public void doStart( StaplerRequest request, StaplerResponse response, @QueryParameter String openid) throws IOException, ServletException { try { // determine a return_to URL where your application will receive // the authentication responses from the OpenID provider // YOU SHOULD CHANGE THIS TO GO TO THE String url = request.getRequestURL().toString(); String returnToUrl = url.substring(0, url.length() - 5 /*start*/) + "return"; // perform discovery on the user-supplied identifier List discoveries = manager.discover(openid); // attempt to associate with an OpenID provider // and retrieve one service endpoint for authentication discovered = manager.associate(discoveries); // store the discovery information in the user's session // obtain a AuthRequest message to be sent to the OpenID provider AuthRequest authReq = manager.authenticate(discovered, returnToUrl); // Attribute Exchange example: fetching the 'email' attribute FetchRequest fetch = FetchRequest.createFetchRequest(); fetch.addAttribute( "email", // attribute alias "http://schema.openid.net/contact/email", // type URI true); // required // see http://code.google.com/apis/accounts/docs/OpenID.html fetch.addAttribute("ff", "http://axschema.org/namePerson/first", true); fetch.addAttribute("ll", "http://axschema.org/namePerson/last", true); // attach the extension to the authentication request authReq.addExtension(fetch); SRegRequest sregReq = SRegRequest.createFetchRequest(); sregReq.addAttribute("fullname", true); sregReq.addAttribute("nickname", true); sregReq.addAttribute("email", true); authReq.addExtension(sregReq); if (!discovered.isVersion2()) { // Option 1: GET HTTP-redirect to the OpenID Provider endpoint // The only method supported in OpenID 1.x // redirect-URL usually limited ~2048 bytes response.sendRedirect(authReq.getDestinationUrl(true)); } else { // Option 2: HTML FORM Redirection // Allows payloads > 2048 bytes // <FORM action="OpenID Provider's service endpoint"> // see samples/formredirection.jsp for a JSP example // authReq.getOPEndpoint(); // build a HTML FORM with the message parameters // authReq.getParameterMap(); RequestDispatcher d = request.getView(this, "formRedirect.jelly"); request.setAttribute("endpoint", authReq.getOPEndpoint()); request.setAttribute("parameters", authReq.getParameterMap()); d.forward(request, response); } } catch (OpenIDException e) { // present error to the user throw new Error(e); } }
// authentication request public String authRequest( String userSuppliedString, HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException, ServletException { if (OpenIDRealm.instance == null) { ServletOutputStream out = httpResp.getOutputStream(); httpResp.setContentType("text/html; charset=\"UTF-8\""); httpResp.addHeader("pragma", "no-cache"); httpResp.addHeader("Cache-Control", "no-cache"); httpResp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); out.print("<html><head>"); out.print("<title>OpenIDServlet Error</title>"); out.print("<link rel=\"stylesheet\" type=\"text/css\" href=\"error.css\"></link></head>"); out.print("<body><div id=\"container\"><h1>Error found</h1>"); out.print("<h2>Message:"); out.print("OpenID realm wasn't initialized."); out.print("</h2>"); // out.print(HTTPUtils.printStackTraceHTML(t)); out.print("</div></body></html>"); return null; } try { String returnAfterAuthentication = httpReq.getParameter("return_to"); // configure the return_to URL where your application will receive // the authentication responses from the OpenID provider String returnToUrl = httpReq.getRequestURL().toString() + "?is_return=true&exist_return=" + returnAfterAuthentication; // perform discovery on the user-supplied identifier List<?> discoveries = manager.discover(userSuppliedString); // attempt to associate with the OpenID provider // and retrieve one service endpoint for authentication DiscoveryInformation discovered = manager.associate(discoveries); // store the discovery information in the user's session httpReq.getSession().setAttribute("openid-disc", discovered); // obtain a AuthRequest message to be sent to the OpenID provider AuthRequest authReq = manager.authenticate(discovered, returnToUrl); if (authReq.getOPEndpoint().indexOf("myopenid.com") > 0) { SRegRequest sregReq = SRegRequest.createFetchRequest(); sregReq.addAttribute(AXSchemaType.FULLNAME.name().toLowerCase(), true); sregReq.addAttribute(AXSchemaType.EMAIL.name().toLowerCase(), true); sregReq.addAttribute(AXSchemaType.COUNTRY.name().toLowerCase(), true); sregReq.addAttribute(AXSchemaType.LANGUAGE.name().toLowerCase(), true); authReq.addExtension(sregReq); } else { FetchRequest fetch = FetchRequest.createFetchRequest(); fetch.addAttribute( AXSchemaType.FIRSTNAME.getAlias(), AXSchemaType.FIRSTNAME.getNamespace(), true); fetch.addAttribute( AXSchemaType.LASTNAME.getAlias(), AXSchemaType.LASTNAME.getNamespace(), true); fetch.addAttribute(AXSchemaType.EMAIL.getAlias(), AXSchemaType.EMAIL.getNamespace(), true); fetch.addAttribute( AXSchemaType.COUNTRY.getAlias(), AXSchemaType.COUNTRY.getNamespace(), true); fetch.addAttribute( AXSchemaType.LANGUAGE.getAlias(), AXSchemaType.LANGUAGE.getNamespace(), true); // wants up to three email addresses fetch.setCount(AXSchemaType.EMAIL.getAlias(), 3); authReq.addExtension(fetch); } if (!discovered.isVersion2()) { // Option 1: GET HTTP-redirect to the OpenID Provider endpoint // The only method supported in OpenID 1.x // redirect-URL usually limited ~2048 bytes httpResp.sendRedirect(authReq.getDestinationUrl(true)); return null; } else { // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) Object OPEndpoint = authReq.getDestinationUrl(false); ServletOutputStream out = httpResp.getOutputStream(); httpResp.setContentType("text/html; charset=UTF-8"); httpResp.addHeader("pragma", "no-cache"); httpResp.addHeader("Cache-Control", "no-cache"); out.println("<html xmlns=\"http://www.w3.org/1999/xhtml\">"); out.println("<head>"); out.println(" <title>OpenID HTML FORM Redirection</title>"); out.println("</head>"); out.println("<body onload=\"document.forms['openid-form-redirection'].submit();\">"); out.println( " <form name=\"openid-form-redirection\" action=\"" + OPEndpoint + "\" method=\"post\" accept-charset=\"utf-8\">"); Map<String, String> parameterMap = authReq.getParameterMap(); for (Entry<String, String> entry : parameterMap.entrySet()) { out.println( " <input type=\"hidden\" name=\"" + entry.getKey() + "\" value=\"" + entry.getValue() + "\"/>"); } out.println(" <button type=\"submit\">Continue...</button>"); out.println(" </form>"); out.println("</body>"); out.println("</html>"); out.flush(); } } catch (OpenIDException e) { // present error to the user LOG.debug("OpenIDException", e); ServletOutputStream out = httpResp.getOutputStream(); httpResp.setContentType("text/html; charset=\"UTF-8\""); httpResp.addHeader("pragma", "no-cache"); httpResp.addHeader("Cache-Control", "no-cache"); httpResp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); out.print("<html><head>"); out.print("<title>OpenIDServlet Error</title>"); out.print("<link rel=\"stylesheet\" type=\"text/css\" href=\"error.css\"></link></head>"); out.print("<body><div id=\"container\"><h1>Error found</h1>"); out.print("<h2>Message:"); out.print(e.getMessage()); out.print("</h2>"); Throwable t = e.getCause(); if (t != null) { // t can be null out.print(HTTPUtils.printStackTraceHTML(t)); } out.print("</div></body></html>"); } return null; }