Mercurial > dive4elements > river
view flys-client/src/main/java/de/intevation/flys/client/server/LoginServlet.java @ 2950:192eddbbd4cf
Implement a login page to be able to authenticate a user
The username and password requested by the login.jsp are send to
the LoginServlet. The credentials are afterwards used to authenticate
the user against GGinA.
flys-client/trunk@4928 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Bjoern Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Wed, 11 Jul 2012 10:37:10 +0000 |
parents | |
children | d7f76f197d89 |
line wrap: on
line source
package de.intevation.flys.client.server; import java.io.IOException; import java.security.GeneralSecurityException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.log4j.Logger; import de.intevation.flys.client.server.was.Assertion; import de.intevation.flys.client.server.was.User; import de.intevation.flys.client.server.was.Request; import de.intevation.flys.client.server.was.Response; import de.intevation.flys.client.server.was.ServiceException; import de.intevation.flys.client.server.was.Signature; public class LoginServlet extends HttpServlet { private static Logger logger = Logger.getLogger(LoginServlet.class); private void redirectFailure(HttpServletResponse resp) throws IOException { resp.sendRedirect("/login.jsp"); } private void redirectSuccess(HttpServletResponse resp, String uri) throws IOException { if (uri == null) { uri = "/FLYS.html"; } resp.sendRedirect(uri); } @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { logger.debug("Processing get request"); this.redirectFailure(resp); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String encoding = req.getCharacterEncoding(); String username = req.getParameter("username"); String password = req.getParameter("password"); logger.debug("Processing post request"); if (username == null || password == null) { logger.debug("No username or password provided"); this.redirectFailure(resp); } try { Response wasresp = this.auth(username, password, encoding); if (wasresp == null || !wasresp.isSuccess()) { logger.debug("Athentication not successful"); this.redirectFailure(resp); } HttpSession session = req.getSession(); User user = new User(username, password); session.setAttribute("user", user); String uri = (String)session.getAttribute("requesturi"); this.redirectSuccess(resp, uri); /* Assertion assertion = wasresponse.getAssertion(); */ /* System.out.println("ID: " + assertion.getID()); */ /* System.out.println("UserID: " + assertion.getUserID()); */ /* System.out.println("NameID: " + assertion.getNameID()); */ /* System.out.println("GroupID: " + assertion.getGroupID()); */ /* System.out.println("GroupName: " + assertion.getGroupName()); */ /* System.out.println("From: " + assertion.getFrom()); */ /* System.out.println("Until: " + assertion.getUntil()); */ /* for(String role : assertion.getRoles()) { */ /* System.out.println("Role: " + role); */ /* } */ /* Signature signature = assertion.getSiganture(); */ /* System.out.println("Cert:"); */ /* System.out.println(signature.getCertificate()); */ /* System.out.println("Value: " + signature.getValue()); */ /* System.out.println("Digest: " + signature.getDigestValue()); */ /* System.out.println("Reference: " + signature.getReference()); */ } catch(ServiceException e) { //TODO User could not be authenticated throw new ServletException(e); } catch(GeneralSecurityException e) { throw new ServletException(e); } } private Response auth(String username, String password, String encoding) throws IOException, ServiceException, GeneralSecurityException { SSLSocketFactory sf = new SSLSocketFactory( new GGInATrustStrategy()); Scheme https = new Scheme("https", 443, sf); HttpClient httpclient = new DefaultHttpClient(); httpclient.getConnectionManager().getSchemeRegistry().register(https); Request httpget = new Request("https://geoportal.bafg.de/" + "administration/WAS", username, password, encoding); HttpResponse response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); if (entity == null) { return null; } else { return new Response(entity); } } }