Mercurial > dive4elements > river
view gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java @ 5948:d7b9b3e3c61a
Make instantiation of saml.User easier.
Most of the parameters of the constructor can be taken from the
Assertion object, so there's no reason to pass them separately.
Also, trying to check the validity dates isn't useful for the single
sign on case. See comments in the hasExpired method.
author | Bernhard Herzog <bh@intevation.de> |
---|---|
date | Wed, 08 May 2013 17:56:14 +0200 |
parents | 0b092a1d136b |
children | ea9eef426962 |
line wrap: on
line source
/* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde * Software engineering by Intevation GmbH * * This file is Free Software under the GNU AGPL (>=v3) * and comes with ABSOLUTELY NO WARRANTY! Check out the * documentation coming with Dive4Elements River for details. */ package org.dive4elements.river.client.server.auth.was; import java.io.IOException; import java.io.InputStream; import java.util.List; import org.apache.commons.codec.binary.Base64InputStream; import org.apache.http.HttpEntity; import org.apache.log4j.Logger; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.dive4elements.artifacts.httpclient.utils.XMLUtils; import org.dive4elements.river.client.server.auth.Authentication; import org.dive4elements.river.client.server.auth.AuthenticationException; import org.dive4elements.river.client.server.auth.saml.Assertion; import org.dive4elements.river.client.server.auth.saml.XPathUtils; import org.dive4elements.river.client.server.auth.saml.TicketValidator; import org.dive4elements.river.client.server.auth.saml.User; import org.dive4elements.river.client.server.features.Features; public class Response implements Authentication { private static Logger logger = Logger.getLogger(Response.class); private Element root; private Assertion assertion; private String username; private String password; private Features features; private String trustedKeyFile; public Response(HttpEntity entity, String username, String password, Features features, String trustedKeyFile) throws AuthenticationException, IOException { if (entity == null) { throw new ServiceException("Invalid response"); } String contenttype = entity.getContentType().getValue(); InputStream in = entity.getContent(); if (!contenttype.equals("application/vnd.ogc.se_xml")) { // XXX: Assume base64 encoded content. in = new Base64InputStream(in); } Document doc = XMLUtils.readDocument(in); Element root = doc.getDocumentElement(); String rname = root.getTagName(); if (rname != null && rname.equals("ServiceExceptionReport")) { throw new ServiceException(XPathUtils.xpathString(root, "ServiceException")); } this.root = root; this.username = username; this.password = password; this.features = features; this.trustedKeyFile = trustedKeyFile; } @Override public boolean isSuccess() { String status = getStatus(); return status != null && status.equals("samlp:Success"); } public String getStatus() { return XPathUtils.xpathString(this.root, "./samlp:Status/samlp:StatusCode/@Value"); } public Assertion getAssertion() { if (this.assertion == null && this.root != null) { try { TicketValidator validator = new TicketValidator(this.trustedKeyFile); this.assertion = validator.checkTicket(this.root); } catch (Exception e) { logger.error(e.getLocalizedMessage(), e); } } return this.assertion; } @Override public User getUser() throws AuthenticationException { Assertion assertion = this.getAssertion(); if (assertion == null) { throw new AuthenticationException("Response doesn't contain an assertion"); } List<String> features = this.features.getFeatures( this.assertion.getRoles()); logger.debug("User " + this.username + " with features " + features + " successfully authenticated."); return new User(assertion, features, this.password); } } // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: