private boolean isAuthenticatedAndApproved(IWContext iwc, User user, AuthRequest authReq) {
OpenIDServerBean serverBean = ELUtil.getInstance().getBean("openIDServerBean");
List<AuthorizedAttribute> required = serverBean.getRequiredAttributes();
List<AuthorizedAttribute> allAttributes = serverBean.getRequestedAttributes();
// allowedRealm value set in presentation layer
boolean allowAction = isAllowAction(iwc);
// Deny by default if no attributes are exchanged
boolean allowed = allAttributes != null && !allAttributes.isEmpty();
// Check each allowed attribute
// If it has been stored, it is always allow, otherwise it is not
if (allowAction) {
allowed = true; // allow by default if allow action
if (allAttributes != null) {
for (AuthorizedAttribute attr : allAttributes) {
if (!attr.getIsAllowed() && required.contains(attr)) {
// If not allowed but required
return false;
}
}
}
} else {
// denied by default if no attributes are requested, i.e. no always allow option
// if there are no attributes requested
if (allAttributes != null) {
for (AuthorizedAttribute attr : allAttributes) {
// Check if not always allowed
if (attr.isNotYetStored()) {
// Not always-allow and not an allow-action, hence not allowed
return false;
}
if (!attr.getIsAllowed() && required.contains(attr)) {
// If not allowed but required
return false;
} else {
allowed = true;
}
}
}
}
return allowed;
}
@SuppressWarnings("unchecked")
private void storeRequestedAttributesToSession(IWContext iwc, AuthRequest authReq) {
if (authReq.hasExtension(AxMessage.OPENID_NS_AX)) {
MessageExtension ext;
try {
ext = authReq.getExtension(AxMessage.OPENID_NS_AX);
if (ext instanceof FetchRequest) {
FetchRequest fetchReq = (FetchRequest) ext;
OpenIDServerBean serverBean = ELUtil.getInstance().getBean("openIDServerBean");
Map<String, String> allAttributes = (Map<String, String>) fetchReq.getAttributes();
Map<String, String> required = (Map<String, String>) fetchReq.getAttributes(true);
List<AuthorizedAttribute> allAttributesList = new ArrayList<AuthorizedAttribute>();
List<AuthorizedAttribute> requiredAttributesList = new ArrayList<AuthorizedAttribute>();
List<AuthorizedAttribute> optionalAttributesList = new ArrayList<AuthorizedAttribute>();
String realm = serverBean.getRealm();
for (String alias : allAttributes.keySet()) {
ExchangeAttribute attribute =
getDAO().getExchangeAttribute(alias, allAttributes.get(alias));
if (attribute != null) {
User user = iwc.getCurrentUser();
AuthorizedAttribute aattr =
getDAO().getAuthorizedAttributes(user.getUniqueId(), realm, attribute);
if (aattr == null) {
aattr = new AuthorizedAttribute();
aattr.setExchangeAttribute(attribute);
aattr.setRealm(realm);
aattr.setUserUUID(user.getUniqueId());
aattr.setIsAllowed(true);
}
allAttributesList.add(aattr);
if (required.containsKey(alias) && attribute.getType().equals(required.get(alias))) {
requiredAttributesList.add(aattr);
} else {
optionalAttributesList.add(aattr);
}
} else {
LOGGER.warning(
"Requesting unknown exchange attribute: "
+ alias
+ " : "
+ allAttributes.get(alias));
// throw new UnsupportedOperationException("Requesting unknown exchange attribute.");
}
}
serverBean.setRequestedAttributes(allAttributesList);
serverBean.setRequiredAttributes(requiredAttributesList);
serverBean.setOptionalAttributes(optionalAttributesList);
return;
} else /*if (ext instanceof StoreRequest)*/ {
// TODO implement?
