bh@5950: /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde bh@5950: * Software engineering by Intevation GmbH bh@5950: * teichmann@5993: * This file is Free Software under the GNU AGPL (>=v3) bh@5950: * and comes with ABSOLUTELY NO WARRANTY! Check out the teichmann@5993: * documentation coming with Dive4Elements River for details. bh@5950: */ bh@5950: bh@5950: package org.dive4elements.river.client.server; bh@5950: bh@5950: import java.io.IOException; bh@5950: import java.io.InputStream; bh@5950: import java.io.StringBufferInputStream; bh@5950: gernotbelger@9497: import javax.servlet.ServletContext; bh@5950: import javax.servlet.ServletException; bh@5950: import javax.servlet.http.HttpServletRequest; bh@5950: import javax.servlet.http.HttpServletResponse; bh@5950: bh@5950: import org.apache.commons.codec.binary.Base64InputStream; bh@5950: import org.apache.log4j.Logger; bh@5950: import org.dive4elements.river.client.server.auth.AuthenticationException; bh@5950: import org.dive4elements.river.client.server.auth.User; bh@5950: import org.dive4elements.river.client.server.auth.saml.Assertion; gernotbelger@9497: import org.dive4elements.river.client.server.auth.saml.TicketValidator; gernotbelger@9497: import org.dive4elements.river.client.server.auth.was.Response; bh@5950: import org.dive4elements.river.client.server.features.Features; bh@5950: bh@5953: public class SamlServlet extends AuthenticationServlet { bh@5950: teichmann@8203: private static Logger log = Logger.getLogger(SamlServlet.class); bh@5950: bh@5950: @Override gernotbelger@9497: protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { gernotbelger@9497: // final String encoding = req.getCharacterEncoding(); gernotbelger@9497: final String samlTicketXML = req.getParameter("saml"); bh@5950: teichmann@8203: log.debug("Processing post request"); bh@5950: bh@5950: if (samlTicketXML == null) { teichmann@8203: log.debug("No saml ticket provided"); bh@5950: this.redirectFailure(resp, req.getContextPath()); bh@5950: return; bh@5950: } bh@5950: bh@5950: try { gernotbelger@9497: final User user = this.auth(samlTicketXML); bh@5950: if (user == null) { teichmann@8203: log.debug("Authentication not successful"); bh@5950: this.redirectFailure(resp, req.getContextPath()); bh@5950: return; bh@5950: } gernotbelger@9577: gernotbelger@9577: final String userGroup = user.getUserGroup(); gernotbelger@9577: log.info(String.format("SAML-Authentication successfull: group = '%s'", userGroup)); gernotbelger@9577: bh@5953: this.performLogin(req, resp, user); bh@5950: } gernotbelger@9497: catch (final AuthenticationException e) { teichmann@8203: log.error(e, e); bh@5950: this.redirectFailure(resp, req.getContextPath(), e); bh@5950: } bh@5950: } bh@5950: gernotbelger@9497: private User auth(final String samlTicketXML) throws AuthenticationException { gernotbelger@9497: final ServletContext sc = this.getServletContext(); bh@5950: bh@5950: Assertion assertion = null; bh@5950: try { gernotbelger@9497: final String keyfile = sc.getInitParameter("saml-trusted-public-key"); gernotbelger@9497: final int timeEps = Integer.parseInt(sc.getInitParameter("saml-time-tolerance")); gernotbelger@9497: final TicketValidator validator = new TicketValidator(sc.getRealPath(keyfile), timeEps); bh@5950: gernotbelger@9497: final InputStream in = new StringBufferInputStream(samlTicketXML); bh@5950: assertion = validator.checkTicket(new Base64InputStream(in)); bh@5950: } gernotbelger@9497: catch (final Exception e) { teichmann@8203: log.error(e.getLocalizedMessage(), e); bh@5950: } bh@5950: gernotbelger@9497: if (assertion == null) gernotbelger@9497: throw new AuthenticationException("Login failed."); gernotbelger@9497: gernotbelger@9497: final Features features = (Features) sc.getAttribute(Features.CONTEXT_ATTRIBUTE); gernotbelger@9497: gernotbelger@9497: return Response.createUser(null, samlTicketXML, assertion, features); bh@5950: } gernotbelger@9497: }