Mercurial > dive4elements > river
view gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Authenticator.java @ 8839:2c8259176c46
Add configurable time tolerance to SAML ticket validation.
This allows e.g. to account for time skew between the ISP and
the server this servlet is run on.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 28 Jun 2017 20:09:53 +0200 |
parents | ea9eef426962 |
children | d6d5ca6d4af0 cfc0aab9947f |
line wrap: on
line source
/* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde * Software engineering by Intevation GmbH * * This file is Free Software under the GNU AGPL (>=v3) * and comes with ABSOLUTELY NO WARRANTY! Check out the * documentation coming with Dive4Elements River for details. */ package org.dive4elements.river.client.server.auth.was; import java.io.IOException; import java.security.GeneralSecurityException; import javax.servlet.ServletContext; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.StatusLine; import org.apache.http.client.HttpClient; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.dive4elements.river.client.server.GGInATrustStrategy; import org.dive4elements.river.client.server.auth.Authentication; import org.dive4elements.river.client.server.auth.AuthenticationException; import org.dive4elements.river.client.server.features.Features; public class Authenticator implements org.dive4elements.river.client.server.auth.Authenticator { @Override public Authentication auth( String username, String password, String encoding, Features features, ServletContext context ) throws AuthenticationException, IOException { try { SSLSocketFactory sf = new SSLSocketFactory( new GGInATrustStrategy()); Scheme https = new Scheme("https", 443, sf); HttpClient httpclient = new DefaultHttpClient(); httpclient.getConnectionManager().getSchemeRegistry().register( https); Request httpget = new Request("https://geoportal.bafg.de/" + "administration/WAS", username, password, encoding); HttpResponse response = httpclient.execute(httpget); StatusLine stline = response.getStatusLine(); if (stline.getStatusCode() != 200) { throw new AuthenticationException("GGInA Server Error. " + "Statuscode: " + stline.getStatusCode() + ". Reason: " + stline.getReasonPhrase()); } HttpEntity entity = response.getEntity(); if (entity == null) { //FIXME throw AuthenticationException return null; } else { String trustedKey = (String)context.getInitParameter("saml-trusted-public-key"); String timeEpsilon = context.getInitParameter( "saml-time-tolerance"); return new Response(entity, username, password, features, context.getRealPath(trustedKey), timeEpsilon); } } catch(GeneralSecurityException e) { throw new AuthenticationException(e); } } }