diff options
| -rw-r--r-- | dozentenmodul/pom.xml | 40 | ||||
| -rw-r--r-- | dozentenmodul/src/main/java/gui/intro/Login_GUI.java | 115 | ||||
| -rw-r--r-- | dozentenmodul/src/main/java/util/ShibbolethECP.java | 136 |
3 files changed, 159 insertions, 132 deletions
diff --git a/dozentenmodul/pom.xml b/dozentenmodul/pom.xml index 5738de8c..2ceff87a 100644 --- a/dozentenmodul/pom.xml +++ b/dozentenmodul/pom.xml @@ -89,30 +89,6 @@ <include>**</include> </includes> </filter> - <filter> - <artifact>org.opensaml:*</artifact> - <includes> - <include>**</include> - </includes> - </filter> - <filter> - <artifact>xml-apis:*</artifact> - <includes> - <include>**</include> - </includes> - </filter> - <filter> - <artifact>xalan:*</artifact> - <includes> - <include>**</include> - </includes> - </filter> - <filter> - <artifact>xerces:*</artifact> - <includes> - <include>**</include> - </includes> - </filter> </filters> <minimizeJar>true</minimizeJar> <transformers> @@ -205,11 +181,6 @@ <version>3.5.0</version> </dependency> <dependency> - <groupId>org.apache.httpcomponents</groupId> - <artifactId>httpclient</artifactId> - <version>4.3</version> - </dependency> - <dependency> <groupId>org.apache.thrift</groupId> <artifactId>libthrift</artifactId> <version>0.9.1</version> @@ -279,14 +250,9 @@ <scope>test</scope> </dependency> <dependency> - <groupId>de.tudarmstadt.ukp.shibhttpclient</groupId> - <artifactId>shib-http-client</artifactId> - <version>1.1.0-SNAPSHOT</version> - </dependency> - <dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - <version>2.11.0</version> + <groupId>org.openslx.ecp</groupId> + <artifactId>ecp-client-lean</artifactId> + <version>0.0.2-SNAPSHOT</version> </dependency> </dependencies> </project> diff --git a/dozentenmodul/src/main/java/gui/intro/Login_GUI.java b/dozentenmodul/src/main/java/gui/intro/Login_GUI.java index 75d60051..1ac62333 100644 --- a/dozentenmodul/src/main/java/gui/intro/Login_GUI.java +++ b/dozentenmodul/src/main/java/gui/intro/Login_GUI.java @@ -8,16 +8,20 @@ import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.awt.event.WindowAdapter; import java.awt.event.WindowEvent; +import java.util.ArrayList; import java.util.List; import java.util.concurrent.ExecutionException; import javax.swing.ButtonGroup; +import javax.swing.DefaultComboBoxModel; +import javax.swing.DefaultListCellRenderer; import javax.swing.ImageIcon; import javax.swing.JButton; import javax.swing.JCheckBox; import javax.swing.JComboBox; import javax.swing.JFrame; import javax.swing.JLabel; +import javax.swing.JList; import javax.swing.JOptionPane; import javax.swing.JPanel; import javax.swing.JPasswordField; @@ -36,14 +40,15 @@ import models.person; import org.apache.log4j.Logger; import org.apache.thrift.TException; import org.openslx.imagemaster.thrift.iface.ImageServer.Client; +import org.openslx.imagemaster.thrift.iface.OrganizationData; import org.openslx.imagemaster.thrift.iface.UserInfo; -//import server.generated.Server.Client; import thrift.MasterThriftConnection; import thrift.ThriftConnection; import util.GuiOrganizer; import util.ResourceLoader; import util.ShibbolethECP; + import config.Config; @SuppressWarnings("serial") @@ -84,8 +89,9 @@ public class Login_GUI extends JFrame { private ActionListener loginTypeActionListener; // bwIDM label and dropdown - private JComboBox<String> choice; + private JComboBox<OrganizationData> idpChoice; private JLabel lblIdp; + private List<OrganizationData> organizations; // Satellite IP label and text field private JLabel lblSatellitenIp; @@ -221,12 +227,11 @@ public class Login_GUI extends JFrame { lblSatIP.setToolTipText("Bitte geben Sie die IP-Adresse des Satelliten ein."); //panel.add(lblSatIP); - String