diff options
author | Simon Rettberg | 2015-07-15 17:33:19 +0200 |
---|---|---|
committer | Simon Rettberg | 2015-07-15 17:33:19 +0200 |
commit | 2987d0992a0609a3c9eb23048d87df630225b978 (patch) | |
tree | 4f9a778563b2da0316bc3e637d2dd31ee5280b70 /dozentenmodul/src/main/java/org/openslx/dozmod | |
parent | [cilent] check if vmdk parsed from vmx is relative or absolute and do proper ... (diff) | |
download | tutor-module-2987d0992a0609a3c9eb23048d87df630225b978.tar.gz tutor-module-2987d0992a0609a3c9eb23048d87df630225b978.tar.xz tutor-module-2987d0992a0609a3c9eb23048d87df630225b978.zip |
Adapt to changed thrift api for improved session validation
Diffstat (limited to 'dozentenmodul/src/main/java/org/openslx/dozmod')
7 files changed, 147 insertions, 154 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/Authenticator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/Authenticator.java index 430d0001..6c8b69b0 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/Authenticator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/Authenticator.java @@ -1,11 +1,7 @@ package org.openslx.dozmod.authentication; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; -import org.openslx.bwlp.thrift.iface.UserInfo; import org.openslx.dozmod.authentication.ShibbolethEcp.ReturnCode; -import edu.kit.scc.dei.ecplean.ECPAuthenticationException; - /** * @author Jonathan Bauer * @@ -19,17 +15,17 @@ public interface Authenticator { * corresponding message to the user. */ interface AuthenticatorCallback { - void postLogin(ReturnCode returnCode, UserInfo user, Throwable t); + void postLogin(ReturnCode returnCode, Throwable t); } /** * Definition of the generic login method. * - * @param username The username as String. - * @param password The password as String. + * @param username The username as String + * @param password The password as String * @param callback The callback function to be called after the login - * @throws ECPAuthenticationException + * @throws Exception */ void login(String username, String password, AuthenticatorCallback callback) - throws TAuthenticationException; + throws Exception; }
\ No newline at end of file diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java index 9bbc4175..ab211386 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java @@ -1,14 +1,21 @@ package org.openslx.dozmod.authentication; +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URISyntaxException; + +import org.apache.http.ParseException; +import org.apache.http.client.ClientProtocolException; import org.apache.log4j.Logger; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; -import org.openslx.bwlp.thrift.iface.UserInfo; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.dozmod.authentication.ShibbolethEcp.ReturnCode; import org.openslx.dozmod.thrift.Session; +import com.google.gson.JsonSyntaxException; + /** * @author Jonathan Bauer - * + * */ public class EcpAuthenticator implements Authenticator { @@ -16,7 +23,7 @@ public class EcpAuthenticator implements Authenticator { * Logger instance for this class */ private final static Logger LOGGER = Logger.getLogger(EcpAuthenticator.class); - + private final String ecpUrl; public EcpAuthenticator(String ecpUrl) { @@ -30,49 +37,30 @@ public class EcpAuthenticator implements Authenticator { } @Override - public void login(String username, String password, - AuthenticatorCallback callback) throws TAuthenticationException { + public void login(String username, String password, AuthenticatorCallback callback) + throws TAuthorizationException, JsonSyntaxException, ClientProtocolException, ParseException, + MalformedURLException, URISyntaxException, IOException { // try to login - ReturnCode ret = null; - try { - ret = ShibbolethEcp.doLogin(this.ecpUrl, username, password); - } catch (Exception e) { - // TODO: This class should not do any GUI interaction.... - } - // if ret is still null, some exception happened, so abort. + ReturnCode ret = ShibbolethEcp.doLogin(this.ecpUrl, username, password); + if (ret == null) { - LOGGER.error("Error during the ECP authentication process."); - callback.postLogin(ReturnCode.GENERIC_ERROR, null, null); - return; + LOGGER.warn("Shibboleth doLogin returned null as ReturnCode!"); + ret = ReturnCode.GENERIC_ERROR; } - // else, we do have a valid ReturnCode? + // If login succeeded, set up session data if (ret == ReturnCode.NO_ERROR) { - final UserInfo userInfo; // we have a token? final String token = ShibbolethEcp.getResponse().token; if (token == null || token.isEmpty()) { // bad token LOGGER.error("No token received from the service provider!"); - callback.postLogin(ReturnCode.SERVICE_PROVIDER_ERROR, null, null); + callback.postLogin(ReturnCode.SERVICE_PROVIDER_ERROR, null); } // create the session for the user from the response of the ECP Session.fromEcpLogin(ShibbolethEcp.getResponse()); - - // build userInfo from the information received - userInfo = new UserInfo(Session.getUserId(), - Session.getFirstName(), - Session.getLastName(), - Session.getEMail(), - Session.getOrganizationId()); - - // send it back to the GUI - callback.postLogin(ReturnCode.NO_ERROR, userInfo, null); - } else { - // else just return the ReturnCode to the GUI - // it should then show a corresponding error message! - callback.postLogin(ret, null, null); } + callback.postLogin(ret, null); } } diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java index e0eabb91..99c55be6 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java @@ -12,8 +12,8 @@ import org.apache.http.client.ClientProtocolException; import org.apache.http.client.methods.HttpGet; import org.apache.http.util.EntityUtils; import org.apache.log4j.Logger; -import org.openslx.bwlp.thrift.iface.AuthenticationError; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; +import org.openslx.bwlp.thrift.iface.AuthorizationError; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; import com.google.gson.Gson; import com.google.gson.GsonBuilder; @@ -33,44 +33,46 @@ public class ShibbolethEcp { * Static gson object for (de)serialization */ private static final Gson GSON = new GsonBuilder().create(); - + /** * ServiceProviderResponse Object representing the last response we received */ private static ServiceProviderResponse lastResponse = null; /** - * URL for bwLehrpool registration + * URL for bwLehrpool registration */ private static URL registrationUrl = null; + /** * Return codes */ public static enum ReturnCode { // TODO rework this... - NO_ERROR(0, "Authentication against the identity provider and request of the service provider resource worked."), + NO_ERROR(0, + "Authentication against the identity provider and request of the service provider resource worked."), IDENTITY_PROVIDER_ERROR(1, "Authentication against the identity provider failed."), UNREGISTERED_ERROR(2, "User not registered to use bwLehrpool."), SERVICE_PROVIDER_ERROR(3, "Invalid resource of the service provider."), INVALID_URL_ERROR(4, "Invalid URL received from master server."), GENERIC_ERROR(5, "Internal error."); - private final int id; - private final String msg; + private final int id; + private final String msg; - ReturnCode(int id, String msg) { - this.id = id; - this.msg = msg; - } + ReturnCode(int id, String msg) { + this.id = id; + this.msg = msg; + } - public int getId() { - return this.id; - } + public int getId() { + return this.id; + } - public String getMsg() { - return this.msg; - } + public String getMsg() { + return this.msg; + } } - + /** * Static URI to the SP. */ @@ -90,21 +92,23 @@ public class ShibbolethEcp { public static ServiceProviderResponse getResponse() { return lastResponse; } + /** * Fetches the resource - * + * * @param idpUrl - * URL of the identity provider to authenticate against, as String. + * URL of the identity provider to authenticate against, as + * String. * @param user * Username as String. * @param pass * Password as String. * @return - * true if login worked, false otherwise. - * @throws TAuthenticationException + * true if login worked, false otherwise. + * @throws TAuthorizationException */ public static ReturnCode doLogin(final String idpUrl, final String user, final String pass) - throws TAuthenticationException, URISyntaxException, ClientProtocolException, IOException, + throws TAuthorizationException, URISyntaxException, ClientProtocolException, IOException, ParseException, JsonSyntaxException, MalformedURLException { // first lets do some sanity checks @@ -127,43 +131,44 @@ public class ShibbolethEcp { // now init the authenticator for that idp and our static sp final ECPAuthenticator auth = new ECPAuthenticator(user, pass, new URI(idpUrl), BWLP_SP); - - try { + + try { auth.authenticate(); - } catch (ECPAuthenticationException e) { + } catch (ECPAuthenticationException e) { LOGGER.error("ECP Authentication Exception, see trace: ", e); - throw new TAuthenticationException(AuthenticationError.GENERIC_ERROR, e.getMessage()); - } - // here test again for the SP's URL - final HttpGet testSp = new HttpGet(BWLP_SP); - final HttpResponse response = auth.getHttpClient().execute(testSp); - - LOGGER.debug("SP request returned: " + response.getStatusLine()); - final String responseBody = EntityUtils.toString(response.getEntity()); - - lastResponse = GSON.fromJson(responseBody, ServiceProviderResponse.class); - - // TODO: here we will need to parse the answer accordingly. - // no errors, meaning everything worked fine. - if (lastResponse.status.equals("unregistered")) { + throw new TAuthorizationException(AuthorizationError.GENERIC_ERROR, e.getMessage()); + } + // here test again for the SP's URL + final HttpGet testSp = new HttpGet(BWLP_SP); + final HttpResponse response = auth.getHttpClient().execute(testSp); + + LOGGER.debug("SP request returned: " + response.getStatusLine()); + final String responseBody = EntityUtils.toString(response.getEntity()); + + lastResponse = GSON.fromJson(responseBody, ServiceProviderResponse.class); + + // TODO: here we will need to parse the answer accordingly. + // no errors, meaning everything worked fine. + if (lastResponse.status.equals("unregistered")) { registrationUrl = new URL(lastResponse.url); return ReturnCode.UNREGISTERED_ERROR; - } - // TODO the rest of the cases... - if (lastResponse.status.equals("error")) { - LOGGER.error("Server side error: " + lastResponse.error); - return ReturnCode.GENERIC_ERROR; - } - if (lastResponse.status.equals("anonymous")) { - LOGGER.error("IdP did not forward user account information to SP. Contact developper."); - return ReturnCode.GENERIC_ERROR; - } - if (lastResponse.status.equals("ok")) { - return ReturnCode.NO_ERROR; - } - // still here? then something else went wrong - return ReturnCode.GENERIC_ERROR; + } + // TODO the rest of the cases... + if (lastResponse.status.equals("error")) { + LOGGER.error("Server side error: " + lastResponse.error); + return ReturnCode.GENERIC_ERROR; + } + if (lastResponse.status.equals("anonymous")) { + LOGGER.error("IdP did not forward user account information to SP. Contact developper."); + return ReturnCode.GENERIC_ERROR; + } + if (lastResponse.status.equals("ok")) { + return ReturnCode.NO_ERROR; + } + // still here? then something else went wrong + return ReturnCode.GENERIC_ERROR; } + /** * @return Registration URL given by the SP. */ diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/TestAccountAuthenticator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/TestAccountAuthenticator.java index 0c83ad0b..3059f9e8 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/TestAccountAuthenticator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/TestAccountAuthenticator.java @@ -3,9 +3,9 @@ package org.openslx.dozmod.authentication; import org.apache.log4j.Logger; import org.apache.thrift.TException; import org.openslx.bwlp.thrift.iface.SessionData; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; -import org.openslx.bwlp.thrift.iface.UserInfo; +import org.openslx.bwlp.thrift.iface.TAuthorizationException; import org.openslx.dozmod.authentication.ShibbolethEcp.ReturnCode; +import org.openslx.dozmod.thrift.Session; import org.openslx.thrifthelper.ThriftManager; /** @@ -21,35 +21,19 @@ public class TestAccountAuthenticator implements Authenticator { @Override public void login(String username, String password, AuthenticatorCallback callback) - throws TAuthenticationException { + throws TAuthorizationException, TException { SessionData authResult = null; - // try to login user - try { - authResult = ThriftManager.getMasterClient().authenticate(username, password); - } catch (TException e) { - LOGGER.error("Thrift communication error: ", e); - // TODO authenticate has to return a TAuthenticationException! - callback.postLogin(ReturnCode.GENERIC_ERROR, null, e); - return; - } + authResult = ThriftManager.getMasterClient().authenticate(username, password); // handle answer from server if (authResult != null && authResult.authToken != null) { - // TODO: Session.fromClientSessionData(authResult); - UserInfo userInfo = null; - try { - userInfo = ThriftManager.getMasterClient().getUserFromToken(authResult.authToken); - } catch (TException e) { - LOGGER.error("Thrift communication error: ", e); - // TODO authenticate has to return a TAuthenticationException! - callback.postLogin(ReturnCode.GENERIC_ERROR, null, e); - return; - } - callback.postLogin(ReturnCode.NO_ERROR, userInfo, null); + LOGGER.info(authResult); + Session.fromSessionData(authResult); + callback.postLogin(ReturnCode.NO_ERROR, null); } else { // it should then show a corresponding error message! - callback.postLogin(ReturnCode.GENERIC_ERROR, null, null); + callback.postLogin(ReturnCode.GENERIC_ERROR, null); } } } diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/Gui.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/Gui.java index 8e5231ae..42fbf165 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/Gui.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/Gui.java @@ -193,7 +193,8 @@ public class Gui { if (logger != null) logger.log(messageType.logPriority, message, exception); if (exception != null) - message += "\n\n" + exception.getClass().getSimpleName() + " (Siehe Logdatei)"; + message += "\n\n" + exception.getClass().getSimpleName() + "\n" + exception.getMessage() + "\n" + + " (Siehe Logdatei)"; MessageBox box = new MessageBox(parent, messageType.style); box.setMessage(message); box.setText(messageType.title); diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/window/LoginWindow.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/window/LoginWindow.java index 8066c599..1b10ab80 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/window/LoginWindow.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/window/LoginWindow.java @@ -12,8 +12,6 @@ import org.eclipse.swt.events.SelectionAdapter; import org.eclipse.swt.events.SelectionEvent; import org.eclipse.swt.widgets.Shell; import org.openslx.bwlp.thrift.iface.Organization; -import org.openslx.bwlp.thrift.iface.TAuthenticationException; -import org.openslx.bwlp.thrift.iface.UserInfo; import org.openslx.dozmod.Config; import org.openslx.dozmod.authentication.Authenticator; import org.openslx.dozmod.authentication.Authenticator.AuthenticatorCallback; @@ -26,6 +24,7 @@ import org.openslx.dozmod.gui.MainWindow; import org.openslx.dozmod.gui.helper.MessageType; import org.openslx.dozmod.gui.window.layout.LoginWindowLayout; import org.openslx.dozmod.thrift.OrganizationCache; +import org.openslx.dozmod.thrift.Session; import org.openslx.thrifthelper.ThriftManager; import org.openslx.util.QuickTimer; import org.openslx.util.QuickTimer.Task; @@ -251,9 +250,8 @@ public class LoginWindow extends LoginWindowLayout { private void doLogin() { // sanity check on loginType. if (loginType == null) { - Gui.showMessageBox(this.getShell(), - "No login type set, a default should be set! Ignoring...", MessageType.ERROR, LOGGER, - null); + Gui.showMessageBox(this.getShell(), "No login type set, a default should be set! Ignoring...", + MessageType.ERROR, LOGGER, null); return; } // here we only check for the fields @@ -277,14 +275,7 @@ public class LoginWindow extends LoginWindowLayout { final LoginWindow me = this; AuthenticatorCallback authenticatorCallback = new AuthenticatorCallback() { @Override - public void postLogin(ReturnCode returnCode, UserInfo user, Throwable t) { - // TODO finish this - if (user == null) { - Gui.showMessageBox(me.getShell(), - "User information received from the masterserver is corrupt!", MessageType.ERROR, - LOGGER, null); - return; - } + public void postLogin(ReturnCode returnCode, Throwable t) { switch (returnCode) { case NO_ERROR: postSuccessfulLogin(); @@ -299,12 +290,15 @@ public class LoginWindow extends LoginWindowLayout { MessageType.ERROR, LOGGER, t); break; case UNREGISTERED_ERROR: - Gui.showMessageBox( - me.getShell(), - "You are not registered to bwLehrpool. Please visit " - + ShibbolethEcp.getRegistrationUrl() + " and register first.", + Gui.showMessageBox(me.getShell(), "You