Mercurial > dive4elements > river
comparison flys-client/src/main/java/de/intevation/flys/client/server/LoginServlet.java @ 2956:d7f76f197d89
Refactor GGInA authentication
Move authentication related classes to de.intevation.fly.client.server.auth
package. Abstract the authentication classes to allow other authentications
beside WAS/GGInA.
flys-client/trunk@4936 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Bjoern Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Wed, 11 Jul 2012 13:31:56 +0000 |
parents | 192eddbbd4cf |
children | 16c71457ed43 |
comparison
equal
deleted
inserted
replaced
2955:f1030909eeb6 | 2956:d7f76f197d89 |
---|---|
1 package de.intevation.flys.client.server; | 1 package de.intevation.flys.client.server; |
2 | 2 |
3 import java.io.IOException; | 3 import java.io.IOException; |
4 import java.security.GeneralSecurityException; | |
5 | 4 |
6 import javax.servlet.ServletException; | 5 import javax.servlet.ServletException; |
7 import javax.servlet.http.HttpServlet; | 6 import javax.servlet.http.HttpServlet; |
8 import javax.servlet.http.HttpServletRequest; | 7 import javax.servlet.http.HttpServletRequest; |
9 import javax.servlet.http.HttpServletResponse; | 8 import javax.servlet.http.HttpServletResponse; |
10 import javax.servlet.http.HttpSession; | 9 import javax.servlet.http.HttpSession; |
11 | 10 |
12 import org.apache.http.HttpEntity; | |
13 import org.apache.http.HttpResponse; | |
14 import org.apache.http.client.HttpClient; | |
15 import org.apache.http.conn.scheme.Scheme; | |
16 import org.apache.http.conn.ssl.SSLSocketFactory; | |
17 import org.apache.http.impl.client.DefaultHttpClient; | |
18 | |
19 import org.apache.log4j.Logger; | 11 import org.apache.log4j.Logger; |
20 | 12 |
21 import de.intevation.flys.client.server.was.Assertion; | 13 import de.intevation.flys.client.server.auth.Authentication; |
22 import de.intevation.flys.client.server.was.User; | 14 import de.intevation.flys.client.server.auth.AuthenticationException; |
23 import de.intevation.flys.client.server.was.Request; | 15 import de.intevation.flys.client.server.auth.AuthenticationFactory; |
24 import de.intevation.flys.client.server.was.Response; | 16 import de.intevation.flys.client.server.auth.User; |
25 import de.intevation.flys.client.server.was.ServiceException; | |
26 import de.intevation.flys.client.server.was.Signature; | |
27 | |
28 | |
29 | 17 |
30 public class LoginServlet extends HttpServlet { | 18 public class LoginServlet extends HttpServlet { |
31 | 19 |
32 private static Logger logger = Logger.getLogger(LoginServlet.class); | 20 private static Logger logger = Logger.getLogger(LoginServlet.class); |
33 | 21 |
61 if (username == null || password == null) { | 49 if (username == null || password == null) { |
62 logger.debug("No username or password provided"); | 50 logger.debug("No username or password provided"); |
63 this.redirectFailure(resp); | 51 this.redirectFailure(resp); |
64 } | 52 } |
65 try { | 53 try { |
66 Response wasresp = this.auth(username, password, encoding); | 54 Authentication aresp = this.auth(username, password, encoding); |
67 if (wasresp == null || !wasresp.isSuccess()) { | 55 if (aresp == null || !aresp.isSuccess()) { |
68 logger.debug("Athentication not successful"); | 56 logger.debug("Athentication not successful"); |
69 this.redirectFailure(resp); | 57 this.redirectFailure(resp); |
70 } | 58 } |
71 HttpSession session = req.getSession(); | 59 HttpSession session = req.getSession(); |
72 User user = new User(username, password); | 60 User user = aresp.getUser(); |
73 session.setAttribute("user", user); | 61 session.setAttribute("user", user); |
74 | 62 |
75 String uri = (String)session.getAttribute("requesturi"); | 63 String uri = (String)session.getAttribute("requesturi"); |
76 | 64 |
77 this.redirectSuccess(resp, uri); | 65 this.redirectSuccess(resp, uri); |
78 | |
79 /* Assertion assertion = wasresponse.getAssertion(); */ | |
80 /* System.out.println("ID: " + assertion.getID()); */ | |
81 /* System.out.println("UserID: " + assertion.getUserID()); */ | |
82 /* System.out.println("NameID: " + assertion.getNameID()); */ | |
83 /* System.out.println("GroupID: " + assertion.getGroupID()); */ | |
84 /* System.out.println("GroupName: " + assertion.getGroupName()); */ | |
85 /* System.out.println("From: " + assertion.getFrom()); */ | |
86 /* System.out.println("Until: " + assertion.getUntil()); */ | |
87 /* for(String role : assertion.getRoles()) { */ | |
88 /* System.out.println("Role: " + role); */ | |
89 /* } */ | |
90 /* Signature signature = assertion.getSiganture(); */ | |
91 /* System.out.println("Cert:"); */ | |
92 /* System.out.println(signature.getCertificate()); */ | |
93 /* System.out.println("Value: " + signature.getValue()); */ | |
94 /* System.out.println("Digest: " + signature.getDigestValue()); */ | |
95 /* System.out.println("Reference: " + signature.getReference()); */ | |
96 | |
97 } | 66 } |
98 catch(ServiceException e) { | 67 catch(AuthenticationException e) { |
99 //TODO User could not be authenticated | 68 //TODO User could not be authenticated |
100 throw new ServletException(e); | |
101 } | |
102 catch(GeneralSecurityException e) { | |
103 throw new ServletException(e); | 69 throw new ServletException(e); |
104 } | 70 } |
105 } | 71 } |
106 | 72 |
107 private Response auth(String username, String password, String encoding) | 73 private Authentication auth(String username, String password, String encoding) |
108 throws IOException, ServiceException, GeneralSecurityException { | 74 throws AuthenticationException, IOException { |
109 SSLSocketFactory sf = new SSLSocketFactory( | 75 String auth = this.getInitParameter("authentication"); |
110 new GGInATrustStrategy()); | 76 return AuthenticationFactory.getInstance(auth).auth(username, password, encoding); |
111 Scheme https = new Scheme("https", 443, sf); | |
112 HttpClient httpclient = new DefaultHttpClient(); | |
113 httpclient.getConnectionManager().getSchemeRegistry().register(https); | |
114 | |
115 Request httpget = new Request("https://geoportal.bafg.de/" + | |
116 "administration/WAS", username, password, encoding); | |
117 HttpResponse response = httpclient.execute(httpget); | |
118 HttpEntity entity = response.getEntity(); | |
119 if (entity == null) { | |
120 return null; | |
121 } | |
122 else { | |
123 return new Response(entity); | |
124 } | |
125 } | 77 } |
126 } | 78 } |