Mercurial > dive4elements > river

diff flys-client/src/main/java/de/intevation/flys/client/server/LoginServlet.java @ 2950:192eddbbd4cf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement a login page to be able to authenticate a user The username and password requested by the login.jsp are send to the LoginServlet. The credentials are afterwards used to authenticate the user against GGinA. flys-client/trunk@4928 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author Bjoern Ricks <bjoern.ricks@intevation.de>
date Wed, 11 Jul 2012 10:37:10 +0000
parents
children d7f76f197d89
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/flys-client/src/main/java/de/intevation/flys/client/server/LoginServlet.java	Wed Jul 11 10:37:10 2012 +0000
@@ -0,0 +1,126 @@
+package de.intevation.flys.client.server;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+
+import org.apache.log4j.Logger;
+
+import de.intevation.flys.client.server.was.Assertion;
+import de.intevation.flys.client.server.was.User;
+import de.intevation.flys.client.server.was.Request;
+import de.intevation.flys.client.server.was.Response;
+import de.intevation.flys.client.server.was.ServiceException;
+import de.intevation.flys.client.server.was.Signature;
+
+
+
+public class LoginServlet extends HttpServlet {
+
+    private static Logger logger = Logger.getLogger(LoginServlet.class);
+
+    private void redirectFailure(HttpServletResponse resp) throws IOException {
+        resp.sendRedirect("/login.jsp");
+    }
+
+    private void redirectSuccess(HttpServletResponse resp, String uri) throws IOException {
+        if (uri == null) {
+            uri = "/FLYS.html";
+        }
+        resp.sendRedirect(uri);
+    }
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+        logger.debug("Processing get request");
+        this.redirectFailure(resp);
+    }
+
+    @Override
+    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+        String encoding = req.getCharacterEncoding();
+        String username = req.getParameter("username");
+        String password = req.getParameter("password");
+
+        logger.debug("Processing post request");
+
+        if (username == null || password == null) {
+            logger.debug("No username or password provided");
+            this.redirectFailure(resp);
+        }
+        try {
+            Response wasresp = this.auth(username, password, encoding);
+            if (wasresp == null || !wasresp.isSuccess()) {
+                logger.debug("Athentication not successful");
+                this.redirectFailure(resp);
+            }
+            HttpSession session = req.getSession();
+            User user = new User(username, password);
+            session.setAttribute("user", user);
+
+            String uri = (String)session.getAttribute("requesturi");
+
+            this.redirectSuccess(resp, uri);
+
+            /* Assertion assertion = wasresponse.getAssertion(); */
+            /* System.out.println("ID: " + assertion.getID()); */
+            /* System.out.println("UserID: " + assertion.getUserID()); */
+            /* System.out.println("NameID: " + assertion.getNameID()); */
+            /* System.out.println("GroupID: " + assertion.getGroupID()); */
+            /* System.out.println("GroupName: " + assertion.getGroupName()); */
+            /* System.out.println("From: " + assertion.getFrom()); */
+            /* System.out.println("Until: " + assertion.getUntil()); */
+            /* for(String role : assertion.getRoles()) { */
+            /*     System.out.println("Role: " + role); */
+            /* } */
+            /* Signature signature = assertion.getSiganture(); */
+            /* System.out.println("Cert:"); */
+            /* System.out.println(signature.getCertificate()); */
+            /* System.out.println("Value: " + signature.getValue()); */
+            /* System.out.println("Digest: " + signature.getDigestValue()); */
+            /* System.out.println("Reference: " + signature.getReference()); */
+
+        }
+        catch(ServiceException e) {
+            //TODO User could not be authenticated
+            throw new ServletException(e);
+        }
+        catch(GeneralSecurityException e) {
+            throw new ServletException(e);
+        }
+    }
+
+    private Response auth(String username, String password, String encoding)
+        throws IOException, ServiceException, GeneralSecurityException {
+            SSLSocketFactory sf = new SSLSocketFactory(
+                    new GGInATrustStrategy());
+            Scheme https = new Scheme("https", 443, sf);
+            HttpClient httpclient = new DefaultHttpClient();
+            httpclient.getConnectionManager().getSchemeRegistry().register(https);
+
+            Request httpget = new Request("https://geoportal.bafg.de/" +
+                    "administration/WAS", username, password, encoding);
+            HttpResponse response = httpclient.execute(httpget);
+            HttpEntity entity = response.getEntity();
+            if (entity == null) {
+                return null;
+            }
+            else {
+                return new Response(entity);
+            }
+    }
+}
http://dive4elements.wald.intevation.org