diff options
author | Simon Rettberg | 2015-07-15 17:33:19 +0200 |
---|---|---|
committer | Simon Rettberg | 2015-07-15 17:33:19 +0200 |
commit | 2987d0992a0609a3c9eb23048d87df630225b978 (patch) | |
tree | 4f9a778563b2da0316bc3e637d2dd31ee5280b70 /dozentenmodul/src/main/java/org/openslx/dozmod/authentication | |
parent | [cilent] check if vmdk parsed from vmx is relative or absolute and do proper ... (diff) | |
download | tutor-module-2987d0992a0609a3c9eb23048d87df630225b978.tar.gz tutor-module-2987d0992a0609a3c9eb23048d87df630225b978.tar.xz tutor-module-2987d0992a0609a3c9eb23048d87df630225b978.zip |
Adapt to changed thrift api for improved session validation
Diffstat (limited to 'dozentenmodul/src/main/java/org/openslx/dozmod/authentication')
4 files changed, 94 insertions, 121 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/Authenticator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/Authenticator.java index 430d0001..6c8b69b0 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/Authenticator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/Authenticator.java @@ -1,11 +1,7 @@ package org.openslx.dozmod.authentication; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; -import org.openslx.bwlp.thrift.iface.UserInfo; import org.openslx.dozmod.authentication.ShibbolethEcp.ReturnCode; -import edu.kit.scc.dei.ecplean.ECPAuthenticationException; - /** * @author Jonathan Bauer * @@ -19,17 +15,17 @@ public interface Authenticator { * corresponding message to the user. */ interface AuthenticatorCallback { - void postLogin(ReturnCode returnCode, UserInfo user, Throwable t); + void postLogin(ReturnCode returnCode, Throwable t); } /** * Definition of the generic login method. * - * @param username The username as String. - * @param password The password as String. + * @param username The username as String + * @param password The password as String * @param callback The callback function to be called after the login - * @throws ECPAuthenticationException + * @throws Exception */ void login(String username, String password, AuthenticatorCallback callback) - throws TAuthenticationException; + throws Exception; }
\ No newline at end of file diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java index 9bbc4175..ab211386 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java @@ -1,14 +1,21 @@ package org.openslx.dozmod.authentication; +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URISyntaxException; + +import org.apache.http.ParseException; +import org.apache.http.client.ClientProtocolException; import org.apache.log4j.Logger; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; -import org.openslx.bwlp.thrift.iface.UserInfo; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.dozmod.authentication.ShibbolethEcp.ReturnCode; import org.openslx.dozmod.thrift.Session; +import com.google.gson.JsonSyntaxException; + /** * @author Jonathan Bauer - * + * */ public class EcpAuthenticator implements Authenticator { @@ -16,7 +23,7 @@ public class EcpAuthenticator implements Authenticator { * Logger instance for this class */ private final static Logger LOGGER = Logger.getLogger(EcpAuthenticator.class); - + private final String ecpUrl; public EcpAuthenticator(String ecpUrl) { @@ -30,49 +37,30 @@ public class EcpAuthenticator implements Authenticator { } @Override - public void login(String username, String password, - AuthenticatorCallback callback) throws TAuthenticationException { + public void login(String username, String password, AuthenticatorCallback callback) + throws TAuthorizationException, JsonSyntaxException, ClientProtocolException, ParseException, + MalformedURLException, URISyntaxException, IOException { // try to login - ReturnCode ret = null; - try { - ret = ShibbolethEcp.doLogin(this.ecpUrl, username, password); - } catch (Exception e) { - // TODO: This class should not do any GUI interaction.... - } - // if ret is still null, some exception happened, so abort. + ReturnCode ret = ShibbolethEcp.doLogin(this.ecpUrl, username, password); + if (ret == null) { - LOGGER.error("Error during the ECP authentication process."); - callback.postLogin(ReturnCode.GENERIC_ERROR, null, null); - return; + LOGGER.warn("Shibboleth doLogin returned null as ReturnCode!"); + ret = ReturnCode.GENERIC_ERROR; } - // else, we do have a valid ReturnCode? + // If login succeeded, set up session data if (ret == ReturnCode.NO_ERROR) { - final UserInfo userInfo; // we have a token? final String token = ShibbolethEcp.getResponse().token; if (token == null || token.isEmpty()) { // bad token LOGGER.error("No token received from the service provider!"); - callback.postLogin(ReturnCode.SERVICE_PROVIDER_ERROR, null, null); + callback.postLogin(ReturnCode.SERVICE_PROVIDER_ERROR, null); } // create the session for the user from the response of the ECP Session.fromEcpLogin(ShibbolethEcp.getResponse()); - - // build userInfo from the information received - userInfo = new UserInfo(Session.getUserId(), - Session.getFirstName(), - Session.getLastName(), - Session.getEMail(), - Session.getOrganizationId()); - - // send it back to the GUI - callback.postLogin(ReturnCode.NO_ERROR, userInfo, null); - } else { - // else just return the ReturnCode to the GUI - // it should then show a corresponding error message! - callback.postLogin(ret, null, null); } + callback.postLogin(ret, null); } } diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java index e0eabb91..99c55be6 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java @@ -12,8 +12,8 @@ import org.apache.http.client.ClientProtocolException; import org.apache.http.client.methods.HttpGet; import org.apache.http.util.EntityUtils; import org.apache.log4j.Logger; -import org.openslx.bwlp.thrift.iface.AuthenticationError; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; +import org.openslx.bwlp.thrift.iface.AuthorizationError; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; import com.google.gson.Gson; import com.google.gson.GsonBuilder; @@ -33,44 +33,46 @@ public class ShibbolethEcp { * Static gson object for (de)serialization */ private static final Gson GSON = new GsonBuilder().create(); - + /** * ServiceProviderResponse Object representing the last response we received */ private static ServiceProviderResponse lastResponse = null; /** - * URL for bwLehrpool registration + * URL for bwLehrpool registration */ private static URL registrationUrl = null; + /** * Return codes */ public static enum ReturnCode { // TODO rework this... - NO_ERROR(0, "Authentication against the identity provider and request of the service provider resource worked."), + NO_ERROR(0, + "Authentication against the identity provider and request of the service provider resource worked."), IDENTITY_PROVIDER_ERROR(1, "Authentication against the identity provider failed."), UNREGISTERED_ERROR(2, "User not registered to use bwLehrpool."), SERVICE_PROVIDER_ERROR(3, "Invalid resource of the service provider."), INVALID_URL_ERROR(4, "Invalid URL received from master server."), GENERIC_ERROR(5, "Internal error."); - private final int id; - private final String msg; + private final int id; + private final String msg; - ReturnCode(int id, String msg) { - this.id = id; - this.msg = msg; - } + ReturnCode(int id, String msg) { + this.id = id; + this.msg = msg; + } - public int getId() { - return this.id; - } + public int getId() { + return this.id; + } - public String getMsg() { - return this.msg; - } + public String getMsg() { + return this.msg; + } } - + /** * Static URI to the SP. */ @@ -90,21 +92,23 @@ public class ShibbolethEcp { public static ServiceProviderResponse getResponse() { return lastResponse; } + /** * Fetches the resource - * + * * @param idpUrl - * URL of the identity provider to authenticate against, as String. + * URL of the identity provider to authenticate against, as + * String. * @param user * Username as String. * @param pass * Password as String. * @return - * true if login worked, false otherwise. - * @throws TAuthenticationException + * true if login worked, false otherwise. + * @throws TAuthorizationException */ public static ReturnCode doLogin(final String idpUrl, final String user, final String pass) - throws TAuthenticationException, URISyntaxException, ClientProtocolException, IOException, + throws TAuthorizationException, URISyntaxException, ClientProtocolException, IOException, ParseException, JsonSyntaxException, MalformedURLException { // first lets do some sanity checks @@ -127,43 +131,44 @@ public class ShibbolethEcp { // now init the authenticator for that idp and our static sp final ECPAuthenticator auth = new ECPAuthenticator(user, pass, new URI(idpUrl), BWLP_SP); - - try { + + try { auth.authenticate(); - } catch (ECPAuthenticationException e) { + } catch (ECPAuthenticationException e) { LOGGER.error("ECP Authentication Exception, see trace: ", e); - throw new TAuthenticationException(AuthenticationError.GENERIC_ERROR, e.getMessage()); - } - // here test again for the SP's URL - final HttpGet testSp = new HttpGet(BWLP_SP); - final HttpResponse response = auth.getHttpClient().execute(testSp); - - LOGGER.debug("SP