changeset 6187:7bc35bbd8b27

Store the SAML ticket in the user object after authentication. The SAML ticket will be needed to allow single sign-on to work for the links into the wiki that are used in several places in the UI. Part of flys/issue1265
author Bernhard Herzog <bh@intevation.de>
date Tue, 04 Jun 2013 17:13:50 +0200
parents a07521dca5b5
children 733c32da04b8
files gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java
diffstat 6 files changed, 32 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java	Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java	Tue Jun 04 17:13:50 2013 +0200
@@ -86,6 +86,7 @@
 
         Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
         return new org.dive4elements.river.client.server.auth.saml.User(
-            assertion, features.getFeatures(assertion.getRoles()), null);
+            assertion, samlTicketXML,
+            features.getFeatures(assertion.getRoles()), null);
     }
 }
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java	Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java	Tue Jun 04 17:13:50 2013 +0200
@@ -16,6 +16,7 @@
     protected String  name;
     protected String  account;
     protected String  password;
+    protected String  samlXML;
     protected boolean expired;
     protected List<String> roles;
     protected List<String> features;
@@ -26,12 +27,14 @@
     public DefaultUser(
         String       name,
         String       password,
+        String       samlXML,
         boolean      expired,
         List<String> roles,
         List<String> features
     ) {
         this.name     = name;
         this.password = password;
+        this.samlXML  = samlXML;
         this.expired  = expired;
         this.roles    = roles;
         this.features = features;
@@ -92,5 +95,14 @@
     public void setAccount(String account) {
         this.account = account;
     }
+
+    @Override
+    public String getSamlXMLBase64() {
+        return this.samlXML;
+    }
+
+    public void setSamlXMLBase64(String samlXML) {
+        this.samlXML = samlXML;
+    }
 }
 // vim:set ts=4 sw=4 si et fenc=utf8 tw=80:
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java	Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java	Tue Jun 04 17:13:50 2013 +0200
@@ -46,5 +46,12 @@
      * Returns the users account name
      */
     public String getAccount();
+
+    /**
+     * Returns the SAML ticket for single sign-on.
+     * @return The SAML ticket in base64 encoded XML. null if no ticket
+     * is available.
+     */
+    public String getSamlXMLBase64();
 }
 // vim:set ts=4 sw=4 si et fenc=utf8 tw=80:
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java	Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java	Tue Jun 04 17:13:50 2013 +0200
@@ -63,7 +63,7 @@
         @Override
         public User getUser() {
             return isSuccess()
-                ? new DefaultUser(user, password, false, roles, this.features.getFeatures(roles))
+                ? new DefaultUser(user, password, null, false, roles, this.features.getFeatures(roles))
                 : null;
         }
     } // class Authentication
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java	Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java	Tue Jun 04 17:13:50 2013 +0200
@@ -18,11 +18,13 @@
 
     private Assertion assertion;
 
-    public User(Assertion assertion, List<String> features, String password) {
+    public User(Assertion assertion, String samlXML, List<String> features,
+                String password) {
         this.setName(assertion.getNameID());
         this.setAccount(assertion.getNameID());
         this.setRoles(assertion.getRoles());
         this.assertion = assertion;
+        this.setSamlXMLBase64(samlXML);
         this.setAllowedFeatures(features);
         this.setPassword(password);
     }
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Tue Jun 04 17:13:50 2013 +0200
@@ -10,11 +10,13 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.StringBufferInputStream;
 import java.util.List;
 
 import org.apache.commons.codec.binary.Base64InputStream;
 
 import org.apache.http.HttpEntity;
+import org.apache.http.util.EntityUtils;
 
 import org.apache.log4j.Logger;
 
@@ -37,6 +39,7 @@
     private static Logger logger = Logger.getLogger(Response.class);
 
     private Element root;
+    private String samlTicketXML;
     private Assertion assertion;
     private String username;
     private String password;
@@ -53,8 +56,9 @@
         }
 
         String contenttype = entity.getContentType().getValue();
+        String samlTicketXML = EntityUtils.toString(entity);
 
-        InputStream in = entity.getContent();
+        InputStream in = new StringBufferInputStream(samlTicketXML);
 
         if (!contenttype.equals("application/vnd.ogc.se_xml")) {
             // XXX: Assume base64 encoded content.
@@ -70,6 +74,7 @@
                                                           "ServiceException"));
         }
 
+        this.samlTicketXML = samlTicketXML;
         this.root = root;
         this.username = username;
         this.password = password;
@@ -113,7 +118,7 @@
                 this.assertion.getRoles());
         logger.debug("User " + this.username + " with features " + features +
                      " successfully authenticated.");
-        return new User(assertion, features, this.password);
+        return new User(assertion, this.samlTicketXML, features, this.password);
     }
 }
 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:

http://dive4elements.wald.intevation.org