Mercurial > dive4elements > river

view gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Authenticator.java @ 8839:2c8259176c46

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add configurable time tolerance to SAML ticket validation. This allows e.g. to account for time skew between the ISP and the server this servlet is run on.
author Tom Gottfried <tom@intevation.de>
date Wed, 28 Jun 2017 20:09:53 +0200
parents ea9eef426962
children d6d5ca6d4af0 cfc0aab9947f
line wrap: on
line source
/* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU AGPL (>=v3)
 * and comes with ABSOLUTELY NO WARRANTY! Check out the
 * documentation coming with Dive4Elements River for details.
 */

package org.dive4elements.river.client.server.auth.was;

import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.servlet.ServletContext;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;

import org.dive4elements.river.client.server.GGInATrustStrategy;
import org.dive4elements.river.client.server.auth.Authentication;
import org.dive4elements.river.client.server.auth.AuthenticationException;
import org.dive4elements.river.client.server.features.Features;

public class Authenticator
implements org.dive4elements.river.client.server.auth.Authenticator {

    @Override
    public Authentication auth(
        String username,
        String password,
        String encoding,
        Features features,
        ServletContext context
    ) throws
        AuthenticationException,
        IOException
    {
            try {
                SSLSocketFactory sf = new SSLSocketFactory(
                        new GGInATrustStrategy());
                Scheme https = new Scheme("https", 443, sf);
                HttpClient httpclient = new DefaultHttpClient();
                httpclient.getConnectionManager().getSchemeRegistry().register(
                        https);

                Request httpget = new Request("https://geoportal.bafg.de/" +
                        "administration/WAS", username, password, encoding);
                HttpResponse response = httpclient.execute(httpget);
                StatusLine stline = response.getStatusLine();
                if (stline.getStatusCode() != 200) {
                    throw new AuthenticationException("GGInA Server Error. " +
                            "Statuscode: " + stline.getStatusCode() +
                            ". Reason: " + stline.getReasonPhrase());
                }
                HttpEntity entity = response.getEntity();
                if (entity == null) {
                    //FIXME throw AuthenticationException
                    return null;
                }
                else {
                    String trustedKey =
                    (String)context.getInitParameter("saml-trusted-public-key");
                    String timeEpsilon = context.getInitParameter(
                        "saml-time-tolerance");
                    return new Response(entity, username, password, features,
                        context.getRealPath(trustedKey), timeEpsilon);
                }
            }
            catch(GeneralSecurityException e) {
                throw new AuthenticationException(e);
            }
    }
}
http://dive4elements.wald.intevation.org