Mercurial > dive4elements > river
diff flys-client/src/main/java/de/intevation/flys/client/server/LoginServlet.java @ 2950:192eddbbd4cf
Implement a login page to be able to authenticate a user
The username and password requested by the login.jsp are send to
the LoginServlet. The credentials are afterwards used to authenticate
the user against GGinA.
flys-client/trunk@4928 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Bjoern Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Wed, 11 Jul 2012 10:37:10 +0000 |
parents | |
children | d7f76f197d89 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/flys-client/src/main/java/de/intevation/flys/client/server/LoginServlet.java Wed Jul 11 10:37:10 2012 +0000 @@ -0,0 +1,126 @@ +package de.intevation.flys.client.server; + +import java.io.IOException; +import java.security.GeneralSecurityException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.ssl.SSLSocketFactory; +import org.apache.http.impl.client.DefaultHttpClient; + +import org.apache.log4j.Logger; + +import de.intevation.flys.client.server.was.Assertion; +import de.intevation.flys.client.server.was.User; +import de.intevation.flys.client.server.was.Request; +import de.intevation.flys.client.server.was.Response; +import de.intevation.flys.client.server.was.ServiceException; +import de.intevation.flys.client.server.was.Signature; + + + +public class LoginServlet extends HttpServlet { + + private static Logger logger = Logger.getLogger(LoginServlet.class); + + private void redirectFailure(HttpServletResponse resp) throws IOException { + resp.sendRedirect("/login.jsp"); + } + + private void redirectSuccess(HttpServletResponse resp, String uri) throws IOException { + if (uri == null) { + uri = "/FLYS.html"; + } + resp.sendRedirect(uri); + } + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + logger.debug("Processing get request"); + this.redirectFailure(resp); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + String encoding = req.getCharacterEncoding(); + String username = req.getParameter("username"); + String password = req.getParameter("password"); + + logger.debug("Processing post request"); + + if (username == null || password == null) { + logger.debug("No username or password provided"); + this.redirectFailure(resp); + } + try { + Response wasresp = this.auth(username, password, encoding); + if (wasresp == null || !wasresp.isSuccess()) { + logger.debug("Athentication not successful"); + this.redirectFailure(resp); + } + HttpSession session = req.getSession(); + User user = new User(username, password); + session.setAttribute("user", user); + + String uri = (String)session.getAttribute("requesturi"); + + this.redirectSuccess(resp, uri); + + /* Assertion assertion = wasresponse.getAssertion(); */ + /* System.out.println("ID: " + assertion.getID()); */ + /* System.out.println("UserID: " + assertion.getUserID()); */ + /* System.out.println("NameID: " + assertion.getNameID()); */ + /* System.out.println("GroupID: " + assertion.getGroupID()); */ + /* System.out.println("GroupName: " + assertion.getGroupName()); */ + /* System.out.println("From: " + assertion.getFrom()); */ + /* System.out.println("Until: " + assertion.getUntil()); */ + /* for(String role : assertion.getRoles()) { */ + /* System.out.println("Role: " + role); */ + /* } */ + /* Signature signature = assertion.getSiganture(); */ + /* System.out.println("Cert:"); */ + /* System.out.println(signature.getCertificate()); */ + /* System.out.println("Value: " + signature.getValue()); */ + /* System.out.println("Digest: " + signature.getDigestValue()); */ + /* System.out.println("Reference: " + signature.getReference()); */ + + } + catch(ServiceException e) { + //TODO User could not be authenticated + throw new ServletException(e); + } + catch(GeneralSecurityException e) { + throw new ServletException(e); + } + } + + private Response auth(String username, String password, String encoding) + throws IOException, ServiceException, GeneralSecurityException { + SSLSocketFactory sf = new SSLSocketFactory( + new GGInATrustStrategy()); + Scheme https = new Scheme("https", 443, sf); + HttpClient httpclient = new DefaultHttpClient(); + httpclient.getConnectionManager().getSchemeRegistry().register(https); + + Request httpget = new Request("https://geoportal.bafg.de/" + + "administration/WAS", username, password, encoding); + HttpResponse response = httpclient.execute(httpget); + HttpEntity entity = response.getEntity(); + if (entity == null) { + return null; + } + else { + return new Response(entity); + } + } +}