throw new UnsupportedOperationException("TODO");
}
} catch (MessageException e) {
e.printStackTrace();
}
}
if (authReq.hasExtension(SRegMessage.OPENID_NS_SREG11)) {
try {
MessageExtension ext = authReq.getExtension(SRegMessage.OPENID_NS_SREG11);
if (ext instanceof SRegRequest) {
SRegRequest sregReq = (SRegRequest) ext;
List<String> all = sregReq.getAttributes();
List<String> required = sregReq.getAttributes(true);
List<String> optional = sregReq.getAttributes(false);
List<AuthorizedAttribute> allAttributesList = new ArrayList<AuthorizedAttribute>();
List<AuthorizedAttribute> requiredAttributesList = new ArrayList<AuthorizedAttribute>();
List<AuthorizedAttribute> optionalAttributesList = new ArrayList<AuthorizedAttribute>();
OpenIDServerBean serverBean = ELUtil.getInstance().getBean("openIDServerBean");
String realm = serverBean.getRealm();
User user = iwc.getCurrentUser();
for (String alias : all) {
ExchangeAttribute attribute = getDAO().getExchangeAttribute(alias);
if (attribute != null) {
AuthorizedAttribute aattr =
getDAO().getAuthorizedAttributes(user.getUniqueId(), realm, attribute);
if (aattr == null) {
aattr = new AuthorizedAttribute();
aattr.setExchangeAttribute(attribute);
aattr.setRealm(realm);
aattr.setUserUUID(user.getUniqueId());
aattr.setIsAllowed(true);
}
allAttributesList.add(aattr);
if (required.contains(alias)) {
requiredAttributesList.add(aattr);
}
if (optional.contains(alias)) {
optionalAttributesList.add(aattr);
}
}
}
serverBean.setRequestedAttributes(allAttributesList);
serverBean.setRequiredAttributes(requiredAttributesList);
serverBean.setOptionalAttributes(optionalAttributesList);
return;
}
} catch (MessageException e) {
e.printStackTrace();
}
}
}
protected String[] prepareResponse(
OpenIDServerBean serverBean, Message response, IWContext iwc, User user, AuthRequest authReq)
throws MessageException {
List<String> extensionsToSign = new ArrayList<String>();
if (authReq.hasExtension(AxMessage.OPENID_NS_AX)) {
try {
MessageExtension ext = authReq.getExtension(AxMessage.OPENID_NS_AX);
if (ext instanceof FetchRequest) {
FetchRequest fetchReq = (FetchRequest) ext;
Map<String, String> requestedAttributes = fetchReq.getAttributes();
Map userDataExt = new HashMap();
FetchResponse fetchResp = FetchResponse.createFetchResponse(fetchReq, userDataExt);
List<AuthorizedAttribute> s = serverBean.getRequestedAttributes();
Set<String> keys = requestedAttributes.keySet();
Collection<String> types = requestedAttributes.values();
for (AuthorizedAttribute a : s) {
ExchangeAttribute attr = a.getExchangeAttribute();
String alias = attr.getName();
String type = attr.getType();
if (keys.contains(alias) || types.contains(type)) {
String value = getAttributeValue(iwc, user, alias, type);
if (value == null) {
value = "";
}
fetchResp.addAttribute(alias, type, value);
} else {
// FetchRequest not asking for this attribute
throw new UnsupportedOperationException(
"Processed and requested attributes do not match.");
}
}
response.addExtension(fetchResp);
extensionsToSign.add(AxMessage.OPENID_NS_AX);
} else /*if (ext instanceof StoreRequest)*/ {
throw new UnsupportedOperationException("TODO");
}
} catch (MessageException me) {
System.err.println(me.getMessage());
}
}
if (authReq.hasExtension(SRegMessage.OPENID_NS_SREG11)) {
MessageExtension ext = authReq.getExtension(SRegMessage.OPENID_NS_SREG11);
if (ext instanceof SRegRequest) {
SRegRequest sregReq = (SRegRequest) ext;
List<String> required = sregReq.getAttributes(true);
List<String> optional = sregReq.getAttributes(false);
Map userData = new HashMap();
for (String alias : required) {
String value = getAttributeValue(iwc, user, alias, null);
if (alias.length() > 0 && value != null) {
userData.put(alias, value);
} else if (alias.length() > 0) {
throw new UnsupportedOperationException("Required attribute not supported: " + alias);
}
}
for (String alias : optional) {
String value = getAttributeValue(iwc, user, alias, null);
if (alias.length() > 0 && value != null) {
userData.put(alias, value);
}
}
SRegResponse sregResp = SRegResponse.createSRegResponse(sregReq, userData);
response.addExtension(sregResp);
extensionsToSign.add(SRegMessage.OPENID_NS_SREG11);
} else if (ext instanceof SRegResponse) {
response.addExtension(ext);
}
}
return extensionsToSign.toArray(new String[extensionsToSign.size()]);
}