request returned: " + response.getStatusLine()); - final String responseBody = EntityUtils.toString(response.getEntity()); - - lastResponse = GSON.fromJson(responseBody, ServiceProviderResponse.class); - - // TODO: here we will need to parse the answer accordingly. - // no errors, meaning everything worked fine. - if (lastResponse.status.equals("unregistered")) { + throw new TAuthorizationException(AuthorizationError.GENERIC_ERROR, e.getMessage()); + } + // here test again for the SP's URL + final HttpGet testSp = new HttpGet(BWLP_SP); + final HttpResponse response = auth.getHttpClient().execute(testSp); + + LOGGER.debug("SP request returned: " + response.getStatusLine()); + final String responseBody = EntityUtils.toString(response.getEntity()); + + lastResponse = GSON.fromJson(responseBody, ServiceProviderResponse.class); + + // TODO: here we will need to parse the answer accordingly. + // no errors, meaning everything worked fine. + if (lastResponse.status.equals("unregistered")) { registrationUrl = new URL(lastResponse.url); return ReturnCode.UNREGISTERED_ERROR; - } - // TODO the rest of the cases... - if (lastResponse.status.equals("error")) { - LOGGER.error("Server side error: " + lastResponse.error); - return ReturnCode.GENERIC_ERROR; - } - if (lastResponse.status.equals("anonymous")) { - LOGGER.error("IdP did not forward user account information to SP. Contact developper."); - return ReturnCode.GENERIC_ERROR; - } - if (lastResponse.status.equals("ok")) { - return ReturnCode.NO_ERROR; - } - // still here? then something else went wrong - return ReturnCode.GENERIC_ERROR; + } + // TODO the rest of the cases... + if (lastResponse.status.equals("error")) { + LOGGER.error("Server side error: " + lastResponse.error); + return ReturnCode.GENERIC_ERROR; + } + if (lastResponse.status.equals("anonymous")) { + LOGGER.error("IdP did not forward user account information to SP. Contact developper."); + return ReturnCode.GENERIC_ERROR; + } + if (lastResponse.status.equals("ok")) { + return ReturnCode.NO_ERROR; + } + // still here? then something else went wrong + return ReturnCode.GENERIC_ERROR; } + /** * @return Registration URL given by the SP. */ diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/TestAccountAuthenticator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/TestAccountAuthenticator.java index 0c83ad0b..3059f9e8 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/TestAccountAuthenticator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/TestAccountAuthenticator.java @@ -3,9 +3,9 @@ package org.openslx.dozmod.authentication; import org.apache.log4j.Logger; import org.apache.thrift.TException; import org.openslx.bwlp.thrift.iface.SessionData; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; -import org.openslx.bwlp.thrift.iface.UserInfo; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.dozmod.authentication.ShibbolethEcp.ReturnCode; +import org.openslx.dozmod.thrift.Session; import org.openslx.thrifthelper.ThriftManager; /** @@ -21,35 +21,19 @@ public class TestAccountAuthenticator implements Authenticator { @Override public void login(String username, String password, AuthenticatorCallback callback) - throws TAuthenticationException { + throws TAuthorizationException, TException { SessionData authResult = null; - // try to login user - try { - authResult = ThriftManager.getMasterClient().authenticate(username, password); - } catch (TException e) { - LOGGER.error("Thrift communication error: ", e); - // TODO authenticate has to return a TAuthenticationException! - callback.postLogin(ReturnCode.GENERIC_ERROR, null, e); - return; - } + authResult = ThriftManager.getMasterClient().authenticate(username, password); // handle answer from server if (authResult != null && authResult.authToken != null) { - // TODO: Session.fromClientSessionData(authResult); - UserInfo userInfo = null; - try { - userInfo = ThriftManager.getMasterClient().getUserFromToken(authResult.authToken); - } catch (TException e) { - LOGGER.error("Thrift communication error: ", e); - // TODO authenticate has to return a TAuthenticationException! - callback.postLogin(ReturnCode.GENERIC_ERROR, null, e); - return; - } - callback.postLogin(ReturnCode.NO_ERROR, userInfo, null); + LOGGER.info(authResult); + Session.fromSessionData(authResult); + callback.postLogin(ReturnCode.NO_ERROR, null); } else { // it should then show a corresponding error message! - callback.postLogin(ReturnCode.GENERIC_ERROR, null, null); + callback.postLogin(ReturnCode.GENERIC_ERROR, null); } } } |