Esempio n. 1
0
  /**
   * Gets the StringBuilder filled with the openid parameters that is used to redirect the user to
   * his openid provider.
   */
  public static StringBuilder getAuthUrlBuffer(
      OpenIdUser user, String trustRoot, String realm, String returnTo) {
    if (!user.isAssociated())
      throw new IllegalArgumentException("claimed_id of user has not been verified.");

    String identity = user.getOpenIdDelegate();
    if (identity == null) identity = user.getClaimedId();

    StringBuilder buffer = new StringBuilder().append(user.getOpenIdServer());
    char separator = user.getOpenIdServer().indexOf('?') == -1 ? '?' : '&';
    buffer.append(separator).append(Constants.OPENID_NS).append('=').append(Constants.DEFAULT_NS);

    buffer
        .append('&')
        .append(Constants.OPENID_MODE)
        .append('=')
        .append(Constants.Mode.CHECKID_SETUP);

    buffer
        .append('&')
        .append(Constants.OPENID_TRUST_ROOT)
        .append('=')
        .append(UrlEncodedParameterMap.encode(trustRoot));
    buffer
        .append('&')
        .append(Constants.OPENID_REALM)
        .append('=')
        .append(UrlEncodedParameterMap.encode(realm));
    buffer
        .append('&')
        .append(Constants.OPENID_RETURN_TO)
        .append('=')
        .append(UrlEncodedParameterMap.encode(returnTo));
    buffer
        .append('&')
        .append(Constants.OPENID_ASSOC_HANDLE)
        .append('=')
        .append(UrlEncodedParameterMap.encode(user.getAssocHandle()));

    buffer
        .append('&')
        .append(Constants.OPENID_IDENTITY)
        .append('=')
        .append(UrlEncodedParameterMap.encode(identity));
    buffer
        .append('&')
        .append(Constants.OPENID_CLAIMED_ID)
        .append('=')
        .append(UrlEncodedParameterMap.encode(identity));

    return buffer;
  }
Esempio n. 2
0
  /**
   * Return the current user, either an already authenticated one, or the one just discovered from
   * the <i>openid.identifier.parameter</i> (= "openid_identifier" by default).<br>
   * Returns <code>null</code> if the {@link Constants#OPENID_MODE} associated with the request is
   * set to {@link Constants.Mode#CANCEL} (in order to login under a different id), or if the
   * authentification is timed out.<br>
   * If returned user is <code>null</code> and {@link #isAuthResponse(HttpServletRequest)} is <code>
   * true</code> then we have an authentication timeout.
   *
   * @param request HttpServletRequest
   * @return user OpenIdUser
   */
  public OpenIdUser discover(HttpServletRequest request) throws Exception {
    OpenIdUser user = (OpenIdUser) request.getAttribute(OpenIdUser.ATTR_NAME);
    if (user == null) {
      System.err.println("vvvvvv RelyingParty: user NOT in request");
      user = _manager.getUser(request);
      String id = null;
      if (user != null) {
        System.err.println("vvvvvv RelyingParty: user in session");
        if (user.isAuthenticated()) {
          System.err.println("vvvvvv RelyingParty: user authenticated");
          _listener.onAccess(user, request);
          request.setAttribute(OpenIdUser.ATTR_NAME, user);
          return user;
        }
        System.err.println("vvvvvv RelyingParty: user NOT authenticated");
        if ((id = request.getParameter(_identifierParameter)) == null) {
          if (user.isAssociated()) {
            String mode = request.getParameter(Constants.OPENID_MODE);
            if (mode == null) return _automaticRedirect ? user : null;

            return Constants.Mode.CANCEL.equals(mode) ? null : user;
          }

          return user;
        } else if ((id = id.trim()).length() != 0) {
          Identifier identifier = Identifier.getIdentifier(id, _resolver, _context);
          if (identifier.isResolved()) {
            if (!identifier.getId().equals(user.getIdentifier())) {
              // new user or ... the user cancels authentication
              // and provides a different openid identifier
              return discover(identifier, request);
            }
          }
        }
      } else if ((id = request.getParameter(_identifierParameter)) != null
          && (id = id.trim()).length() != 0) {
        System.err.println(
            "vvvvvv RelyingParty: user NOT in session and parameter("
                + _identifierParameter
                + ") is NOT empty");
        Identifier identifier = Identifier.getIdentifier(id, _resolver, _context);
        if (identifier.isResolved()) return discover(identifier, request);
      } else {
        System.err.println(
            "vvvvvv RelyingParty: user NOT in session and parameter("
                + _identifierParameter
                + ") is empty");
      }
    }
    return user;
  }
Esempio n. 3
0
 @SuppressWarnings("unchecked")
 public void doPost(HttpServletRequest request, HttpServletResponse response)
     throws IOException, ServletException {
   try {
     OpenIdUser openIdUser = _relyingParty.discover(request);
     if (openIdUser != null) {
       if (openIdUser.isAuthenticated()
           || (openIdUser.isAssociated()
               && RelyingParty.isAuthResponse(request)
               && _relyingParty.verifyAuth(openIdUser, request, response))) {
         /* Session stuff for openid provider selection */
         HttpSession session = request.getSession();
         response.setContentType("text/plain");
         response.getWriter().write(openIdUser.getIdentity());
         return;
       }
     }
   } catch (Exception e) {
     e.printStackTrace();
   }
   response.setStatus(401);
 }
Esempio n. 4
0
  /**
   * Gets the UrlEncodedParameterMap filled with the openid parameters that is used to redirect the
   * user to his openid provider.
   */
  public static UrlEncodedParameterMap getAuthUrlMap(
      OpenIdUser user, String trustRoot, String realm, String returnTo) {
    if (!user.isAssociated())
      throw new IllegalArgumentException("claimed_id of user has not been verified.");

    UrlEncodedParameterMap map = new UrlEncodedParameterMap(user.getOpenIdServer());

    String identity = user.getOpenIdDelegate();
    if (identity == null) identity = user.getClaimedId();

    map.put(Constants.OPENID_NS, Constants.DEFAULT_NS);
    map.put(Constants.OPENID_MODE, Constants.Mode.CHECKID_SETUP);

    map.put(Constants.OPENID_TRUST_ROOT, trustRoot);
    map.put(Constants.OPENID_REALM, realm);
    map.put(Constants.OPENID_RETURN_TO, returnTo);
    map.put(Constants.OPENID_ASSOC_HANDLE, user.getAssocHandle());

    map.put(Constants.OPENID_IDENTITY, identity);
    map.put(Constants.OPENID_CLAIMED_ID, identity);

    return map;
  }
  /** Returns true if the user associated with this request is authenticated. */
  public static boolean handle(
      HttpServletRequest request,
      HttpServletResponse response,
      RelyingParty relyingParty,
      ForwardUriHandler forwardUriHandler,
      String forwardUri)
      throws IOException, ServletException {
    System.err.println("^^^^^^ JSessionID: " + request.getSession().getId());
    String errorMsg = DEFAULT_ERROR_MSG;
    try {
      OpenIdUser user = relyingParty.discover(request);
      if (user == null) {
        System.err.println("^^^^^^ OpenIdServletFilter: user.isDiscovered() == false");
        if (RelyingParty.isAuthResponse(request)) {
          // authentication timeout
          System.err.println(
              "^^^^^^ OpenIdServletFilter => redirect for timeout to: " + request.getRequestURI());
          response.sendRedirect(request.getRequestURI());
        } else {
          // set error msg if the openid_identifier is not resolved.
          if (request.getParameter(relyingParty.getIdentifierParameter()) != null)
            request.setAttribute(ERROR_MSG_ATTR, errorMsg);

          // new user
          System.err.println(
              "^^^^^^ OpenIdServletFilter => forward because of new user: "******"^^^^^^ OpenIdServletFilter: user.isAuthenticated() == true");
        return true;
      }

      if (user.isAssociated() && RelyingParty.isAuthResponse(request)) {
        // verify authentication
        if (relyingParty.verifyAuth(user, request, response)) {
          // authenticated
          // redirect to home to remove the query params
          System.err.println(
              "^^^^^^ OpenIdServletFilter => redirect to remove query params to: "
                  + request.getRequestURI());
          response.sendRedirect(request.getRequestURI());
        } else {
          // failed verification
          System.err.println(
              "^^^^^^ OpenIdServletFilter => redirect because failed verification to: "
                  + forwardUri);
          forwardUriHandler.handle(forwardUri, request, response);
        }
        return false;
      }

      // associate and authenticate user
      StringBuffer url = request.getRequestURL();
      String trustRoot = url.substring(0, url.indexOf(SLASH, 9));
      String realm = url.substring(0, url.lastIndexOf(SLASH));
      String returnTo = url.toString();
      if (relyingParty.associateAndAuthenticate(
          user, request, response, trustRoot, realm, returnTo)) {
        // user is associated and then redirected to his openid provider for authentication
        return false;
      }
    } catch (UnknownHostException uhe) {
      errorMsg = ID_NOT_FOUND_MSG;
    } catch (FileNotFoundException fnfe) {
      errorMsg = ID_NOT_FOUND_MSG;
    } catch (Exception e) {
      e.printStackTrace();
      errorMsg = DEFAULT_ERROR_MSG;
    }
    request.setAttribute(ERROR_MSG_ATTR, errorMsg);
    System.err.println(
        "^^^^^^ OpenIdServletFilter => forward with reason '" + errorMsg + "' to: " + forwardUri);
    forwardUriHandler.handle(forwardUri, request, response);
    return false;
  }