changeset 5948:d7b9b3e3c61a

Make instantiation of saml.User easier. Most of the parameters of the constructor can be taken from the Assertion object, so there's no reason to pass them separately. Also, trying to check the validity dates isn't useful for the single sign on case. See comments in the hasExpired method.
author Bernhard Herzog <bh@intevation.de>
date Wed, 08 May 2013 17:56:14 +0200
parents 0b092a1d136b
children 0a0b4bfdf372
files gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java
diffstat 2 files changed, 11 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java	Wed May 08 17:56:14 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java	Wed May 08 17:56:14 2013 +0200
@@ -20,28 +20,22 @@
 
     private Assertion assertion;
 
-    public User(String name,
-        String       password,
-        String       account,
-        List<String> roles,
-        Assertion    assertion,
-        List<String> features
-    ) {
-        this.setName(name);
-        this.setPassword(password);
-        this.setRoles(roles);
+    public User(Assertion assertion, List<String> features, String password) {
+        this.setName(assertion.getUserID());
+        this.setAccount(assertion.getNameID());
+        this.setRoles(assertion.getRoles());
         this.assertion = assertion;
         this.setAllowedFeatures(features);
-        this.setAccount(account);
+        this.setPassword(password);
     }
 
     @Override
     public boolean hasExpired() {
-        Date until = this.assertion.getUntil();
-        if (until != null) {
-            Date current = new Date();
-            return !current.after(until);
-        }
+        // We could check the validity dates of the assertion here, but
+        // when using this for Single-Sign-On this would lead to the
+        // code in GGInAFilter to re-authenticate with the password
+        // stored in the User object, which isn't known in the case of
+        // Single-Sign-On.
         return false;
     }
 }
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Wed May 08 17:56:14 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java	Wed May 08 17:56:14 2013 +0200
@@ -113,8 +113,7 @@
                 this.assertion.getRoles());
         logger.debug("User " + this.username + " with features " + features +
                      " successfully authenticated.");
-        return new User(this.username, this.password, assertion.getNameID(),
-                        this.assertion.getRoles(), assertion, features);
+        return new User(assertion, features, this.password);
     }
 }
 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:

http://dive4elements.wald.intevation.org