samlTicketXML, expired, roles, allowedFeatures, userGroup); | |
126 } | 129 } |
127 } | 130 } |
128 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: |