public HttpResponse doEndpoint(StaplerRequest request) throws IOException {
final ParameterList requestp = new ParameterList(request.getParameterMap());
final String mode = requestp.getParameterValue("openid.mode");
final String realm = getRealm(requestp);
if ("associate".equals(mode)) {
// --- process an association extend ---
return new MessageResponse(manager.associationResponse(requestp));
} else if ("checkid_setup".equals(mode) || "checkid_immediate".equals(mode)) {
// No need to redirect to a page with an HTML form
// Skip the authentication step
String identity = getUserIdentity();
Message rsp = manager.authResponse(requestp, identity, identity, true, false);
try {
respondToExtensions(requestp, rsp);
} catch (MessageException ex) {
throw new OperationFailure(ex.getMessage());
}
// Need to sign after because SReg extension parameters are signed by openid4java
if (rsp instanceof AuthSuccess) {
try {
manager.sign((AuthSuccess) rsp);
} catch (ServerException e) {
throw new OperationFailure(e.getMessage());
} catch (AssociationException e) {
throw new OperationFailure(e.getMessage());
}
}
return new HttpRedirect(rsp.getDestinationUrl(true));
} else if ("check_authentication".equals(mode)) {
return new MessageResponse(manager.verify(requestp));
} else {
throw new OperationFailure("Unknown extend: " + mode);
}
}
@SuppressWarnings("unchecked")
protected void processRequest(HttpServletRequest req, HttpServletResponse resp, boolean isPost)
throws ServletException, IOException {
ServerManager manager = getServerManager();
IWMainApplication iwma = IWMainApplication.getIWMainApplication(req);
// extract the parameters from the request
ParameterList requestParameters = new ParameterList(req.getParameterMap());
OpenIDServerBean serverBean = ELUtil.getInstance().getBean("openIDServerBean");
ParameterList sessionStoredParameterList = serverBean.getParameterList();
if (sessionStoredParameterList != null) {
if (!requestParameters.hasParameter(OpenIDConstants.PARAMETER_OPENID_MODE)) {
sessionStoredParameterList.addParams(requestParameters);
requestParameters = sessionStoredParameterList;
}
}
String mode =
requestParameters.hasParameter(OpenIDConstants.PARAMETER_OPENID_MODE)
? requestParameters.getParameterValue(OpenIDConstants.PARAMETER_OPENID_MODE)
: null;
String realm =
requestParameters.hasParameter(OpenIDConstants.PARAMETER_REALM)
? requestParameters.getParameterValue(OpenIDConstants.PARAMETER_REALM)
: null;
if (realm != null) {
serverBean.setReturnUrl(realm);
realm = getRealmName(realm);
serverBean.setRealm(realm);
}
Message response;
String responseText = null;
try {
if (OpenIDConstants.PARAMETER_ASSOCIATE.equals(mode)) {
// --- process an association request ---
response = manager.associationResponse(requestParameters);
responseText = response.keyValueFormEncoding();
} else if (OpenIDConstants.PARAMETER_CHECKID_SETUP.equals(mode)
|| OpenIDConstants.PARAMETER_CHECKID_IMMEDIATE.equals(mode)) {
IWContext iwc = new IWContext(req, resp, getServletContext());
boolean goToLogin = doRedirectToLoginPage(manager, requestParameters, iwc, realm);
if (!goToLogin) {
serverBean.setParameterList(null);
serverBean.setServerUrl(null);
serverBean.setDoRedirect(null);
serverBean.setUsername(null);
// interact with the user and obtain data needed to continue
User user = iwc.getCurrentUser();
String userSelectedClaimedId = getUserSelectedClaimedId(iwc, user);
// --- process an authentication request ---
AuthRequest authReq =
AuthRequest.createAuthRequest(requestParameters, manager.getRealmVerifier());
storeRequestedAttributesToSession(iwc, authReq);
Boolean authenticatedAndApproved = isAuthenticatedAndApproved(iwc, user, authReq);
String opLocalId = null;
// if the user chose a different claimed_id than the one in request
if (userSelectedClaimedId != null
&& !userSelectedClaimedId.equals(authReq.getClaimed())) {
opLocalId = userSelectedClaimedId;
}
response =
manager.authResponse(
requestParameters,
opLocalId,
userSelectedClaimedId,
authenticatedAndApproved.booleanValue(),
false); // Sign after we added extensions.
if (response instanceof DirectError) {
directResponse(resp, response.keyValueFormEncoding());
return;
} else if (response instanceof AuthFailure) {
redirectToAuthorisationPage(req, resp, requestParameters, serverBean);
return;
} else {
String[] extensionsToSign = prepareResponse(serverBean, response, iwc, user, authReq);
boolean signExtensions =
iwma.getSettings().getBoolean(OpenIDConstants.PROPERTY_SIGN_EXTENSIONS, false);
AuthSuccess success = (AuthSuccess) response;
if (signExtensions) {
success.setSignExtensions(extensionsToSign);
}
// Sign the auth success message.
