Mercurial > dive4elements > river
diff gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 9497:d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile.
Some cleanup/refaktoring.
author | gernotbelger |
---|---|
date | Thu, 27 Sep 2018 17:40:39 +0200 |
parents | 5e38e2924c07 |
children |
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Mon Sep 17 19:07:57 2018 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Thu Sep 27 17:40:39 2018 +0200 @@ -14,50 +14,42 @@ import java.util.List; import org.apache.commons.codec.binary.Base64InputStream; - import org.apache.http.HttpEntity; import org.apache.http.util.EntityUtils; - import org.apache.log4j.Logger; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; - import org.dive4elements.artifacts.httpclient.utils.XMLUtils; import org.dive4elements.river.client.server.auth.Authentication; import org.dive4elements.river.client.server.auth.AuthenticationException; +import org.dive4elements.river.client.server.auth.DefaultUser; +import org.dive4elements.river.client.server.auth.User; import org.dive4elements.river.client.server.auth.saml.Assertion; -import org.dive4elements.river.client.server.auth.saml.XPathUtils; import org.dive4elements.river.client.server.auth.saml.TicketValidator; -import org.dive4elements.river.client.server.auth.saml.User; - +import org.dive4elements.river.client.server.auth.saml.XPathUtils; import org.dive4elements.river.client.server.features.Features; - +import org.w3c.dom.Document; +import org.w3c.dom.Element; public class Response implements Authentication { private static Logger log = Logger.getLogger(Response.class); - private Element root; - private String samlTicketXML; + private final Element root; + private final String samlTicketXML; private Assertion assertion; - private String username; - private String password; - private Features features; - private String trustedKeyFile; - private String timeEpsilon; + private final String password; + private final Features features; + private final String trustedKeyFile; + private final String timeEpsilon; - - public Response(HttpEntity entity, String username, String password, - Features features, String trustedKeyFile, String timeEpsilon) - throws AuthenticationException, IOException { + public Response(final HttpEntity entity, final String password, final Features features, final String trustedKeyFile, + final String timeEpsilon) throws AuthenticationException, IOException { if (entity == null) { throw new ServiceException("Invalid response"); } - String contenttype = entity.getContentType().getValue(); - String samlTicketXML = EntityUtils.toString(entity); + final String contenttype = entity.getContentType().getValue(); + final String samlTicketXML = EntityUtils.toString(entity); InputStream in = new StringBufferInputStream(samlTicketXML); @@ -66,18 +58,15 @@ in = new Base64InputStream(in); } - Document doc = XMLUtils.readDocument(in); - Element root = doc.getDocumentElement(); - String rname = root.getTagName(); + final Document doc = XMLUtils.readDocument(in); + final Element root = doc.getDocumentElement(); + final String rname = root.getTagName(); - if (rname != null && rname.equals("ServiceExceptionReport")) { - throw new ServiceException(XPathUtils.xpathString(root, - "ServiceException")); - } + if (rname != null && rname.equals("ServiceExceptionReport")) + throw new ServiceException(XPathUtils.xpathString(root, "ServiceException")); this.samlTicketXML = samlTicketXML; this.root = root; - this.username = username; this.password = password; this.features = features; this.trustedKeyFile = trustedKeyFile; @@ -86,25 +75,22 @@ @Override public boolean isSuccess() { - String status = getStatus(); + final String status = getStatus(); return status != null && status.equals("samlp:Success"); } - public String getStatus() { - return XPathUtils.xpathString(this.root, - "./samlp:Status/samlp:StatusCode/@Value"); + private String getStatus() { + return XPathUtils.xpathString(this.root, "./samlp:Status/samlp:StatusCode/@Value"); } - - public Assertion getAssertion() { + private Assertion getAssertion() { if (this.assertion == null && this.root != null) { try { - int timeEps = Integer.parseInt(this.timeEpsilon); - TicketValidator validator = - new TicketValidator(this.trustedKeyFile, timeEps); + final int timeEps = Integer.parseInt(this.timeEpsilon); + final TicketValidator validator = new TicketValidator(this.trustedKeyFile, timeEps); this.assertion = validator.checkTicket(this.root); } - catch (Exception e) { + catch (final Exception e) { log.error(e.getLocalizedMessage(), e); } } @@ -113,16 +99,32 @@ @Override public User getUser() throws AuthenticationException { - Assertion assertion = this.getAssertion(); - if (assertion == null) { - throw new AuthenticationException( - "Response doesn't contain an assertion"); - } - List<String> features = this.features.getFeatures( - this.assertion.getRoles()); - log.debug("User " + this.username + " with features " + features + - " successfully authenticated."); - return new User(assertion, this.samlTicketXML, features, this.password); + final Assertion assertion = this.getAssertion(); + if (assertion == null) + throw new AuthenticationException("Response doesn't contain an assertion"); + + final DefaultUser user = createUser(this.password, this.samlTicketXML, assertion, this.features); + + log.debug("User " + user.getName() + " with features " + user.getAllowedFeatures() + " successfully authenticated."); + + return user; } -} -// vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: + + public static DefaultUser createUser(final String password, final String samlTicketXML, final Assertion assertion, final Features features) { + final List<String> roles = assertion.getRoles(); + + final List<String> allowedFeatures = features.getFeatures(roles); + + // We could check the validity dates of the assertion here, but + // when using this for Single-Sign-On this would lead to the + // code in GGInAFilter to re-authenticate with the password + // stored in the User object, which isn't known in the case of + // Single-Sign-On. + final boolean expired = false; + + final String username = assertion.getNameID(); + final String userGroup = assertion.getGroupName(); + + return new DefaultUser(username, password, samlTicketXML, expired, roles, allowedFeatures, userGroup); + } +} \ No newline at end of file