bjoern@2950: package de.intevation.flys.client.server; bjoern@2950: bjoern@2950: import java.io.IOException; bjoern@2950: import java.security.GeneralSecurityException; bjoern@2950: bjoern@2950: import javax.servlet.ServletException; bjoern@2950: import javax.servlet.http.HttpServlet; bjoern@2950: import javax.servlet.http.HttpServletRequest; bjoern@2950: import javax.servlet.http.HttpServletResponse; bjoern@2950: import javax.servlet.http.HttpSession; bjoern@2950: bjoern@2950: import org.apache.http.HttpEntity; bjoern@2950: import org.apache.http.HttpResponse; bjoern@2950: import org.apache.http.client.HttpClient; bjoern@2950: import org.apache.http.conn.scheme.Scheme; bjoern@2950: import org.apache.http.conn.ssl.SSLSocketFactory; bjoern@2950: import org.apache.http.impl.client.DefaultHttpClient; bjoern@2950: bjoern@2950: import org.apache.log4j.Logger; bjoern@2950: bjoern@2950: import de.intevation.flys.client.server.was.Assertion; bjoern@2950: import de.intevation.flys.client.server.was.User; bjoern@2950: import de.intevation.flys.client.server.was.Request; bjoern@2950: import de.intevation.flys.client.server.was.Response; bjoern@2950: import de.intevation.flys.client.server.was.ServiceException; bjoern@2950: import de.intevation.flys.client.server.was.Signature; bjoern@2950: bjoern@2950: bjoern@2950: bjoern@2950: public class LoginServlet extends HttpServlet { bjoern@2950: bjoern@2950: private static Logger logger = Logger.getLogger(LoginServlet.class); bjoern@2950: bjoern@2950: private void redirectFailure(HttpServletResponse resp) throws IOException { bjoern@2950: resp.sendRedirect("/login.jsp"); bjoern@2950: } bjoern@2950: bjoern@2950: private void redirectSuccess(HttpServletResponse resp, String uri) throws IOException { bjoern@2950: if (uri == null) { bjoern@2950: uri = "/FLYS.html"; bjoern@2950: } bjoern@2950: resp.sendRedirect(uri); bjoern@2950: } bjoern@2950: bjoern@2950: @Override bjoern@2950: protected void doGet(HttpServletRequest req, HttpServletResponse resp) bjoern@2950: throws ServletException, IOException { bjoern@2950: logger.debug("Processing get request"); bjoern@2950: this.redirectFailure(resp); bjoern@2950: } bjoern@2950: bjoern@2950: @Override bjoern@2950: protected void doPost(HttpServletRequest req, HttpServletResponse resp) bjoern@2950: throws ServletException, IOException { bjoern@2950: String encoding = req.getCharacterEncoding(); bjoern@2950: String username = req.getParameter("username"); bjoern@2950: String password = req.getParameter("password"); bjoern@2950: bjoern@2950: logger.debug("Processing post request"); bjoern@2950: bjoern@2950: if (username == null || password == null) { bjoern@2950: logger.debug("No username or password provided"); bjoern@2950: this.redirectFailure(resp); bjoern@2950: } bjoern@2950: try { bjoern@2950: Response wasresp = this.auth(username, password, encoding); bjoern@2950: if (wasresp == null || !wasresp.isSuccess()) { bjoern@2950: logger.debug("Athentication not successful"); bjoern@2950: this.redirectFailure(resp); bjoern@2950: } bjoern@2950: HttpSession session = req.getSession(); bjoern@2950: User user = new User(username, password); bjoern@2950: session.setAttribute("user", user); bjoern@2950: bjoern@2950: String uri = (String)session.getAttribute("requesturi"); bjoern@2950: bjoern@2950: this.redirectSuccess(resp, uri); bjoern@2950: bjoern@2950: /* Assertion assertion = wasresponse.getAssertion(); */ bjoern@2950: /* System.out.println("ID: " + assertion.getID()); */ bjoern@2950: /* System.out.println("UserID: " + assertion.getUserID()); */ bjoern@2950: /* System.out.println("NameID: " + assertion.getNameID()); */ bjoern@2950: /* System.out.println("GroupID: " + assertion.getGroupID()); */ bjoern@2950: /* System.out.println("GroupName: " + assertion.getGroupName()); */ bjoern@2950: /* System.out.println("From: " + assertion.getFrom()); */ bjoern@2950: /* System.out.println("Until: " + assertion.getUntil()); */ bjoern@2950: /* for(String role : assertion.getRoles()) { */ bjoern@2950: /* System.out.println("Role: " + role); */ bjoern@2950: /* } */ bjoern@2950: /* Signature signature = assertion.getSiganture(); */ bjoern@2950: /* System.out.println("Cert:"); */ bjoern@2950: /* System.out.println(signature.getCertificate()); */ bjoern@2950: /* System.out.println("Value: " + signature.getValue()); */ bjoern@2950: /* System.out.println("Digest: " + signature.getDigestValue()); */ bjoern@2950: /* System.out.println("Reference: " + signature.getReference()); */ bjoern@2950: bjoern@2950: } bjoern@2950: catch(ServiceException e) { bjoern@2950: //TODO User could not be authenticated bjoern@2950: throw new ServletException(e); bjoern@2950: } bjoern@2950: catch(GeneralSecurityException e) { bjoern@2950: throw new ServletException(e); bjoern@2950: } bjoern@2950: } bjoern@2950: bjoern@2950: private Response auth(String username, String password, String encoding) bjoern@2950: throws IOException, ServiceException, GeneralSecurityException { bjoern@2950: SSLSocketFactory sf = new SSLSocketFactory( bjoern@2950: new GGInATrustStrategy()); bjoern@2950: Scheme https = new Scheme("https", 443, sf); bjoern@2950: HttpClient httpclient = new DefaultHttpClient(); bjoern@2950: httpclient.getConnectionManager().getSchemeRegistry().register(https); bjoern@2950: bjoern@2950: Request httpget = new Request("https://geoportal.bafg.de/" + bjoern@2950: "administration/WAS", username, password, encoding); bjoern@2950: HttpResponse response = httpclient.execute(httpget); bjoern@2950: HttpEntity entity = response.getEntity(); bjoern@2950: if (entity == null) { bjoern@2950: return null; bjoern@2950: } bjoern@2950: else { bjoern@2950: return new Response(entity); bjoern@2950: } bjoern@2950: } bjoern@2950: }