organisations[] = { "https://testidp3-dev.aai.dfn.de/idp/profile/SAML2/SOAP/ECP" }; - choice = new JComboBox<String>(organisations); - choice.setBounds(135, 35, 237, 20); + idpChoice = new JComboBox<OrganizationData>(); + idpChoice.setBounds(135, 35, 237, 20); //panel.add(choice); - lblIdp = new JLabel("IDP:"); + lblIdp = new JLabel("IdP:"); lblIdp.setBounds(25, 35, 82, 20); //panel.add(lblIdp); @@ -270,6 +275,7 @@ public class Login_GUI extends JFrame { rdbtnDirekteVerbindung.setBounds(32, 85, 244, 23); rdbtnDirekteVerbindung.setActionCommand(LOGIN_TYPE_SATELLITE); rdbtnDirekteVerbindung.addActionListener(loginTypeActionListener); + rdbtnDirekteVerbindung.setEnabled(false); bgLoginType.add(rdbtnDirekteVerbindung); panel_1.add(rdbtnDirekteVerbindung); @@ -289,7 +295,6 @@ public class Login_GUI extends JFrame { if (loginType == LOGIN_TYPE_BWLEHRPOOL) { - // start the authentication process against the masterserver org.openslx.imagemaster.thrift.iface.SessionData result = null; // Connect to Master @@ -386,16 +391,14 @@ public class Login_GUI extends JFrame { @Override protected Boolean doInBackground() throws Exception { publish("Info: Initialisiere Shibboleth-Client ..."); - ShibbolethECP.init(choice.getSelectedItem().toString()); + OrganizationData selectedOrg = (OrganizationData) idpChoice.getSelectedItem(); publish("Info: Überprüfe Zugangdaten über bwIDM ..."); - return ShibbolethECP.doLogin(lblusername.getText().trim(), String.valueOf(lblpass.getPassword())); + return ShibbolethECP.doLogin(selectedOrg.getEcpUrl(), lblusername.getText().trim(), String.valueOf(lblpass.getPassword())); } protected void done() { try { if (get()) { setStatus(Color.green, "Info: bwIDM-Login erfolgreich.", null); - // TODO: call showNextStep() - //showMainMenu(); JOptionPane.showMessageDialog(c, "Der Shibboleth-Login war erfolgreich! Der Rest ist noch in Entwicklung :)", "bwIDM-Login erfolgreich", JOptionPane.PLAIN_MESSAGE); // all done, show main menu @@ -539,10 +542,11 @@ public class Login_GUI extends JFrame { panel.setVisible(false); switch(type) { case LOGIN_TYPE_BWIDM: + initIdpList(); panel.remove(lblSatIP); panel.remove(lblSatellitenIp); + panel.add(idpChoice); panel.add(lblIdp); - panel.add(choice); panel.add(LabelPass); lblpass.setText(""); lblpass.setToolTipText("Bitte geben Sie Ihr bwIDM-Passwort ein."); @@ -553,7 +557,7 @@ public class Login_GUI extends JFrame { panel.setVisible(true); break; case LOGIN_TYPE_BWLEHRPOOL: - panel.remove(choice); + panel.remove(idpChoice); panel.remove(lblIdp); panel.remove(lblSatIP); panel.remove(lblSatellitenIp); @@ -566,7 +570,7 @@ public class Login_GUI extends JFrame { panel.setVisible(true); break; case LOGIN_TYPE_SATELLITE: - panel.remove(choice); + panel.remove(idpChoice); panel.remove(lblIdp); panel.remove(LabelPass); panel.remove(lblpass); @@ -578,12 +582,91 @@ public class Login_GUI extends JFrame { panel.revalidate(); panel.repaint(); panel.setVisible(true); + setStatus(Color.black, "Info: Bereit für bwIDM-Login", null); break; default: - LOGGER.error("Unknown action '" + type + "'. Ignoring."); panel.setVisible(true); return; } - + } + + /** + * Request the list of identity providers from the masterserver and + * display them in a combobox. + */ + private void initIdpList() { + // abort if we fetched the list already. + if (organizations != null) { + return; + } else { + organizations = new ArrayList<OrganizationData>(); + } + LOGGER.info("Fetching list of identity providers from masterserver..."); + SwingWorker<Boolean, String> worker = new SwingWorker<Boolean, String>(){ + @Override + protected Boolean doInBackground() throws Exception { + publish("Info: Hole Liste von IdPs"); + // if not then request it from the masterserver + MasterThriftConnection