bh@5950: /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde bh@5950: * Software engineering by Intevation GmbH bh@5950: * teichmann@5993: * This file is Free Software under the GNU AGPL (>=v3) bh@5950: * and comes with ABSOLUTELY NO WARRANTY! Check out the teichmann@5993: * documentation coming with Dive4Elements River for details. bh@5950: */ bh@5950: bh@5950: package org.dive4elements.river.client.server; bh@5950: bh@5950: import java.io.IOException; bh@5950: import java.io.InputStream; bh@5950: import java.io.StringBufferInputStream; bh@5950: bh@5950: import javax.servlet.ServletException; bh@5950: import javax.servlet.ServletContext; bh@5950: import javax.servlet.http.HttpServletRequest; bh@5950: import javax.servlet.http.HttpServletResponse; bh@5950: bh@5950: import org.apache.commons.codec.binary.Base64InputStream; bh@5950: bh@5950: import org.apache.log4j.Logger; bh@5950: bh@5950: import org.dive4elements.river.client.server.auth.AuthenticationException; bh@5950: import org.dive4elements.river.client.server.auth.User; bh@5950: import org.dive4elements.river.client.server.auth.saml.TicketValidator; bh@5950: import org.dive4elements.river.client.server.auth.saml.Assertion; bh@5950: import org.dive4elements.river.client.server.features.Features; bh@5950: bh@5950: bh@5953: public class SamlServlet extends AuthenticationServlet { bh@5950: bh@5950: private static Logger logger = Logger.getLogger(SamlServlet.class); bh@5950: bh@5950: @Override bh@5950: protected void doPost(HttpServletRequest req, HttpServletResponse resp) bh@5950: throws ServletException, IOException bh@5950: { bh@5950: String encoding = req.getCharacterEncoding(); aheinecke@6120: String samlTicketXML = req.getParameter("saml"); bh@5950: bh@5950: logger.debug("Processing post request"); bh@5950: bh@5950: if (samlTicketXML == null) { bh@5950: logger.debug("No saml ticket provided"); bh@5950: this.redirectFailure(resp, req.getContextPath()); bh@5950: return; bh@5950: } bh@5950: bh@5950: try { bh@5950: User user = this.auth(samlTicketXML); bh@5950: if (user == null) { bh@5950: logger.debug("Authentication not successful"); bh@5950: this.redirectFailure(resp, req.getContextPath()); bh@5950: return; bh@5950: } bh@5953: this.performLogin(req, resp, user); bh@5950: } bh@5950: catch(AuthenticationException e) { bh@5950: logger.error(e, e); bh@5950: this.redirectFailure(resp, req.getContextPath(), e); bh@5950: } bh@5950: } bh@5950: bh@5950: private User auth(String samlTicketXML) bh@5950: throws AuthenticationException, IOException bh@5950: { bh@5950: ServletContext sc = this.getServletContext(); bh@5950: bh@5950: Assertion assertion = null; bh@5950: try { bh@5950: String keyfile = bh@5950: (String)sc.getInitParameter("saml-trusted-public-key"); bh@5950: TicketValidator validator = bh@5950: new TicketValidator(sc.getRealPath(keyfile)); bh@5950: bh@5950: InputStream in = new StringBufferInputStream(samlTicketXML); bh@5950: assertion = validator.checkTicket(new Base64InputStream(in)); bh@5950: } bh@5950: catch (Exception e) { bh@5950: logger.error(e.getLocalizedMessage(), e); bh@5950: } bh@5950: if (assertion == null) { bh@5950: throw new AuthenticationException("Login failed."); bh@5950: } bh@5950: bh@5950: Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); bh@5950: return new org.dive4elements.river.client.server.auth.saml.User( bh@6187: assertion, samlTicketXML, bh@6187: features.getFeatures(assertion.getRoles()), null); bh@5950: } bh@5950: }