Mercurial > dive4elements > river
comparison gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 5944:d6f13dba21fe
Adapt WAS Response to new SAML validation code.
Fixes the XML Signature validation part of issue830.
| author | Bernhard Herzog <bh@intevation.de> |
|---|---|
| date | Wed, 08 May 2013 17:56:14 +0200 |
| parents | a96350a1c160 |
| children | 0b092a1d136b |
comparison
equal
deleted
inserted
replaced
| 5943:a96350a1c160 | 5944:d6f13dba21fe |
|---|---|
| 16 | 16 |
| 17 import org.apache.http.HttpEntity; | 17 import org.apache.http.HttpEntity; |
| 18 | 18 |
| 19 import org.apache.log4j.Logger; | 19 import org.apache.log4j.Logger; |
| 20 | 20 |
| 21 import org.jdom.Document; | 21 import org.w3c.dom.Document; |
| 22 import org.jdom.Element; | 22 import org.w3c.dom.Element; |
| 23 import org.jdom.JDOMException; | |
| 24 import org.jdom.input.SAXBuilder; | |
| 25 | 23 |
| 24 import org.dive4elements.artifacts.httpclient.utils.XMLUtils; | |
| 26 import org.dive4elements.river.client.server.auth.Authentication; | 25 import org.dive4elements.river.client.server.auth.Authentication; |
| 27 import org.dive4elements.river.client.server.auth.AuthenticationException; | 26 import org.dive4elements.river.client.server.auth.AuthenticationException; |
| 27 import org.dive4elements.river.client.server.auth.saml.Assertion; | |
| 28 import org.dive4elements.river.client.server.auth.saml.XPathUtils; | |
| 29 import org.dive4elements.river.client.server.auth.saml.TicketValidator; | |
| 28 | 30 |
| 29 import org.dive4elements.river.client.server.features.Features; | 31 import org.dive4elements.river.client.server.features.Features; |
| 32 | |
| 30 | 33 |
| 31 public class Response implements Authentication { | 34 public class Response implements Authentication { |
| 32 | 35 |
| 33 private static Logger logger = Logger.getLogger(Response.class); | 36 private static Logger logger = Logger.getLogger(Response.class); |
| 34 | 37 |
| 35 private Element root; | 38 private Element root; |
| 36 private Assertion assertion; | 39 private Assertion assertion; |
| 37 private String username; | 40 private String username; |
| 38 private String password; | 41 private String password; |
| 39 private Features features; | 42 private Features features; |
| 43 private String trustedKeyFile; | |
| 40 | 44 |
| 41 | 45 |
| 42 public Response(HttpEntity entity, String username, String password, | 46 public Response(HttpEntity entity, String username, String password, |
| 43 Features features, String trustedKeyFile) | 47 Features features, String trustedKeyFile) |
| 44 throws AuthenticationException, IOException { | 48 throws AuthenticationException, IOException { |
| 47 throw new ServiceException("Invalid response"); | 51 throw new ServiceException("Invalid response"); |
| 48 } | 52 } |
| 49 | 53 |
| 50 String contenttype = entity.getContentType().getValue(); | 54 String contenttype = entity.getContentType().getValue(); |
| 51 | 55 |
| 52 try { | 56 InputStream in = entity.getContent(); |
| 53 InputStream in = entity.getContent(); | |
| 54 | 57 |
| 55 if (!contenttype.equals("application/vnd.ogc.se_xml")) { | 58 if (!contenttype.equals("application/vnd.ogc.se_xml")) { |
| 56 // XXX: Assume base64 encoded content. | 59 // XXX: Assume base64 encoded content. |
| 57 in = new Base64InputStream(in); | 60 in = new Base64InputStream(in); |
| 58 } | 61 } |
| 59 | 62 |
| 60 SAXBuilder builder = new SAXBuilder(); | 63 Document doc = XMLUtils.readDocument(in); |
| 61 Document doc = builder.build(in); | 64 Element root = doc.getDocumentElement(); |
| 62 Element root = doc.getRootElement(); | 65 String rname = root.getTagName(); |
| 63 String rname = root.getName(); | |
| 64 | 66 |
| 65 if (rname != null && rname.equals("ServiceExceptionReport")) { | 67 if (rname != null && rname.equals("ServiceExceptionReport")) { |
| 66 throw new ServiceException(root.getChildText("ServiceException")); | 68 throw new ServiceException(XPathUtils.xpathString(root, |
| 67 } | 69 "ServiceException")); |
| 70 } | |
| 68 | 71 |
| 69 this.root = root; | 72 this.root = root; |
| 70 this.username = username; | 73 this.username = username; |
| 71 this.password = password; | 74 this.password = password; |
| 72 this.features = features; | 75 this.features = features; |
| 73 | 76 this.trustedKeyFile = trustedKeyFile; |
| 74 } | |
| 75 catch(JDOMException e) { | |
| 76 throw new AuthenticationException(e); | |
| 77 } | |
| 78 } | 77 } |
| 79 | 78 |
| 80 @Override | 79 @Override |
| 81 public boolean isSuccess() { | 80 public boolean isSuccess() { |
| 82 String status = getStatus(); | 81 String status = getStatus(); |
| 83 return status != null && status.equals("samlp:Success"); | 82 return status != null && status.equals("samlp:Success"); |
| 84 } | 83 } |
| 85 | 84 |
| 86 public String getStatus() { | 85 public String getStatus() { |
| 87 Element status = this.root.getChild("Status", Namespaces.SAML_NS_PROTO); | 86 return XPathUtils.xpathString(this.root, |
| 88 if (status == null) { | 87 "./samlp:Status/samlp:StatusCode/@Value"); |
| 89 return null; | |
| 90 } | |
| 91 Element statuscode = status.getChild("StatusCode", | |
| 92 Namespaces.SAML_NS_PROTO); | |
| 93 if (statuscode == null) { | |
| 94 return null; | |
| 95 } | |
| 96 return statuscode.getAttributeValue("Value"); | |
| 97 } | 88 } |
| 89 | |
| 98 | 90 |
| 99 public Assertion getAssertion() { | 91 public Assertion getAssertion() { |
| 100 if (this.assertion == null && this.root != null) { | 92 if (this.assertion == null && this.root != null) { |
| 101 Element assertion = this.root.getChild("Assertion", | 93 try { |
| 102 Namespaces.SAML_NS_ASSERT); | 94 TicketValidator validator = |
| 103 if (assertion != null) { | 95 new TicketValidator(this.trustedKeyFile); |
| 104 this.assertion = new Assertion(assertion); | 96 this.assertion = validator.checkTicket(this.root); |
| 97 } | |
| 98 catch (Exception e) { | |
| 99 logger.error(e.getLocalizedMessage(), e); | |
| 105 } | 100 } |
| 106 } | 101 } |
| 107 return this.assertion; | 102 return this.assertion; |
| 108 } | 103 } |
| 109 | 104 |
| 116 List<String> features = this.features.getFeatures( | 111 List<String> features = this.features.getFeatures( |
| 117 this.assertion.getRoles()); | 112 this.assertion.getRoles()); |
| 118 logger.debug("User " + this.username + " with features " + features + | 113 logger.debug("User " + this.username + " with features " + features + |
| 119 " successfully authenticated."); | 114 " successfully authenticated."); |
| 120 return new User(this.username, this.password, assertion.getNameID(), | 115 return new User(this.username, this.password, assertion.getNameID(), |
| 121 this.assertion.getRoles(), assertion, features); | 116 this.assertion.getRoles(), assertion, features); |
| 122 } | 117 } |
| 123 } | 118 } |
| 124 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: | 119 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: |