thrift = new MasterThriftConnection(); + Client client = thrift.getMasterThriftConnection(); + List<OrganizationData> tempOrgs = null; + try { + tempOrgs = client.getOrganizations(); + } catch (TException e) { + LOGGER.error("Could not fetch list of identity providers from the masterserver, see trace: ", e); + return false; + } + // safety check to see if we got any organizations at all + if (tempOrgs != null) { + // now add those with an Ecp URL to the result list. + for (OrganizationData org : tempOrgs) { + if (org.getEcpUrl() != null && !org.getEcpUrl().isEmpty()) { + organizations.add(org); + } + LOGGER.debug("Valid IdP: " + org.toString()); + } + } else { + LOGGER.error("Thrift call of 'getOrganizations()' seems to have worked, but 'organizations' is still null."); + LOGGER.error("Is the API of the masterserver working correctly?"); + return false; + } + publish("Info: Liste von IdPs empfangen."); + return true; + } + protected void done() { + try { + if (get()) { + // fill the combobox with the IdPs returned from the masterserver + OrganizationData[] orgs = organizations.toArray(new OrganizationData[]{}); + idpChoice.setModel(new DefaultComboBoxModel<OrganizationData>(orgs)); + // now override the renderer, to show the display names of the organizations. + idpChoice.setRenderer(new DefaultListCellRenderer() { + @Override + public Component getListCellRendererComponent(JList list, Object value, int index, boolean isSelected, boolean cellHasFocus) { + super.getListCellRendererComponent(list, value, index, isSelected, cellHasFocus); + if (value instanceof OrganizationData){ + OrganizationData org = (OrganizationData) value; + setText(org.getDisplayName()); + } + return this; + } + }); + setStatus(Color.black, "Info: Bereit für Login", null); + } else { + setStatus(Color.red, "Fehler: Vorbereitung für bwIDM-Login fehlgeschlagen!", null); + } + } catch (InterruptedException e) { + LOGGER.error("SwingWorker for 'getOrganizationsList' got interrupted, see trace: ", e); + } catch (ExecutionException e) { + LOGGER.error("Execution of SwingWorker for 'getOrganizationsList' failed, see trace: ", e); + } + } + @Override + protected void process(List<String> msgs) { + String currentMessage = msgs.get(msgs.size()-1); + setStatus(Color.black, currentMessage, null); + } + }; + worker.execute(); } }// end class diff --git a/dozentenmodul/src/main/java/util/ShibbolethECP.java b/dozentenmodul/src/main/java/util/ShibbolethECP.java index 374e3a6e..78133425 100644 --- a/dozentenmodul/src/main/java/util/ShibbolethECP.java +++ b/dozentenmodul/src/main/java/util/ShibbolethECP.java @@ -1,108 +1,86 @@ package util; -import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; -import org.apache.http.client.ClientProtocolException; -import org.apache.http.client.HttpClient; -import org.apache.http.client.ResponseHandler; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.util.EntityUtils; import org.apache.log4j.Logger; -import org.opensaml.DefaultBootstrap; -import org.opensaml.xml.ConfigurationException; -import de.tudarmstadt.ukp.shibhttpclient.ShibHttpClient; +import edu.kit.scc.dei.ecplean.ECPAuthenticationException; +import edu.kit.scc.dei.ecplean.ECPAuthenticator; public class ShibbolethECP { - // Logger + /** + * Logger instance for this class + */ private final static Logger LOGGER = Logger.getLogger(ShibbolethECP.class); - - // IdP URL - private static String identityProviderUrl; - public static void setIdentityProviderUrl(String identityProviderUrl) { - ShibbolethECP.identityProviderUrl = identityProviderUrl; - } - - public static boolean init(String idpUrl) { + /** + * Static URI to the SP. + */ + private final static URI BWLP_SP; + static { + URI tmp; try { - DefaultBootstrap.bootstrap(); - } catch (ConfigurationException ce) { - ce.printStackTrace(); - LOGGER.error("OpenSAML wrongly configured."); - return false; + tmp = new URI("https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/test.php"); + } catch (URISyntaxException e) { + // should never happen! + LOGGER.error("Bad URI syntax of the service provider, see trace: ", e); + tmp = null; } - - if (idpUrl != null) { - // TODO sanity check on the URL? - setIdentityProviderUrl(idpUrl); - } else { - // no IdP given - return false; - } - - // everything fine, return true - return true; + BWLP_SP = tmp; } - public static Boolean doLogin(final String user, final String pass) { - + /** + * Fetches the resource + * + * @param idpUrl + * URL of the identity provider to authenticate against, as String. + * @param user + * Username as String. + * @param pass + * Password as String. + */ + public static Boolean doLogin(final String idpUrl, final String user, final String pass) { + // first lets do some sanity checks + if (BWLP_SP == null) { + LOGGER.error("URI to service provider is not set. Check the initialization of 'BWLP_SP'."); + return false; + } + if (idpUrl == null) { + LOGGER.error("Identity provider is not set, did you initialize this class correctly?"); + return false; + } if (user == null) { LOGGER.error("No username given, aborting..."); return false; } - if (pass == null) { LOGGER.error("No password given, aborting..."); return false; } - - if (identityProviderUrl == null) { - LOGGER.error("Identity provider is not set, did you initialize this class correctly?"); - return false; - } - - // The last argument indicates to accept any certificate - HttpClient client = new ShibHttpClient(identityProviderUrl, user, pass, true); - HttpGet req = new HttpGet("https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/test.php"); - String res = null; - ResponseHandler<String> respHandler = new ResponseHandler<String>() { - public String handleResponse(final HttpResponse response) throws ClientProtocolException, IOException { - int status = response.getStatusLine().getStatusCode(); - if (status == 200 || status == 302) { - HttpEntity entity = response.getEntity(); - return entity != null ? EntityUtils.toString(entity) : null; - } else { - throw new ClientProtocolException("Unexpected response status: " + status); - } - } - }; + + // now init the authenticator for that idp and our static sp + ECPAuthenticator auth = null; try { - res = client.execute(req, respHandler); - } catch (ClientProtocolException e) { - // this is thrown on http return code not 200 or 302, indicates wrong login - // TODO handle this with possible error causes: creds wrong, etc... - LOGGER.error("Fatal error requesting '" + req.getURI() + "':", e); - return false; - } catch (IOException e) { - LOGGER.error("Fatal protocol error requesting '" + req.getURI() + "':", e); - return false; + auth = new ECPAuthenticator(user, pass, new URI(idpUrl), BWLP_SP); + } catch (URISyntaxException e) { + LOGGER.error("Bad URI syntax, see trace: ", e); } - - // did we get a response? - if (res != null) { - LOGGER.info(res); - // return true, to signal a successful login - return true; - } else { - // we shouldn't actually reach this code... - LOGGER.error("Seems like the request worked, but the response is empty. Something is very wrong..."); + if (auth == null) { + LOGGER.error("Initialising ECP authentication failed, aborting..."); return false; - } + } + try { + auth.authenticate(); + } catch (ECPAuthenticationException e) { + LOGGER.error("ECP Authentication Exception, see trace: ", e); + return false; + } + // TODO: here we will need to parse the answer accordingly. + // no errors, meaning everything worked fine. + return true; } } |