Mercurial > dive4elements > river

view flys-client/src/main/java/de/intevation/flys/client/server/LoginServlet.java @ 2950:192eddbbd4cf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement a login page to be able to authenticate a user The username and password requested by the login.jsp are send to the LoginServlet. The credentials are afterwards used to authenticate the user against GGinA. flys-client/trunk@4928 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author Bjoern Ricks <bjoern.ricks@intevation.de>
date Wed, 11 Jul 2012 10:37:10 +0000
parents
children d7f76f197d89
line wrap: on
line source
package de.intevation.flys.client.server;

import java.io.IOException;
import java.security.GeneralSecurityException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.log4j.Logger;

import de.intevation.flys.client.server.was.Assertion;
import de.intevation.flys.client.server.was.User;
import de.intevation.flys.client.server.was.Request;
import de.intevation.flys.client.server.was.Response;
import de.intevation.flys.client.server.was.ServiceException;
import de.intevation.flys.client.server.was.Signature;



public class LoginServlet extends HttpServlet {

    private static Logger logger = Logger.getLogger(LoginServlet.class);

    private void redirectFailure(HttpServletResponse resp) throws IOException {
        resp.sendRedirect("/login.jsp");
    }

    private void redirectSuccess(HttpServletResponse resp, String uri) throws IOException {
        if (uri == null) {
            uri = "/FLYS.html";
        }
        resp.sendRedirect(uri);
    }

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
        logger.debug("Processing get request");
        this.redirectFailure(resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
        String encoding = req.getCharacterEncoding();
        String username = req.getParameter("username");
        String password = req.getParameter("password");

        logger.debug("Processing post request");

        if (username == null || password == null) {
            logger.debug("No username or password provided");
            this.redirectFailure(resp);
        }
        try {
            Response wasresp = this.auth(username, password, encoding);
            if (wasresp == null || !wasresp.isSuccess()) {
                logger.debug("Athentication not successful");
                this.redirectFailure(resp);
            }
            HttpSession session = req.getSession();
            User user = new User(username, password);
            session.setAttribute("user", user);

            String uri = (String)session.getAttribute("requesturi");

            this.redirectSuccess(resp, uri);

            /* Assertion assertion = wasresponse.getAssertion(); */
            /* System.out.println("ID: " + assertion.getID()); */
            /* System.out.println("UserID: " + assertion.getUserID()); */
            /* System.out.println("NameID: " + assertion.getNameID()); */
            /* System.out.println("GroupID: " + assertion.getGroupID()); */
            /* System.out.println("GroupName: " + assertion.getGroupName()); */
            /* System.out.println("From: " + assertion.getFrom()); */
            /* System.out.println("Until: " + assertion.getUntil()); */
            /* for(String role : assertion.getRoles()) { */
            /*     System.out.println("Role: " + role); */
            /* } */
            /* Signature signature = assertion.getSiganture(); */
            /* System.out.println("Cert:"); */
            /* System.out.println(signature.getCertificate()); */
            /* System.out.println("Value: " + signature.getValue()); */
            /* System.out.println("Digest: " + signature.getDigestValue()); */
            /* System.out.println("Reference: " + signature.getReference()); */

        }
        catch(ServiceException e) {
            //TODO User could not be authenticated
            throw new ServletException(e);
        }
        catch(GeneralSecurityException e) {
            throw new ServletException(e);
        }
    }

    private Response auth(String username, String password, String encoding)
        throws IOException, ServiceException, GeneralSecurityException {
            SSLSocketFactory sf = new SSLSocketFactory(
                    new GGInATrustStrategy());
            Scheme https = new Scheme("https", 443, sf);
            HttpClient httpclient = new DefaultHttpClient();
            httpclient.getConnectionManager().getSchemeRegistry().register(https);

            Request httpget = new Request("https://geoportal.bafg.de/" +
                    "administration/WAS", username, password, encoding);
            HttpResponse response = httpclient.execute(httpget);
            HttpEntity entity = response.getEntity();
            if (entity == null) {
                return null;
            }
            else {
                return new Response(entity);
            }
    }
}
http://dive4elements.wald.intevation.org