Mercurial > dive4elements > river
view flys-client/src/main/java/de/intevation/flys/client/server/auth/was/Assertion.java @ 4488:5041105d2edd
Check if response code from GGInA is 200 OK
Only parse the GGInA response if the status code is 200 OK. This improves the
error message if GGInA is not available and shows the real reason instead of a
JDOM error while parsing the response.
| author | Björn Ricks <bjoern.ricks@intevation.de> |
|---|---|
| date | Wed, 14 Nov 2012 10:36:21 +0100 |
| parents | adcb8aee1910 |
| children |
line wrap: on
line source
package de.intevation.flys.client.server.auth.was; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Iterator; import java.util.Date; import java.util.List; import java.util.LinkedList; import org.apache.log4j.Logger; import org.jdom.Element; public class Assertion { private static Logger logger = Logger.getLogger(Assertion.class); private Element assertion; private LinkedList<String> roles; private String assertion_id; private String user_id; private String name_id; private String group_id; private String group_name; private Date notbefore; private Date notonorafter; private Signature signature; private static final String ATTR_CONT_USER_ID = "urn:conterra:names:sdi-suite:policy:attribute:user-id"; private static final String ATTR_CONT_GROUP_ID = "urn:conterra:names:sdi-suite:policy:attribute:group-id"; private static final String ATTR_CONT_GROUP_NAME = "urn:conterra:names:sdi-suite:policy:attribute:group-name"; private static final String ATTR_CONT_ROLE = "urn:conterra:names:sdi-suite:policy:attribute:role"; public Assertion(Element assertion) { this.assertion = assertion; this.roles = new LinkedList<String>(); this.assertion_id = assertion.getAttributeValue("AssertionID"); this.parseContition(); this.parseAttributeStatement(); } private void parseContition() { Element condition = this.assertion.getChild("Conditions", Namespaces.SAML_NS_ASSERT); if (condition != null) { SimpleDateFormat dateformat = new SimpleDateFormat(); // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's only // available in java 7+ dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); String from = condition.getAttributeValue("NotBefore"); if (from != null) { try { this.notbefore = dateformat.parse(from); } catch(ParseException e) { logger.error("Unknown datetime format for Condition " + "NotBefore " + from); } } String until = condition.getAttributeValue("NotOnOrAfter"); logger.debug("Session is valid until " + until); if (until != null) { try { this.notonorafter = dateformat.parse(until); } catch(ParseException e) { logger.error("Unknown datetime format for Condition " + "NotOnOrAfter " + until); } } } } private void parseAttributeStatement() { Element attrstatement = this.assertion.getChild("AttributeStatement", Namespaces.SAML_NS_ASSERT); if (attrstatement != null) { Element subject = attrstatement.getChild("Subject", Namespaces.SAML_NS_ASSERT); if (subject != null) { this.name_id = subject.getChildText("NameIdentifier", Namespaces.SAML_NS_ASSERT); } List attributes = attrstatement.getChildren("Attribute", Namespaces.SAML_NS_ASSERT); for(Iterator i = attributes.iterator(); i.hasNext();) { Element attr = (Element)i.next(); String attrname = attr.getAttributeValue("AttributeName"); if (attrname.equals(ATTR_CONT_USER_ID)) { this.user_id = this.getAttributeValue(attr); } else if (attrname.equals(ATTR_CONT_GROUP_ID)) { this.group_id = this.getAttributeValue(attr); } else if (attrname.equals(ATTR_CONT_GROUP_NAME)) { this.group_name = this.getAttributeValue(attr); } else if (attrname.equals(ATTR_CONT_ROLE)) { List roles = attr.getChildren("AttributeValue", Namespaces.SAML_NS_ASSERT); for(Iterator j = roles.iterator(); j.hasNext();) { Element role = (Element)j.next(); this.roles.add(role.getText()); } } else { logger.debug("Unknown AttributeName " + attrname + " found while parsing AttributeStatement."); } } } } private String getAttributeValue(Element attr) { return attr.getChildText("AttributeValue", Namespaces.SAML_NS_ASSERT); } public List<String> getRoles() { return this.roles; } public Boolean isValid() { // TODO: // check signature digest // check signature value // check signature cert return false; } public Signature getSiganture() { if (this.signature == null) { Element signature = this.assertion.getChild("Signature", Namespaces.XML_SIG_NS); if (signature != null) { this.signature = new Signature(signature); } } return this.signature; } public String getUserID() { return this.user_id; } public String getNameID() { return this.name_id; } public String getGroupID() { return this.group_id; } public String getGroupName() { return this.group_name; } public String getID() { return this.assertion_id; } public Date getFrom() { return this.notbefore; } public Date getUntil() { return this.notonorafter; } } // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: