[Dive4elements-commits] [PATCH 12 of 21] Adapt WAS Response to new SAML validation code
Wald Commits
scm-commit at wald.intevation.org
Wed May 8 18:08:22 CEST 2013
# HG changeset patch
# User Bernhard Herzog <bh at intevation.de>
# Date 1368028574 -7200
# Node ID d6f13dba21fe6e902175db9cb6470fd05b35dec4
# Parent a96350a1c1608e628d39ce95844195adc9a83d18
Adapt WAS Response to new SAML validation code.
Fixes the XML Signature validation part of issue830.
diff -r a96350a1c160 -r d6f13dba21fe gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Wed May 08 17:56:14 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Wed May 08 17:56:14 2013 +0200
@@ -18,16 +18,19 @@
import org.apache.log4j.Logger;
-import org.jdom.Document;
-import org.jdom.Element;
-import org.jdom.JDOMException;
-import org.jdom.input.SAXBuilder;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.dive4elements.artifacts.httpclient.utils.XMLUtils;
import org.dive4elements.river.client.server.auth.Authentication;
import org.dive4elements.river.client.server.auth.AuthenticationException;
+import org.dive4elements.river.client.server.auth.saml.Assertion;
+import org.dive4elements.river.client.server.auth.saml.XPathUtils;
+import org.dive4elements.river.client.server.auth.saml.TicketValidator;
import org.dive4elements.river.client.server.features.Features;
+
public class Response implements Authentication {
private static Logger logger = Logger.getLogger(Response.class);
@@ -37,6 +40,7 @@
private String username;
private String password;
private Features features;
+ private String trustedKeyFile;
public Response(HttpEntity entity, String username, String password,
@@ -49,32 +53,27 @@
String contenttype = entity.getContentType().getValue();
- try {
- InputStream in = entity.getContent();
+ InputStream in = entity.getContent();
- if (!contenttype.equals("application/vnd.ogc.se_xml")) {
- // XXX: Assume base64 encoded content.
- in = new Base64InputStream(in);
- }
+ if (!contenttype.equals("application/vnd.ogc.se_xml")) {
+ // XXX: Assume base64 encoded content.
+ in = new Base64InputStream(in);
+ }
- SAXBuilder builder = new SAXBuilder();
- Document doc = builder.build(in);
- Element root = doc.getRootElement();
- String rname = root.getName();
+ Document doc = XMLUtils.readDocument(in);
+ Element root = doc.getDocumentElement();
+ String rname = root.getTagName();
- if (rname != null && rname.equals("ServiceExceptionReport")) {
- throw new ServiceException(root.getChildText("ServiceException"));
- }
+ if (rname != null && rname.equals("ServiceExceptionReport")) {
+ throw new ServiceException(XPathUtils.xpathString(root,
+ "ServiceException"));
+ }
- this.root = root;
- this.username = username;
- this.password = password;
- this.features = features;
-
- }
- catch(JDOMException e) {
- throw new AuthenticationException(e);
- }
+ this.root = root;
+ this.username = username;
+ this.password = password;
+ this.features = features;
+ this.trustedKeyFile = trustedKeyFile;
}
@Override
@@ -84,24 +83,20 @@
}
public String getStatus() {
- Element status = this.root.getChild("Status", Namespaces.SAML_NS_PROTO);
- if (status == null) {
- return null;
- }
- Element statuscode = status.getChild("StatusCode",
- Namespaces.SAML_NS_PROTO);
- if (statuscode == null) {
- return null;
- }
- return statuscode.getAttributeValue("Value");
+ return XPathUtils.xpathString(this.root,
+ "./samlp:Status/samlp:StatusCode/@Value");
}
+
public Assertion getAssertion() {
if (this.assertion == null && this.root != null) {
- Element assertion = this.root.getChild("Assertion",
- Namespaces.SAML_NS_ASSERT);
- if (assertion != null) {
- this.assertion = new Assertion(assertion);
+ try {
+ TicketValidator validator =
+ new TicketValidator(this.trustedKeyFile);
+ this.assertion = validator.checkTicket(this.root);
+ }
+ catch (Exception e) {
+ logger.error(e.getLocalizedMessage(), e);
}
}
return this.assertion;
@@ -118,7 +113,7 @@
logger.debug("User " + this.username + " with features " + features +
" successfully authenticated.");
return new User(this.username, this.password, assertion.getNameID(),
- this.assertion.getRoles(), assertion, features);
+ this.assertion.getRoles(), assertion, features);
}
}
// vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:
diff -r a96350a1c160 -r d6f13dba21fe gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java Wed May 08 17:56:14 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java Wed May 08 17:56:14 2013 +0200
@@ -12,6 +12,7 @@
import java.util.List;
import org.dive4elements.river.client.server.auth.DefaultUser;
+import org.dive4elements.river.client.server.auth.saml.Assertion;
public class User
extends DefaultUser
More information about the Dive4elements-commits
mailing list