are not registered to bwLehrpool. Please visit " + + ShibbolethEcp.getRegistrationUrl() + " and register first.", MessageType.ERROR, + LOGGER, t); + break; + case INVALID_URL_ERROR: + Gui.showMessageBox(me.getShell(), "ECP Authenticator says: Invalid URL.", MessageType.ERROR, LOGGER, t); break; + case GENERIC_ERROR: default: Gui.showMessageBox(me.getShell(), "Internal error!", MessageType.ERROR, null, null); break; @@ -325,36 +319,44 @@ public class LoginWindow extends LoginWindowLayout { Gui.showMessageBox(this.getShell(), "Not yet implemented", MessageType.ERROR, null, null); return; default: - Gui.showMessageBox(this.getShell(), "No login type selected!", MessageType.ERROR, null, - null); + Gui.showMessageBox(this.getShell(), "No login type selected!", MessageType.ERROR, null, null); return; } // Excute login try { authenticator.login(username, password, authenticatorCallback); - } catch (TAuthenticationException e) { - Gui.showMessageBox(me.getShell(), "Authentication failed: " + e.getMessage(), - MessageType.ERROR, LOGGER, null); + } catch (Exception e) { + Gui.showMessageBox(me.getShell(), "Authentication failed: " + e.getMessage(), MessageType.ERROR, + LOGGER, e); return; } } /** * Functions called by doLogin is the login process succeeded. + * + * @param user user who logged in */ private void postSuccessfulLogin() { LOGGER.info(loginType.toString() + " succeeded."); // TODO HACK HACK ThriftManager.setSatelliteAddress("132.230.8.113"); - - // now read the config to see if the user already agreed to the disclaimer - if (DisclaimerWindow.shouldBeShown()) - MainWindow.openPopup(DisclaimerWindow.class, true, true); - // TODO: Add notice about VMware etc... - - getShell().dispose(); + // Something like ThriftManager.setSatelliteAddress(Session.getSatelliteAddress()); (might need selection box) + Exception e = null; + try { + ThriftManager.getSatClient().isAuthenticated(Session.getSatelliteToken()); + // now read the config to see if the user already agreed to the disclaimer + if (DisclaimerWindow.shouldBeShown()) + MainWindow.openPopup(DisclaimerWindow.class, true, true); + getShell().dispose(); + return; + } catch (Exception ex) { + e = ex; + } + Gui.showMessageBox(this.getShell(), "Login succeeded, but Satellite rejected the session token. :-(", + MessageType.ERROR, LOGGER, e); } /** diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/thrift/Session.java b/dozentenmodul/src/main/java/org/openslx/dozmod/thrift/Session.java index c4e6bb6b..1f4cf0b0 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/thrift/Session.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/thrift/Session.java @@ -1,7 +1,12 @@ package org.openslx.dozmod.thrift; +import org.apache.thrift.TException; import org.openslx.bwlp.thrift.iface.ClientSessionData; +import org.openslx.bwlp.thrift.iface.SessionData; +import org.openslx.bwlp.thrift.iface.TInvalidTokenException; +import org.openslx.bwlp.thrift.iface.UserInfo; import org.openslx.dozmod.authentication.ServiceProviderResponse; +import org.openslx.thrifthelper.ThriftManager; public class Session { @@ -29,11 +34,23 @@ public class Session { masterToken = session.sessionId; satelliteToken = session.authToken; } + + public static void fromSessionData(SessionData session) throws TInvalidTokenException, TException { + // TODO: This is legacy API, switch to ClientSessionData asap + UserInfo ui = ThriftManager.getMasterClient().getUserFromToken(session.authToken); + if (userId != null && !userId.equals(ui.userId)) + throw new IllegalArgumentException("Cannot set new session data with different user id!"); + firstName = ui.firstName; + lastName = ui.lastName; + eMail = ui.eMail; + userId = ui.userId; + masterToken = session.sessionId; + satelliteToken = session.authToken; + } public static void fromEcpLogin(ServiceProviderResponse response) { - // TODO - //if (userId != null && !userId.equals(response.userId)) - // throw new IllegalArgumentException("Cannot set new session data with different user id!"); + if (userId != null && !userId.equals(response.userId)) + throw new IllegalArgumentException("Cannot set new session data with different user id!"); firstName = response.firstName; lastName = response.lastName; eMail = response.mail; |