Mercurial > dive4elements > river
comparison gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 5944:d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Fixes the XML Signature validation part of issue830.
author | Bernhard Herzog <bh@intevation.de> |
---|---|
date | Wed, 08 May 2013 17:56:14 +0200 |
parents | a96350a1c160 |
children | 0b092a1d136b |
comparison
equal
deleted
inserted
replaced
5943:a96350a1c160 | 5944:d6f13dba21fe |
---|---|
16 | 16 |
17 import org.apache.http.HttpEntity; | 17 import org.apache.http.HttpEntity; |
18 | 18 |
19 import org.apache.log4j.Logger; | 19 import org.apache.log4j.Logger; |
20 | 20 |
21 import org.jdom.Document; | 21 import org.w3c.dom.Document; |
22 import org.jdom.Element; | 22 import org.w3c.dom.Element; |
23 import org.jdom.JDOMException; | |
24 import org.jdom.input.SAXBuilder; | |
25 | 23 |
24 import org.dive4elements.artifacts.httpclient.utils.XMLUtils; | |
26 import org.dive4elements.river.client.server.auth.Authentication; | 25 import org.dive4elements.river.client.server.auth.Authentication; |
27 import org.dive4elements.river.client.server.auth.AuthenticationException; | 26 import org.dive4elements.river.client.server.auth.AuthenticationException; |
27 import org.dive4elements.river.client.server.auth.saml.Assertion; | |
28 import org.dive4elements.river.client.server.auth.saml.XPathUtils; | |
29 import org.dive4elements.river.client.server.auth.saml.TicketValidator; | |
28 | 30 |
29 import org.dive4elements.river.client.server.features.Features; | 31 import org.dive4elements.river.client.server.features.Features; |
32 | |
30 | 33 |
31 public class Response implements Authentication { | 34 public class Response implements Authentication { |
32 | 35 |
33 private static Logger logger = Logger.getLogger(Response.class); | 36 private static Logger logger = Logger.getLogger(Response.class); |
34 | 37 |
35 private Element root; | 38 private Element root; |
36 private Assertion assertion; | 39 private Assertion assertion; |
37 private String username; | 40 private String username; |
38 private String password; | 41 private String password; |
39 private Features features; | 42 private Features features; |
43 private String trustedKeyFile; | |
40 | 44 |
41 | 45 |
42 public Response(HttpEntity entity, String username, String password, | 46 public Response(HttpEntity entity, String username, String password, |
43 Features features, String trustedKeyFile) | 47 Features features, String trustedKeyFile) |
44 throws AuthenticationException, IOException { | 48 throws AuthenticationException, IOException { |
47 throw new ServiceException("Invalid response"); | 51 throw new ServiceException("Invalid response"); |
48 } | 52 } |
49 | 53 |
50 String contenttype = entity.getContentType().getValue(); | 54 String contenttype = entity.getContentType().getValue(); |
51 | 55 |
52 try { | 56 InputStream in = entity.getContent(); |
53 InputStream in = entity.getContent(); | |
54 | 57 |
55 if (!contenttype.equals("application/vnd.ogc.se_xml")) { | 58 if (!contenttype.equals("application/vnd.ogc.se_xml")) { |
56 // XXX: Assume base64 encoded content. | 59 // XXX: Assume base64 encoded content. |
57 in = new Base64InputStream(in); | 60 in = new Base64InputStream(in); |
58 } | 61 } |
59 | 62 |
60 SAXBuilder builder = new SAXBuilder(); | 63 Document doc = XMLUtils.readDocument(in); |
61 Document doc = builder.build(in); | 64 Element root = doc.getDocumentElement(); |
62 Element root = doc.getRootElement(); | 65 String rname = root.getTagName(); |
63 String rname = root.getName(); | |
64 | 66 |
65 if (rname != null && rname.equals("ServiceExceptionReport")) { | 67 if (rname != null && rname.equals("ServiceExceptionReport")) { |
66 throw new ServiceException(root.getChildText("ServiceException")); | 68 throw new ServiceException(XPathUtils.xpathString(root, |
67 } | 69 "ServiceException")); |
70 } | |
68 | 71 |
69 this.root = root; | 72 this.root = root; |
70 this.username = username; | 73 this.username = username; |
71 this.password = password; | 74 this.password = password; |
72 this.features = features; | 75 this.features = features; |
73 | 76 this.trustedKeyFile = trustedKeyFile; |
74 } | |
75 catch(JDOMException e) { | |
76 throw new AuthenticationException(e); | |
77 } | |
78 } | 77 } |
79 | 78 |
80 @Override | 79 @Override |
81 public boolean isSuccess() { | 80 public boolean isSuccess() { |
82 String status = getStatus(); | 81 String status = getStatus(); |
83 return status != null && status.equals("samlp:Success"); | 82 return status != null && status.equals("samlp:Success"); |
84 } | 83 } |
85 | 84 |
86 public String getStatus() { | 85 public String getStatus() { |
87 Element status = this.root.getChild("Status", Namespaces.SAML_NS_PROTO); | 86 return XPathUtils.xpathString(this.root, |
88 if (status == null) { | 87 "./samlp:Status/samlp:StatusCode/@Value"); |
89 return null; | |
90 } | |
91 Element statuscode = status.getChild("StatusCode", | |
92 Namespaces.SAML_NS_PROTO); | |
93 if (statuscode == null) { | |
94 return null; | |
95 } | |
96 return statuscode.getAttributeValue("Value"); | |
97 } | 88 } |
89 | |
98 | 90 |
99 public Assertion getAssertion() { | 91 public Assertion getAssertion() { |
100 if (this.assertion == null && this.root != null) { | 92 if (this.assertion == null && this.root != null) { |
101 Element assertion = this.root.getChild("Assertion", | 93 try { |
102 Namespaces.SAML_NS_ASSERT); | 94 TicketValidator validator = |
103 if (assertion != null) { | 95 new TicketValidator(this.trustedKeyFile); |
104 this.assertion = new Assertion(assertion); | 96 this.assertion = validator.checkTicket(this.root); |
97 } | |
98 catch (Exception e) { | |
99 logger.error(e.getLocalizedMessage(), e); | |
105 } | 100 } |
106 } | 101 } |
107 return this.assertion; | 102 return this.assertion; |
108 } | 103 } |
109 | 104 |
116 List<String> features = this.features.getFeatures( | 111 List<String> features = this.features.getFeatures( |
117 this.assertion.getRoles()); | 112 this.assertion.getRoles()); |
118 logger.debug("User " + this.username + " with features " + features + | 113 logger.debug("User " + this.username + " with features " + features + |
119 " successfully authenticated."); | 114 " successfully authenticated."); |
120 return new User(this.username, this.password, assertion.getNameID(), | 115 return new User(this.username, this.password, assertion.getNameID(), |
121 this.assertion.getRoles(), assertion, features); | 116 this.assertion.getRoles(), assertion, features); |
122 } | 117 } |
123 } | 118 } |
124 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: | 119 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: |