// This is required as AuthSuccess.buildSignedList has a `todo' tag now.
manager.sign(success);
// caller will need to decide which of the following to use:
// option1: GET HTTP-redirect to the return_to URL
// cleanUpBeforeReturning(iwc, loginExpireHandle);
// Clean up before returning
serverBean.invalidate();
getDAO().createLogEntry(user.getUniqueId(), realm, "");
resp.sendRedirect(response.getDestinationUrl(true));
return;
// option2: HTML FORM Redirection
// RequestDispatcher dispatcher =
// getServletContext().getRequestDispatcher("formredirection.jsp");
// httpReq.setAttribute("parameterMap", response.getParameterMap());
// httpReq.setAttribute("destinationUrl", response.getDestinationUrl(false));
// dispatcher.forward(request, response);
// return null;
}
} else {
redirectToLoginPage(req, resp, requestParameters, serverBean, manager);
return;
}
} else if (OpenIDConstants.PARAMETER_CHECK_AUTHENTICATION.equals(mode)) {
// --- processing a verification request ---
response = manager.verify(requestParameters);
responseText = response.keyValueFormEncoding();
} else {
// --- error response ---
response = DirectError.createDirectError("Unknown request");
responseText = response.keyValueFormEncoding();
serverBean.invalidate();
}
} catch (MessageException me) {
me.printStackTrace();
responseText = me.getMessage();
serverBean.invalidate();
} catch (AssociationException ae) {
ae.printStackTrace();
responseText = ae.getMessage();
serverBean.invalidate();
} catch (ServerException se) {
se.printStackTrace();
responseText = se.getMessage();
serverBean.invalidate();
}
// return the result to the user
directResponse(resp, responseText);
}
private Representation handle(ParameterList request) {
Logger log = getLogger();
log.info("Handle on OP");
ConcurrentMap<String, Object> attribs = getContext().getAttributes();
ServerManager manager = (ServerManager) attribs.get("openid_manager");
log.info("OP endpoint = " + manager.getOPEndpointUrl());
String mode =
request.hasParameter("openid.mode") ? request.getParameterValue("openid.mode") : null;
Message response;
String responseText;
if ("associate".equals(mode)) {
// --- process an association request ---
response = manager.associationResponse(request);
responseText = response.keyValueFormEncoding();
} else if ("checkid_setup".equals(mode) || "checkid_immediate".equals(mode)) {
// interact with the user and obtain data needed to continue
List<?> userData = userInteraction(request, manager.getOPEndpointUrl());
String userSelectedId = (String) userData.get(0);
String userSelectedClaimedId = (String) userData.get(1);
Boolean authenticatedAndApproved = (Boolean) userData.get(2);
// --- process an authentication request ---
response =
manager.authResponse(
request,
userSelectedId,
userSelectedClaimedId,
authenticatedAndApproved.booleanValue());
if (response instanceof DirectError) {
Form f = new Form();
@SuppressWarnings("unchecked")
Map<String, String> m = (Map<String, String>) response.getParameterMap();
for (String key : m.keySet()) {
f.add(key, m.get(key));
}
return f.getWebRepresentation();
} else {
// caller will need to decide which of the following to use:
// option1: GET HTTP-redirect to the return_to URL
// return new
// StringRepresentation(response.getDestinationUrl(true));
redirectSeeOther(response.getDestinationUrl(true));
return new EmptyRepresentation();
// option2: HTML FORM Redirection
// RequestDispatcher dispatcher =
// getServletContext().getRequestDispatcher("formredirection.jsp");
// httpReq.setAttribute("prameterMap",
// response.getParameterMap());
// httpReq.setAttribute("destinationUrl",
// response.getDestinationUrl(false));
// dispatcher.forward(request, response);
// return null;
}
} else if ("check_authentication".equals(mode)) {
// --- processing a verification request ---
response = manager.verify(request);
log.info("OpenID : " + response.keyValueFormEncoding());
responseText = response.keyValueFormEncoding();
} else if (Method.GET.equals(getMethod())) {
// Could be a discovery request
sendXRDSLocation();
return new StringRepresentation("XRDS Discovery Information");
} else {
// --- error response ---
response = DirectError.createDirectError("Unknown request");
responseText = response.keyValueFormEncoding();
}
// return the result to the user
return new StringRepresentation(responseText);
}