Mercurial > dive4elements > river

view gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java @ 5953:24dc13ac8e6c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add AuthenticationServlet, a common base class for the login servlets LoginServlet and SamlServlet to reduce code duplication.
author Bernhard Herzog <bh@intevation.de>
date Wed, 08 May 2013 17:57:51 +0200
parents 38d161edba77
children ea9eef426962
line wrap: on
line source
/* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU AGPL (>=v3) 
 * and comes with ABSOLUTELY NO WARRANTY! Check out the
 * documentation coming with Dive4Elements River for details. 
 */

package org.dive4elements.river.client.server;

import java.io.IOException;
import java.io.InputStream;
import java.io.StringBufferInputStream;

import javax.servlet.ServletException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.codec.binary.Base64InputStream;

import org.apache.log4j.Logger;

import org.dive4elements.river.client.server.auth.AuthenticationException;
import org.dive4elements.river.client.server.auth.User;
import org.dive4elements.river.client.server.auth.saml.TicketValidator;
import org.dive4elements.river.client.server.auth.saml.Assertion;
import org.dive4elements.river.client.server.features.Features;


public class SamlServlet extends AuthenticationServlet {

    private static Logger logger = Logger.getLogger(SamlServlet.class);

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException
    {
        String encoding = req.getCharacterEncoding();
        String samlTicketXML = req.getParameter("samlTicket");

        logger.debug("Processing post request");

        if (samlTicketXML == null) {
            logger.debug("No saml ticket provided");
            this.redirectFailure(resp, req.getContextPath());
            return;
        }

        try {
            User user = this.auth(samlTicketXML);
            if (user == null) {
                logger.debug("Authentication not successful");
                this.redirectFailure(resp, req.getContextPath());
                return;
            }
            this.performLogin(req, resp, user);
        }
        catch(AuthenticationException e) {
            logger.error(e, e);
            this.redirectFailure(resp, req.getContextPath(), e);
        }
    }

    private User auth(String samlTicketXML)
        throws AuthenticationException, IOException
    {
        ServletContext sc = this.getServletContext();

        Assertion assertion = null;
        try {
            String keyfile =
                (String)sc.getInitParameter("saml-trusted-public-key");
            TicketValidator validator =
                new TicketValidator(sc.getRealPath(keyfile));

            InputStream in = new StringBufferInputStream(samlTicketXML);
            assertion = validator.checkTicket(new Base64InputStream(in));
        }
        catch (Exception e) {
            logger.error(e.getLocalizedMessage(), e);
        }
        if (assertion == null) {
            throw new AuthenticationException("Login failed.");
        }

        Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
        return new org.dive4elements.river.client.server.auth.saml.User(
            assertion, features.getFeatures(assertion.getRoles()), null);
    }
}
http://dive4elements.wald.intevation.org