[Dive4elements-commits] [PATCH 1 of 8] Store the SAML ticket in the user object after authentication
Wald Commits
scm-commit at wald.intevation.org
Tue Jun 4 18:45:33 CEST 2013
# HG changeset patch
# User Bernhard Herzog <bh at intevation.de>
# Date 1370358830 -7200
# Node ID 7bc35bbd8b27623a4d0aa279f73aa06c62b043f5
# Parent a07521dca5b5947a0be7f76631ca61c760b20216
Store the SAML ticket in the user object after authentication.
The SAML ticket will be needed to allow single sign-on to work for the
links into the wiki that are used in several places in the UI.
Part of flys/issue1265
diff -r a07521dca5b5 -r 7bc35bbd8b27 gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/SamlServlet.java Tue Jun 04 17:13:50 2013 +0200
@@ -86,6 +86,7 @@
Features features = (Features)sc.getAttribute(Features.CONTEXT_ATTRIBUTE);
return new org.dive4elements.river.client.server.auth.saml.User(
- assertion, features.getFeatures(assertion.getRoles()), null);
+ assertion, samlTicketXML,
+ features.getFeatures(assertion.getRoles()), null);
}
}
diff -r a07521dca5b5 -r 7bc35bbd8b27 gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/DefaultUser.java Tue Jun 04 17:13:50 2013 +0200
@@ -16,6 +16,7 @@
protected String name;
protected String account;
protected String password;
+ protected String samlXML;
protected boolean expired;
protected List<String> roles;
protected List<String> features;
@@ -26,12 +27,14 @@
public DefaultUser(
String name,
String password,
+ String samlXML,
boolean expired,
List<String> roles,
List<String> features
) {
this.name = name;
this.password = password;
+ this.samlXML = samlXML;
this.expired = expired;
this.roles = roles;
this.features = features;
@@ -92,5 +95,14 @@
public void setAccount(String account) {
this.account = account;
}
+
+ @Override
+ public String getSamlXMLBase64() {
+ return this.samlXML;
+ }
+
+ public void setSamlXMLBase64(String samlXML) {
+ this.samlXML = samlXML;
+ }
}
// vim:set ts=4 sw=4 si et fenc=utf8 tw=80:
diff -r a07521dca5b5 -r 7bc35bbd8b27 gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/User.java Tue Jun 04 17:13:50 2013 +0200
@@ -46,5 +46,12 @@
* Returns the users account name
*/
public String getAccount();
+
+ /**
+ * Returns the SAML ticket for single sign-on.
+ * @return The SAML ticket in base64 encoded XML. null if no ticket
+ * is available.
+ */
+ public String getSamlXMLBase64();
}
// vim:set ts=4 sw=4 si et fenc=utf8 tw=80:
diff -r a07521dca5b5 -r 7bc35bbd8b27 gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/plain/Authenticator.java Tue Jun 04 17:13:50 2013 +0200
@@ -63,7 +63,7 @@
@Override
public User getUser() {
return isSuccess()
- ? new DefaultUser(user, password, false, roles, this.features.getFeatures(roles))
+ ? new DefaultUser(user, password, null, false, roles, this.features.getFeatures(roles))
: null;
}
} // class Authentication
diff -r a07521dca5b5 -r 7bc35bbd8b27 gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/saml/User.java Tue Jun 04 17:13:50 2013 +0200
@@ -18,11 +18,13 @@
private Assertion assertion;
- public User(Assertion assertion, List<String> features, String password) {
+ public User(Assertion assertion, String samlXML, List<String> features,
+ String password) {
this.setName(assertion.getNameID());
this.setAccount(assertion.getNameID());
this.setRoles(assertion.getRoles());
this.assertion = assertion;
+ this.setSamlXMLBase64(samlXML);
this.setAllowedFeatures(features);
this.setPassword(password);
}
diff -r a07521dca5b5 -r 7bc35bbd8b27 gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Tue Jun 04 16:58:49 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Tue Jun 04 17:13:50 2013 +0200
@@ -10,11 +10,13 @@
import java.io.IOException;
import java.io.InputStream;
+import java.io.StringBufferInputStream;
import java.util.List;
import org.apache.commons.codec.binary.Base64InputStream;
import org.apache.http.HttpEntity;
+import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
@@ -37,6 +39,7 @@
private static Logger logger = Logger.getLogger(Response.class);
private Element root;
+ private String samlTicketXML;
private Assertion assertion;
private String username;
private String password;
@@ -53,8 +56,9 @@
}
String contenttype = entity.getContentType().getValue();
+ String samlTicketXML = EntityUtils.toString(entity);
- InputStream in = entity.getContent();
+ InputStream in = new StringBufferInputStream(samlTicketXML);
if (!contenttype.equals("application/vnd.ogc.se_xml")) {
// XXX: Assume base64 encoded content.
@@ -70,6 +74,7 @@
"ServiceException"));
}
+ this.samlTicketXML = samlTicketXML;
this.root = root;
this.username = username;
this.password = password;
@@ -113,7 +118,7 @@
this.assertion.getRoles());
logger.debug("User " + this.username + " with features " + features +
" successfully authenticated.");
- return new User(assertion, features, this.password);
+ return new User(assertion, this.samlTicketXML, features, this.password);
}
}
// vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:
More information about the Dive4elements-commits
mailing list