Mercurial > dive4elements > river

diff gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 9497:d6d5ca6d4af0
Enabled logging of saml-group-name in log-ing logfile. Some cleanup/refaktoring.
author: gernotbelger
date: Thu, 27 Sep 2018 17:40:39 +0200
parents: 5e38e2924c07
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Mon Sep 17 19:07:57 2018 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Thu Sep 27 17:40:39 2018 +0200
@@ -14,50 +14,42 @@
 import java.util.List;
 
 import org.apache.commons.codec.binary.Base64InputStream;
-
 import org.apache.http.HttpEntity;
 import org.apache.http.util.EntityUtils;
-
 import org.apache.log4j.Logger;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
 import org.dive4elements.artifacts.httpclient.utils.XMLUtils;
 import org.dive4elements.river.client.server.auth.Authentication;
 import org.dive4elements.river.client.server.auth.AuthenticationException;
+import org.dive4elements.river.client.server.auth.DefaultUser;
+import org.dive4elements.river.client.server.auth.User;
 import org.dive4elements.river.client.server.auth.saml.Assertion;
-import org.dive4elements.river.client.server.auth.saml.XPathUtils;
 import org.dive4elements.river.client.server.auth.saml.TicketValidator;
-import org.dive4elements.river.client.server.auth.saml.User;
-
+import org.dive4elements.river.client.server.auth.saml.XPathUtils;
 import org.dive4elements.river.client.server.features.Features;
-
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 public class Response implements Authentication {
 
     private static Logger log = Logger.getLogger(Response.class);
 
-    private Element root;
-    private String samlTicketXML;
+    private final Element root;
+    private final String samlTicketXML;
     private Assertion assertion;
-    private String username;
-    private String password;
-    private Features features;
-    private String trustedKeyFile;
-    private String timeEpsilon;
+    private final String password;
+    private final Features features;
+    private final String trustedKeyFile;
+    private final String timeEpsilon;
 
-
-    public Response(HttpEntity entity, String username, String password,
-            Features features, String trustedKeyFile, String timeEpsilon)
-        throws AuthenticationException, IOException {
+    public Response(final HttpEntity entity, final String password, final Features features, final String trustedKeyFile,
+            final String timeEpsilon) throws AuthenticationException, IOException {
 
         if (entity == null) {
             throw new ServiceException("Invalid response");
         }
 
-        String contenttype = entity.getContentType().getValue();
-        String samlTicketXML = EntityUtils.toString(entity);
+        final String contenttype = entity.getContentType().getValue();
+        final String samlTicketXML = EntityUtils.toString(entity);
 
         InputStream in = new StringBufferInputStream(samlTicketXML);
 
@@ -66,18 +58,15 @@
             in = new Base64InputStream(in);
         }
 
-        Document doc = XMLUtils.readDocument(in);
-        Element root = doc.getDocumentElement();
-        String rname = root.getTagName();
+        final Document doc = XMLUtils.readDocument(in);
+        final Element root = doc.getDocumentElement();
+        final String rname = root.getTagName();
 
-        if (rname != null && rname.equals("ServiceExceptionReport")) {
-            throw new ServiceException(XPathUtils.xpathString(root,
-                                                          "ServiceException"));
-        }
+        if (rname != null && rname.equals("ServiceExceptionReport"))
+            throw new ServiceException(XPathUtils.xpathString(root, "ServiceException"));
 
         this.samlTicketXML = samlTicketXML;
         this.root = root;
-        this.username = username;
         this.password = password;
         this.features = features;
         this.trustedKeyFile = trustedKeyFile;
@@ -86,25 +75,22 @@
 
     @Override
     public boolean isSuccess() {
-        String status = getStatus();
+        final String status = getStatus();
         return status != null && status.equals("samlp:Success");
     }
 
-    public String getStatus() {
-        return XPathUtils.xpathString(this.root,
-            "./samlp:Status/samlp:StatusCode/@Value");
+    private String getStatus() {
+        return XPathUtils.xpathString(this.root, "./samlp:Status/samlp:StatusCode/@Value");
     }
 
-
-    public Assertion getAssertion() {
+    private Assertion getAssertion() {
         if (this.assertion == null && this.root != null) {
             try {
-                int timeEps = Integer.parseInt(this.timeEpsilon);
-                TicketValidator validator =
-                    new TicketValidator(this.trustedKeyFile, timeEps);
+                final int timeEps = Integer.parseInt(this.timeEpsilon);
+                final TicketValidator validator = new TicketValidator(this.trustedKeyFile, timeEps);
                 this.assertion = validator.checkTicket(this.root);
             }
-            catch (Exception e) {
+            catch (final Exception e) {
                 log.error(e.getLocalizedMessage(), e);
             }
         }
@@ -113,16 +99,32 @@
 
     @Override
     public User getUser() throws AuthenticationException {
-        Assertion assertion = this.getAssertion();
-        if (assertion == null) {
-            throw new AuthenticationException(
-                "Response doesn't contain an assertion");
-        }
-        List<String> features = this.features.getFeatures(
-                this.assertion.getRoles());
-        log.debug("User " + this.username + " with features " + features +
-                     " successfully authenticated.");
-        return new User(assertion, this.samlTicketXML, features, this.password);
+        final Assertion assertion = this.getAssertion();
+        if (assertion == null)
+            throw new AuthenticationException("Response doesn't contain an assertion");
+
+        final DefaultUser user = createUser(this.password, this.samlTicketXML, assertion, this.features);
+
+        log.debug("User " + user.getName() + " with features " + user.getAllowedFeatures() + " successfully authenticated.");
+
+        return user;
     }
-}
-// vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:
+
+    public static DefaultUser createUser(final String password, final String samlTicketXML, final Assertion assertion, final Features features) {
+        final List<String> roles = assertion.getRoles();
+
+        final List<String> allowedFeatures = features.getFeatures(roles);
+
+        // We could check the validity dates of the assertion here, but
+        // when using this for Single-Sign-On this would lead to the
+        // code in GGInAFilter to re-authenticate with the password
+        // stored in the User object, which isn't known in the case of
+        // Single-Sign-On.
+        final boolean expired = false;
+
+        final String username = assertion.getNameID();
+        final String userGroup = assertion.getGroupName();
+
+        return new DefaultUser(username, password, samlTicketXML, expired, roles, allowedFeatures, userGroup);
+    }
+}
\ No newline at end of file
author	gernotbelger
date	Thu, 27 Sep 2018 17:40:39 +0200
parents	5e38e2924c07
children