Mercurial > dive4elements > river

changeset 5944:d6f13dba21fe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Adapt WAS Response to new SAML validation code. Fixes the XML Signature validation part of issue830.
author Bernhard Herzog <bh@intevation.de>
date Wed, 08 May 2013 17:56:14 +0200
parents a96350a1c160
children 6ffd11046d61
files gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java
diffstat 2 files changed, 37 insertions(+), 41 deletions(-) [+]
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Wed May 08 17:56:14 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Wed May 08 17:56:14 2013 +0200
@@ -18,16 +18,19 @@
 
 import org.apache.log4j.Logger;
 
-import org.jdom.Document;
-import org.jdom.Element;
-import org.jdom.JDOMException;
-import org.jdom.input.SAXBuilder;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
+import org.dive4elements.artifacts.httpclient.utils.XMLUtils;
 import org.dive4elements.river.client.server.auth.Authentication;
 import org.dive4elements.river.client.server.auth.AuthenticationException;
+import org.dive4elements.river.client.server.auth.saml.Assertion;
+import org.dive4elements.river.client.server.auth.saml.XPathUtils;
+import org.dive4elements.river.client.server.auth.saml.TicketValidator;
 
 import org.dive4elements.river.client.server.features.Features;
 
+
 public class Response implements Authentication {
 
     private static Logger logger = Logger.getLogger(Response.class);
@@ -37,6 +40,7 @@
     private String username;
     private String password;
     private Features features;
+    private String trustedKeyFile;
 
 
     public Response(HttpEntity entity, String username, String password,
@@ -49,32 +53,27 @@
 
         String contenttype = entity.getContentType().getValue();
 
-        try {
-            InputStream in = entity.getContent();
-
-            if (!contenttype.equals("application/vnd.ogc.se_xml")) {
-                // XXX: Assume base64 encoded content.
-                in = new Base64InputStream(in);
-            }
-
-            SAXBuilder builder = new SAXBuilder();
-            Document doc = builder.build(in);
-            Element root = doc.getRootElement();
-            String rname = root.getName();
+        InputStream in = entity.getContent();
 
-            if (rname != null && rname.equals("ServiceExceptionReport")) {
-                throw new ServiceException(root.getChildText("ServiceException"));
-            }
+        if (!contenttype.equals("application/vnd.ogc.se_xml")) {
+            // XXX: Assume base64 encoded content.
+            in = new Base64InputStream(in);
+        }
 
-            this.root = root;
-            this.username = username;
-            this.password = password;
-            this.features = features;
+        Document doc = XMLUtils.readDocument(in);
+        Element root = doc.getDocumentElement();
+        String rname = root.getTagName();
 
+        if (rname != null && rname.equals("ServiceExceptionReport")) {
+            throw new ServiceException(XPathUtils.xpathString(root,
+                                                          "ServiceException"));
         }
-        catch(JDOMException e) {
-            throw new AuthenticationException(e);
-        }
+
+        this.root = root;
+        this.username = username;
+        this.password = password;
+        this.features = features;
+        this.trustedKeyFile = trustedKeyFile;
     }
 
     @Override
@@ -84,24 +83,20 @@
     }
 
     public String getStatus() {
-        Element status = this.root.getChild("Status", Namespaces.SAML_NS_PROTO);
-        if (status == null) {
-            return null;
-        }
-        Element statuscode = status.getChild("StatusCode",
-                Namespaces.SAML_NS_PROTO);
-        if (statuscode == null) {
-            return null;
-        }
-        return statuscode.getAttributeValue("Value");
+        return XPathUtils.xpathString(this.root,
+                                      "./samlp:Status/samlp:StatusCode/@Value");
     }
 
+
     public Assertion getAssertion() {
         if (this.assertion == null && this.root != null) {
-            Element assertion = this.root.getChild("Assertion",
-                    Namespaces.SAML_NS_ASSERT);
-            if (assertion != null) {
-                this.assertion = new Assertion(assertion);
+            try {
+                TicketValidator validator =
+                    new TicketValidator(this.trustedKeyFile);
+                this.assertion = validator.checkTicket(this.root);
+            }
+            catch (Exception e) {
+                logger.error(e.getLocalizedMessage(), e);
             }
         }
         return this.assertion;
@@ -118,7 +113,7 @@
         logger.debug("User " + this.username + " with features " + features +
                      " successfully authenticated.");
         return new User(this.username, this.password, assertion.getNameID(),
-                this.assertion.getRoles(), assertion, features);
+                        this.assertion.getRoles(), assertion, features);
     }
 }
 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java	Wed May 08 17:56:14 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java	Wed May 08 17:56:14 2013 +0200
@@ -12,6 +12,7 @@
 import java.util.List;
 
 import org.dive4elements.river.client.server.auth.DefaultUser;
+import org.dive4elements.river.client.server.auth.saml.Assertion;
 
 public class User
 extends DefaultUser
http://dive4elements.wald.intevation.org