private boolean isAuthenticatedAndApproved(IWContext iwc, User user, AuthRequest authReq) {

    OpenIDServerBean serverBean = ELUtil.getInstance().getBean("openIDServerBean");
    List<AuthorizedAttribute> required = serverBean.getRequiredAttributes();
    List<AuthorizedAttribute> allAttributes = serverBean.getRequestedAttributes();

    // allowedRealm value set in presentation layer
    boolean allowAction = isAllowAction(iwc);

    // Deny by default if no attributes are exchanged
    boolean allowed = allAttributes != null && !allAttributes.isEmpty();

    // Check each allowed attribute
    // If it has been stored, it is always allow, otherwise it is not
    if (allowAction) {
      allowed = true; // allow by default if allow action
      if (allAttributes != null) {
        for (AuthorizedAttribute attr : allAttributes) {
          if (!attr.getIsAllowed() && required.contains(attr)) {
            // If not allowed but required
            return false;
          }
        }
      }
    } else {
      // denied by default if no attributes are requested, i.e. no always allow option
      // if there are no attributes requested
      if (allAttributes != null) {
        for (AuthorizedAttribute attr : allAttributes) {
          // Check if not always allowed
          if (attr.isNotYetStored()) {
            // Not always-allow and not an allow-action, hence not allowed
            return false;
          }
          if (!attr.getIsAllowed() && required.contains(attr)) {
            // If not allowed but required
            return false;
          } else {
            allowed = true;
          }
        }
      }
    }

    return allowed;
  }
  @SuppressWarnings("unchecked")
  private void storeRequestedAttributesToSession(IWContext iwc, AuthRequest authReq) {
    if (authReq.hasExtension(AxMessage.OPENID_NS_AX)) {
      MessageExtension ext;
      try {
        ext = authReq.getExtension(AxMessage.OPENID_NS_AX);
        if (ext instanceof FetchRequest) {
          FetchRequest fetchReq = (FetchRequest) ext;
          OpenIDServerBean serverBean = ELUtil.getInstance().getBean("openIDServerBean");
          Map<String, String> allAttributes = (Map<String, String>) fetchReq.getAttributes();
          Map<String, String> required = (Map<String, String>) fetchReq.getAttributes(true);

          List<AuthorizedAttribute> allAttributesList = new ArrayList<AuthorizedAttribute>();
          List<AuthorizedAttribute> requiredAttributesList = new ArrayList<AuthorizedAttribute>();
          List<AuthorizedAttribute> optionalAttributesList = new ArrayList<AuthorizedAttribute>();

          String realm = serverBean.getRealm();

          for (String alias : allAttributes.keySet()) {
            ExchangeAttribute attribute =
                getDAO().getExchangeAttribute(alias, allAttributes.get(alias));
            if (attribute != null) {
              User user = iwc.getCurrentUser();
              AuthorizedAttribute aattr =
                  getDAO().getAuthorizedAttributes(user.getUniqueId(), realm, attribute);
              if (aattr == null) {
                aattr = new AuthorizedAttribute();
                aattr.setExchangeAttribute(attribute);
                aattr.setRealm(realm);
                aattr.setUserUUID(user.getUniqueId());
                aattr.setIsAllowed(true);
              }
              allAttributesList.add(aattr);
              if (required.containsKey(alias) && attribute.getType().equals(required.get(alias))) {
                requiredAttributesList.add(aattr);
              } else {
                optionalAttributesList.add(aattr);
              }
            } else {
              LOGGER.warning(
                  "Requesting unknown exchange attribute: "
                      + alias
                      + " : "
                      + allAttributes.get(alias));
              // throw new UnsupportedOperationException("Requesting unknown exchange attribute.");
            }
          }

          serverBean.setRequestedAttributes(allAttributesList);
          serverBean.setRequiredAttributes(requiredAttributesList);
          serverBean.setOptionalAttributes(optionalAttributesList);
          return;
        } else /*if (ext instanceof StoreRequest)*/ {
          // TODO implement?
          throw new UnsupportedOperationException("TODO");
        }
      } catch (MessageException e) {
        e.printStackTrace();
      }
    }
    if (authReq.hasExtension(SRegMessage.OPENID_NS_SREG11)) {
      try {
        MessageExtension ext = authReq.getExtension(SRegMessage.OPENID_NS_SREG11);

        if (ext instanceof SRegRequest) {
          SRegRequest sregReq = (SRegRequest) ext;
          List<String> all = sregReq.getAttributes();
          List<String> required = sregReq.getAttributes(true);
          List<String> optional = sregReq.getAttributes(false);

          List<AuthorizedAttribute> allAttributesList = new ArrayList<AuthorizedAttribute>();
          List<AuthorizedAttribute> requiredAttributesList = new ArrayList<AuthorizedAttribute>();
          List<AuthorizedAttribute> optionalAttributesList = new ArrayList<AuthorizedAttribute>();

          OpenIDServerBean serverBean = ELUtil.getInstance().getBean("openIDServerBean");
          String realm = serverBean.getRealm();
          User user = iwc.getCurrentUser();

          for (String alias : all) {
            ExchangeAttribute attribute = getDAO().getExchangeAttribute(alias);
            if (attribute != null) {
              AuthorizedAttribute aattr =
                  getDAO().getAuthorizedAttributes(user.getUniqueId(), realm, attribute);
              if (aattr == null) {
                aattr = new AuthorizedAttribute();
                aattr.setExchangeAttribute(attribute);
                aattr.setRealm(realm);
                aattr.setUserUUID(user.getUniqueId());
                aattr.setIsAllowed(true);
              }
              allAttributesList.add(aattr);
              if (required.contains(alias)) {
                requiredAttributesList.add(aattr);
              }
              if (optional.contains(alias)) {
                optionalAttributesList.add(aattr);
              }
            }
          }

          serverBean.setRequestedAttributes(allAttributesList);
          serverBean.setRequiredAttributes(requiredAttributesList);
          serverBean.setOptionalAttributes(optionalAttributesList);
          return;
        }
      } catch (MessageException e) {
        e.printStackTrace();
      }
    }
  }
  protected String[] prepareResponse(
      OpenIDServerBean serverBean, Message response, IWContext iwc, User user, AuthRequest authReq)
      throws MessageException {
    List<String> extensionsToSign = new ArrayList<String>();
    if (authReq.hasExtension(AxMessage.OPENID_NS_AX)) {
      try {
        MessageExtension ext = authReq.getExtension(AxMessage.OPENID_NS_AX);
        if (ext instanceof FetchRequest) {
          FetchRequest fetchReq = (FetchRequest) ext;
          Map<String, String> requestedAttributes = fetchReq.getAttributes();
          Map userDataExt = new HashMap();

          FetchResponse fetchResp = FetchResponse.createFetchResponse(fetchReq, userDataExt);
          List<AuthorizedAttribute> s = serverBean.getRequestedAttributes();
          Set<String> keys = requestedAttributes.keySet();
          Collection<String> types = requestedAttributes.values();
          for (AuthorizedAttribute a : s) {
            ExchangeAttribute attr = a.getExchangeAttribute();
            String alias = attr.getName();
            String type = attr.getType();
            if (keys.contains(alias) || types.contains(type)) {
              String value = getAttributeValue(iwc, user, alias, type);
              if (value == null) {
                value = "";
              }
              fetchResp.addAttribute(alias, type, value);
            } else {
              // FetchRequest not asking for this attribute
              throw new UnsupportedOperationException(
                  "Processed and requested attributes do not match.");
            }
          }

          response.addExtension(fetchResp);
          extensionsToSign.add(AxMessage.OPENID_NS_AX);
        } else /*if (ext instanceof StoreRequest)*/ {
          throw new UnsupportedOperationException("TODO");
        }
      } catch (MessageException me) {
        System.err.println(me.getMessage());
      }
    }
    if (authReq.hasExtension(SRegMessage.OPENID_NS_SREG11)) {
      MessageExtension ext = authReq.getExtension(SRegMessage.OPENID_NS_SREG11);

      if (ext instanceof SRegRequest) {
        SRegRequest sregReq = (SRegRequest) ext;
        List<String> required = sregReq.getAttributes(true);
        List<String> optional = sregReq.getAttributes(false);

        Map userData = new HashMap();
        for (String alias : required) {
          String value = getAttributeValue(iwc, user, alias, null);
          if (alias.length() > 0 && value != null) {
            userData.put(alias, value);
          } else if (alias.length() > 0) {
            throw new UnsupportedOperationException("Required attribute not supported: " + alias);
          }
        }
        for (String alias : optional) {
          String value = getAttributeValue(iwc, user, alias, null);
          if (alias.length() > 0 && value != null) {
            userData.put(alias, value);
          }
        }

        SRegResponse sregResp = SRegResponse.createSRegResponse(sregReq, userData);
        response.addExtension(sregResp);
        extensionsToSign.add(SRegMessage.OPENID_NS_SREG11);
      } else if (ext instanceof SRegResponse) {
        response.addExtension(ext);
      }
    }

    return extensionsToSign.toArray(new String[extensionsToSign.size()]);
  }