/**
* Return the current user, either an already authenticated one, or the one just discovered from
* the <i>openid.identifier.parameter</i> (= "openid_identifier" by default).<br>
* Returns <code>null</code> if the {@link Constants#OPENID_MODE} associated with the request is
* set to {@link Constants.Mode#CANCEL} (in order to login under a different id), or if the
* authentification is timed out.<br>
* If returned user is <code>null</code> and {@link #isAuthResponse(HttpServletRequest)} is <code>
* true</code> then we have an authentication timeout.
*
* @param request HttpServletRequest
* @return user OpenIdUser
*/
public OpenIdUser discover(HttpServletRequest request) throws Exception {
OpenIdUser user = (OpenIdUser) request.getAttribute(OpenIdUser.ATTR_NAME);
if (user == null) {
System.err.println("vvvvvv RelyingParty: user NOT in request");
user = _manager.getUser(request);
String id = null;
if (user != null) {
System.err.println("vvvvvv RelyingParty: user in session");
if (user.isAuthenticated()) {
System.err.println("vvvvvv RelyingParty: user authenticated");
_listener.onAccess(user, request);
request.setAttribute(OpenIdUser.ATTR_NAME, user);
return user;
}
System.err.println("vvvvvv RelyingParty: user NOT authenticated");
if ((id = request.getParameter(_identifierParameter)) == null) {
if (user.isAssociated()) {
String mode = request.getParameter(Constants.OPENID_MODE);
if (mode == null) return _automaticRedirect ? user : null;
return Constants.Mode.CANCEL.equals(mode) ? null : user;
}
return user;
} else if ((id = id.trim()).length() != 0) {
Identifier identifier = Identifier.getIdentifier(id, _resolver, _context);
if (identifier.isResolved()) {
if (!identifier.getId().equals(user.getIdentifier())) {
// new user or ... the user cancels authentication
// and provides a different openid identifier
return discover(identifier, request);
}
}
}
} else if ((id = request.getParameter(_identifierParameter)) != null
&& (id = id.trim()).length() != 0) {
System.err.println(
"vvvvvv RelyingParty: user NOT in session and parameter("
+ _identifierParameter
+ ") is NOT empty");
Identifier identifier = Identifier.getIdentifier(id, _resolver, _context);
if (identifier.isResolved()) return discover(identifier, request);
} else {
System.err.println(
"vvvvvv RelyingParty: user NOT in session and parameter("
+ _identifierParameter
+ ") is empty");
}
}
return user;
}
@SuppressWarnings("unchecked")
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
try {
OpenIdUser openIdUser = _relyingParty.discover(request);
if (openIdUser != null) {
if (openIdUser.isAuthenticated()
|| (openIdUser.isAssociated()
&& RelyingParty.isAuthResponse(request)
&& _relyingParty.verifyAuth(openIdUser, request, response))) {
/* Session stuff for openid provider selection */
HttpSession session = request.getSession();
response.setContentType("text/plain");
response.getWriter().write(openIdUser.getIdentity());
return;
}
}
} catch (Exception e) {
e.printStackTrace();
}
response.setStatus(401);
}
/** Returns true if the user associated with this request is authenticated. */
public static boolean handle(
HttpServletRequest request,
HttpServletResponse response,
RelyingParty relyingParty,
ForwardUriHandler forwardUriHandler,
String forwardUri)
throws IOException, ServletException {
System.err.println("^^^^^^ JSessionID: " + request.getSession().getId());
String errorMsg = DEFAULT_ERROR_MSG;
try {
OpenIdUser user = relyingParty.discover(request);
if (user == null) {
System.err.println("^^^^^^ OpenIdServletFilter: user.isDiscovered() == false");
if (RelyingParty.isAuthResponse(request)) {
// authentication timeout
System.err.println(
"^^^^^^ OpenIdServletFilter => redirect for timeout to: " + request.getRequestURI());
response.sendRedirect(request.getRequestURI());
} else {
// set error msg if the openid_identifier is not resolved.
if (request.getParameter(relyingParty.getIdentifierParameter()) != null)
request.setAttribute(ERROR_MSG_ATTR, errorMsg);
// new user
System.err.println(
"^^^^^^ OpenIdServletFilter => forward because of new user: "******"^^^^^^ OpenIdServletFilter: user.isAuthenticated() == true");
return true;
}
if (user.isAssociated() && RelyingParty.isAuthResponse(request)) {
// verify authentication
if (relyingParty.verifyAuth(user, request, response)) {
// authenticated
// redirect to home to remove the query params
System.err.println(
"^^^^^^ OpenIdServletFilter => redirect to remove query params to: "
+ request.getRequestURI());
response.sendRedirect(request.getRequestURI());
} else {
// failed verification
System.err.println(
"^^^^^^ OpenIdServletFilter => redirect because failed verification to: "
+ forwardUri);
forwardUriHandler.handle(forwardUri, request, response);
}
return false;
}
// associate and authenticate user
StringBuffer url = request.getRequestURL();
String trustRoot = url.substring(0, url.indexOf(SLASH, 9));
String realm = url.substring(0, url.lastIndexOf(SLASH));
String returnTo = url.toString();
if (relyingParty.associateAndAuthenticate(
user, request, response, trustRoot, realm, returnTo)) {
// user is associated and then redirected to his openid provider for authentication
return false;
}
} catch (UnknownHostException uhe) {
errorMsg = ID_NOT_FOUND_MSG;
} catch (FileNotFoundException fnfe) {
errorMsg = ID_NOT_FOUND_MSG;
} catch (Exception e) {
e.printStackTrace();
errorMsg = DEFAULT_ERROR_MSG;
}
request.setAttribute(ERROR_MSG_ATTR, errorMsg);
System.err.println(
"^^^^^^ OpenIdServletFilter => forward with reason '" + errorMsg + "' to: " + forwardUri);
forwardUriHandler.handle(forwardUri, request, response);
return false;
}