Mercurial > dive4elements > river
view gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java @ 9577:ca19b7186294
Logging saml group-name in authentication log
author | gernotbelger |
---|---|
date | Tue, 13 Nov 2018 13:02:00 +0100 |
parents | d6d5ca6d4af0 |
children |
line wrap: on
line source
/* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde * Software engineering by Intevation GmbH * * This file is Free Software under the GNU AGPL (>=v3) * and comes with ABSOLUTELY NO WARRANTY! Check out the * documentation coming with Dive4Elements River for details. */ package org.dive4elements.river.client.server; import java.io.IOException; import java.io.InputStream; import java.io.StringBufferInputStream; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.codec.binary.Base64InputStream; import org.apache.log4j.Logger; import org.dive4elements.river.client.server.auth.AuthenticationException; import org.dive4elements.river.client.server.auth.User; import org.dive4elements.river.client.server.auth.saml.Assertion; import org.dive4elements.river.client.server.auth.saml.TicketValidator; import org.dive4elements.river.client.server.auth.was.Response; import org.dive4elements.river.client.server.features.Features; public class SamlServlet extends AuthenticationServlet { private static Logger log = Logger.getLogger(SamlServlet.class); @Override protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { // final String encoding = req.getCharacterEncoding(); final String samlTicketXML = req.getParameter("saml"); log.debug("Processing post request"); if (samlTicketXML == null) { log.debug("No saml ticket provided"); this.redirectFailure(resp, req.getContextPath()); return; } try { final User user = this.auth(samlTicketXML); if (user == null) { log.debug("Authentication not successful"); this.redirectFailure(resp, req.getContextPath()); return; } final String userGroup = user.getUserGroup(); log.info(String.format("SAML-Authentication successfull: group = '%s'", userGroup)); this.performLogin(req, resp, user); } catch (final AuthenticationException e) { log.error(e, e); this.redirectFailure(resp, req.getContextPath(), e); } } private User auth(final String samlTicketXML) throws AuthenticationException { final ServletContext sc = this.getServletContext(); Assertion assertion = null; try { final String keyfile = sc.getInitParameter("saml-trusted-public-key"); final int timeEps = Integer.parseInt(sc.getInitParameter("saml-time-tolerance")); final TicketValidator validator = new TicketValidator(sc.getRealPath(keyfile), timeEps); final InputStream in = new StringBufferInputStream(samlTicketXML); assertion = validator.checkTicket(new Base64InputStream(in)); } catch (final Exception e) { log.error(e.getLocalizedMessage(), e); } if (assertion == null) throw new AuthenticationException("Login failed."); final Features features = (Features) sc.getAttribute(Features.CONTEXT_ATTRIBUTE); return Response.createUser(null, samlTicketXML, assertion, features); } }