Mercurial > dive4elements > river
view gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java @ 6187:7bc35bbd8b27
Store the SAML ticket in the user object after authentication.
The SAML ticket will be needed to allow single sign-on to work for the
links into the wiki that are used in several places in the UI.
Part of flys/issue1265
author | Bernhard Herzog <bh@intevation.de> |
---|---|
date | Tue, 04 Jun 2013 17:13:50 +0200 |
parents | b689d2b9d167 |
children | 238fc722f87a |
line wrap: on
line source
/* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde * Software engineering by Intevation GmbH * * This file is Free Software under the GNU AGPL (>=v3) * and comes with ABSOLUTELY NO WARRANTY! Check out the * documentation coming with Dive4Elements River for details. */ package org.dive4elements.river.client.server; import java.io.IOException; import java.io.InputStream; import java.io.StringBufferInputStream; import javax.servlet.ServletException; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.codec.binary.Base64InputStream; import org.apache.log4j.Logger; import org.dive4elements.river.client.server.auth.AuthenticationException; import org.dive4elements.river.client.server.auth.User; import org.dive4elements.river.client.server.auth.saml.TicketValidator; import org.dive4elements.river.client.server.auth.saml.Assertion; import org.dive4elements.river.client.server.features.Features; public class SamlServlet extends AuthenticationServlet { private static Logger logger = Logger.getLogger(SamlServlet.class); @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String encoding = req.getCharacterEncoding(); String samlTicketXML = req.getParameter("saml"); logger.debug("Processing post request"); if (samlTicketXML == null) { logger.debug("No saml ticket provided"); this.redirectFailure(resp, req.getContextPath()); return; } try { User user = this.auth(samlTicketXML); if (user == null) { logger.debug("Authentication not successful"); this.redirectFailure(resp, req.getContextPath()); return; } this.performLogin(req, resp, user); } catch(AuthenticationException e) { logger.error(e, e); this.redirectFailure(resp, req.getContextPath(), e); } } private User auth(String samlTicketXML) throws AuthenticationException, IOException { ServletContext sc = this.getServletContext(); Assertion assertion = null; try { String keyfile = (String)sc.getInitParameter("saml-trusted-public-key"); TicketValidator validator = new TicketValidator(sc.getRealPath(keyfile)); InputStream in = new StringBufferInputStream(samlTicketXML); assertion = validator.checkTicket(new Base64InputStream(in)); } catch (Exception e) { logger.error(e.getLocalizedMessage(), e); } if (assertion == null) { throw new AuthenticationException("Login failed."); } Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); return new org.dive4elements.river.client.server.auth.saml.User( assertion, samlTicketXML, features.getFeatures(assertion.getRoles()), null); } }