Mercurial > dive4elements > river
changeset 6187:7bc35bbd8b27
Store the SAML ticket in the user object after authentication.
The SAML ticket will be needed to allow single sign-on to work for the
links into the wiki that are used in several places in the UI.
Part of flys/issue1265
author | Bernhard Herzog <bh@intevation.de> |
---|---|
date | Tue, 04 Jun 2013 17:13:50 +0200 |
parents | a07521dca5b5 |
children | 733c32da04b8 |
files | gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java |
diffstat | 6 files changed, 32 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java Tue Jun 04 16:58:49 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java Tue Jun 04 17:13:50 2013 +0200 @@ -86,6 +86,7 @@ Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE); return new org.dive4elements.river.client.server.auth.saml.User( - assertion, features.getFeatures(assertion.getRoles()), null); + assertion, samlTicketXML, + features.getFeatures(assertion.getRoles()), null); } }
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java Tue Jun 04 16:58:49 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java Tue Jun 04 17:13:50 2013 +0200 @@ -16,6 +16,7 @@ protected String name; protected String account; protected String password; + protected String samlXML; protected boolean expired; protected List<String> roles; protected List<String> features; @@ -26,12 +27,14 @@ public DefaultUser( String name, String password, + String samlXML, boolean expired, List<String> roles, List<String> features ) { this.name = name; this.password = password; + this.samlXML = samlXML; this.expired = expired; this.roles = roles; this.features = features; @@ -92,5 +95,14 @@ public void setAccount(String account) { this.account = account; } + + @Override + public String getSamlXMLBase64() { + return this.samlXML; + } + + public void setSamlXMLBase64(String samlXML) { + this.samlXML = samlXML; + } } // vim:set ts=4 sw=4 si et fenc=utf8 tw=80:
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java Tue Jun 04 16:58:49 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java Tue Jun 04 17:13:50 2013 +0200 @@ -46,5 +46,12 @@ * Returns the users account name */ public String getAccount(); + + /** + * Returns the SAML ticket for single sign-on. + * @return The SAML ticket in base64 encoded XML. null if no ticket + * is available. + */ + public String getSamlXMLBase64(); } // vim:set ts=4 sw=4 si et fenc=utf8 tw=80:
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java Tue Jun 04 16:58:49 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java Tue Jun 04 17:13:50 2013 +0200 @@ -63,7 +63,7 @@ @Override public User getUser() { return isSuccess() - ? new DefaultUser(user, password, false, roles, this.features.getFeatures(roles)) + ? new DefaultUser(user, password, null, false, roles, this.features.getFeatures(roles)) : null; } } // class Authentication
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java Tue Jun 04 16:58:49 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java Tue Jun 04 17:13:50 2013 +0200 @@ -18,11 +18,13 @@ private Assertion assertion; - public User(Assertion assertion, List<String> features, String password) { + public User(Assertion assertion, String samlXML, List<String> features, + String password) { this.setName(assertion.getNameID()); this.setAccount(assertion.getNameID()); this.setRoles(assertion.getRoles()); this.assertion = assertion; + this.setSamlXMLBase64(samlXML); this.setAllowedFeatures(features); this.setPassword(password); }
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Tue Jun 04 16:58:49 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Tue Jun 04 17:13:50 2013 +0200 @@ -10,11 +10,13 @@ import java.io.IOException; import java.io.InputStream; +import java.io.StringBufferInputStream; import java.util.List; import org.apache.commons.codec.binary.Base64InputStream; import org.apache.http.HttpEntity; +import org.apache.http.util.EntityUtils; import org.apache.log4j.Logger; @@ -37,6 +39,7 @@ private static Logger logger = Logger.getLogger(Response.class); private Element root; + private String samlTicketXML; private Assertion assertion; private String username; private String password; @@ -53,8 +56,9 @@ } String contenttype = entity.getContentType().getValue(); + String samlTicketXML = EntityUtils.toString(entity); - InputStream in = entity.getContent(); + InputStream in = new StringBufferInputStream(samlTicketXML); if (!contenttype.equals("application/vnd.ogc.se_xml")) { // XXX: Assume base64 encoded content. @@ -70,6 +74,7 @@ "ServiceException")); } + this.samlTicketXML = samlTicketXML; this.root = root; this.username = username; this.password = password; @@ -113,7 +118,7 @@ this.assertion.getRoles()); logger.debug("User " + this.username + " with features " + features + " successfully authenticated."); - return new User(assertion, features, this.password); + return new User(assertion, this.samlTicketXML, features, this.password); } } // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: