public void doStart(
StaplerRequest request, StaplerResponse response, @QueryParameter String openid)
throws IOException, ServletException {
try {
// determine a return_to URL where your application will receive
// the authentication responses from the OpenID provider
// YOU SHOULD CHANGE THIS TO GO TO THE
String url = request.getRequestURL().toString();
String returnToUrl = url.substring(0, url.length() - 5 /*start*/) + "return";
// perform discovery on the user-supplied identifier
List discoveries = manager.discover(openid);
// attempt to associate with an OpenID provider
// and retrieve one service endpoint for authentication
discovered = manager.associate(discoveries);
// store the discovery information in the user's session
// obtain a AuthRequest message to be sent to the OpenID provider
AuthRequest authReq = manager.authenticate(discovered, returnToUrl);
// Attribute Exchange example: fetching the 'email' attribute
FetchRequest fetch = FetchRequest.createFetchRequest();
fetch.addAttribute(
"email",
// attribute alias
"http://schema.openid.net/contact/email", // type URI
true); // required
// see http://code.google.com/apis/accounts/docs/OpenID.html
fetch.addAttribute("ff", "http://axschema.org/namePerson/first", true);
fetch.addAttribute("ll", "http://axschema.org/namePerson/last", true);
// attach the extension to the authentication request
authReq.addExtension(fetch);
SRegRequest sregReq = SRegRequest.createFetchRequest();
sregReq.addAttribute("fullname", true);
sregReq.addAttribute("nickname", true);
sregReq.addAttribute("email", true);
authReq.addExtension(sregReq);
if (!discovered.isVersion2()) {
// Option 1: GET HTTP-redirect to the OpenID Provider endpoint
// The only method supported in OpenID 1.x
// redirect-URL usually limited ~2048 bytes
response.sendRedirect(authReq.getDestinationUrl(true));
} else {
// Option 2: HTML FORM Redirection
// Allows payloads > 2048 bytes
// <FORM action="OpenID Provider's service endpoint">
// see samples/formredirection.jsp for a JSP example
// authReq.getOPEndpoint();
// build a HTML FORM with the message parameters
// authReq.getParameterMap();
RequestDispatcher d = request.getView(this, "formRedirect.jelly");
request.setAttribute("endpoint", authReq.getOPEndpoint());
request.setAttribute("parameters", authReq.getParameterMap());
d.forward(request, response);
}
} catch (OpenIDException e) {
// present error to the user
throw new Error(e);
}
}
// authentication request
public String authRequest(
String userSuppliedString, HttpServletRequest httpReq, HttpServletResponse httpResp)
throws IOException, ServletException {
if (OpenIDRealm.instance == null) {
ServletOutputStream out = httpResp.getOutputStream();
httpResp.setContentType("text/html; charset=\"UTF-8\"");
httpResp.addHeader("pragma", "no-cache");
httpResp.addHeader("Cache-Control", "no-cache");
httpResp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
out.print("<html><head>");
out.print("<title>OpenIDServlet Error</title>");
out.print("<link rel=\"stylesheet\" type=\"text/css\" href=\"error.css\"></link></head>");
out.print("<body><div id=\"container\"><h1>Error found</h1>");
out.print("<h2>Message:");
out.print("OpenID realm wasn't initialized.");
out.print("</h2>");
// out.print(HTTPUtils.printStackTraceHTML(t));
out.print("</div></body></html>");
return null;
}
try {
String returnAfterAuthentication = httpReq.getParameter("return_to");
// configure the return_to URL where your application will receive
// the authentication responses from the OpenID provider
String returnToUrl =
httpReq.getRequestURL().toString()
+ "?is_return=true&exist_return="
+ returnAfterAuthentication;
// perform discovery on the user-supplied identifier
List<?> discoveries = manager.discover(userSuppliedString);
// attempt to associate with the OpenID provider
// and retrieve one service endpoint for authentication
DiscoveryInformation discovered = manager.associate(discoveries);
// store the discovery information in the user's session
httpReq.getSession().setAttribute("openid-disc", discovered);
// obtain a AuthRequest message to be sent to the OpenID provider
AuthRequest authReq = manager.authenticate(discovered, returnToUrl);
if (authReq.getOPEndpoint().indexOf("myopenid.com") > 0) {
SRegRequest sregReq = SRegRequest.createFetchRequest();
sregReq.addAttribute(AXSchemaType.FULLNAME.name().toLowerCase(), true);
sregReq.addAttribute(AXSchemaType.EMAIL.name().toLowerCase(), true);
sregReq.addAttribute(AXSchemaType.COUNTRY.name().toLowerCase(), true);
sregReq.addAttribute(AXSchemaType.LANGUAGE.name().toLowerCase(), true);
authReq.addExtension(sregReq);
} else {
FetchRequest fetch = FetchRequest.createFetchRequest();
fetch.addAttribute(
AXSchemaType.FIRSTNAME.getAlias(), AXSchemaType.FIRSTNAME.getNamespace(), true);
fetch.addAttribute(
AXSchemaType.LASTNAME.getAlias(), AXSchemaType.LASTNAME.getNamespace(), true);
fetch.addAttribute(AXSchemaType.EMAIL.getAlias(), AXSchemaType.EMAIL.getNamespace(), true);
fetch.addAttribute(
AXSchemaType.COUNTRY.getAlias(), AXSchemaType.COUNTRY.getNamespace(), true);
fetch.addAttribute(
AXSchemaType.LANGUAGE.getAlias(), AXSchemaType.LANGUAGE.getNamespace(), true);
// wants up to three email addresses
fetch.setCount(AXSchemaType.EMAIL.getAlias(), 3);
authReq.addExtension(fetch);
}
if (!discovered.isVersion2()) {
// Option 1: GET HTTP-redirect to the OpenID Provider endpoint
// The only method supported in OpenID 1.x
// redirect-URL usually limited ~2048 bytes
httpResp.sendRedirect(authReq.getDestinationUrl(true));
return null;
} else {
// Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)
Object OPEndpoint = authReq.getDestinationUrl(false);
ServletOutputStream out = httpResp.getOutputStream();
httpResp.setContentType("text/html; charset=UTF-8");
httpResp.addHeader("pragma", "no-cache");
httpResp.addHeader("Cache-Control", "no-cache");
out.println("<html xmlns=\"http://www.w3.org/1999/xhtml\">");
out.println("<head>");
out.println(" <title>OpenID HTML FORM Redirection</title>");
out.println("</head>");
out.println("<body onload=\"document.forms['openid-form-redirection'].submit();\">");
out.println(
" <form name=\"openid-form-redirection\" action=\""
+ OPEndpoint
+ "\" method=\"post\" accept-charset=\"utf-8\">");
Map<String, String> parameterMap = authReq.getParameterMap();
for (Entry<String, String> entry : parameterMap.entrySet()) {
out.println(
" <input type=\"hidden\" name=\""
+ entry.getKey()
+ "\" value=\""
+ entry.getValue()
+ "\"/>");
}
out.println(" <button type=\"submit\">Continue...</button>");
out.println(" </form>");
out.println("</body>");
out.println("</html>");
out.flush();
}
} catch (OpenIDException e) {
// present error to the user
LOG.debug("OpenIDException", e);
ServletOutputStream out = httpResp.getOutputStream();
httpResp.setContentType("text/html; charset=\"UTF-8\"");
httpResp.addHeader("pragma", "no-cache");
httpResp.addHeader("Cache-Control", "no-cache");
httpResp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
out.print("<html><head>");
out.print("<title>OpenIDServlet Error</title>");
out.print("<link rel=\"stylesheet\" type=\"text/css\" href=\"error.css\"></link></head>");
out.print("<body><div id=\"container\"><h1>Error found</h1>");
out.print("<h2>Message:");
out.print(e.getMessage());
out.print("</h2>");
Throwable t = e.getCause();
if (t != null) {
// t can be null
out.print(HTTPUtils.printStackTraceHTML(t));
}
out.print("</div></body></html>");
}
return null;
}