public void doReturn(StaplerRequest request, StaplerResponse rsp) throws IOException { try { // --- processing the authentication response // extract the parameters from the authentication response // (which comes in as a HTTP request from the OpenID provider) ParameterList responselist = new ParameterList(request.getParameterMap()); // extract the receiving URL from the HTTP request StringBuffer receivingURL = request.getRequestURL(); String queryString = request.getQueryString(); if (queryString != null && queryString.length() > 0) receivingURL.append("?").append(request.getQueryString()); // verify the response VerificationResult verification = manager.verify(receivingURL.toString(), responselist, discovered); // examine the verification result and extract the verified identifier Identifier verified = verification.getVerifiedId(); if (verified != null) { AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); openid = authSuccess.getIdentity(); claimedOpenid = authSuccess.getClaimed(); rsp.sendRedirect("."); } else { throw HttpResponses.error(500, "Failed to login"); } } catch (OpenIDException e) { throw new Error(e); } }
/** * Verify a previously authenticated user with the provider * * @param adapter protocol adapter * @param parameterMap request parameters * @param receivedURL url where the response will be received * @return * @throws OpenIDMessageException * @throws OpenIDDiscoveryException * @throws OpenIDAssociationException * @throws OpenIDLifeCycleException */ public boolean verify( OpenIDProtocolAdapter adapter, Map<String, String> parameterMap, String receivedURL) throws OpenIDMessageException, OpenIDDiscoveryException, OpenIDAssociationException, OpenIDLifeCycleException { OpenIDLifecycle lifeCycle = null; if (adapter instanceof OpenIDLifecycle) { lifeCycle = (OpenIDLifecycle) adapter; } ParameterList responselist = new ParameterList(parameterMap); if (lifeCycle == null) throw new IllegalStateException("Lifecycle not found"); DiscoveryInformation discovered = (DiscoveryInformation) lifeCycle.getAttributeValue(CONST.OPENID_DISC.get()); // verify the response; ConsumerManager needs to be the same // (static) instance used to place the authentication request try { VerificationResult verification = this.consumerManager.verify(receivedURL, responselist, discovered); // examine the verification result and extract the verified identifier Identifier verified = verification.getVerifiedId(); if (verified != null) { AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); // Create an lifecycle event array OpenIDLifecycleEvent[] eventArr = new OpenIDLifecycleEvent[] { /** Store the id * */ new OpenIDLifecycleEvent( OpenIDLifecycleEvent.TYPE.SESSION, OpenIDLifecycleEvent.OP.ADD, CONST.OPENID.get(), authSuccess.getIdentity()), /** Store the claimed * */ new OpenIDLifecycleEvent( OpenIDLifecycleEvent.TYPE.SESSION, OpenIDLifecycleEvent.OP.ADD, CONST.OPENID_CLAIMED.get(), authSuccess.getClaimed()), /** Indicate success * */ new OpenIDLifecycleEvent(OpenIDLifecycleEvent.TYPE.SUCCESS, null, null, null) }; lifeCycle.handle(eventArr); return true; } } catch (MessageException e) { throw new OpenIDMessageException(e); } catch (DiscoveryException e) { throw new OpenIDDiscoveryException(e); } catch (AssociationException e) { throw new OpenIDAssociationException(e); } return false; }
@SuppressWarnings("unchecked") public Principal processIncomingAuthResult( HttpServletRequest request, HttpServletResponse response) throws IOException { Principal principal = null; HttpSession session = request.getSession(false); if (session == null) throw new RuntimeException("wrong lifecycle: session was null"); // extract the parameters from the authentication response // (which comes in as a HTTP request from the OpenID provider) ParameterList responseParamList = new ParameterList(request.getParameterMap()); // retrieve the previously stored discovery information DiscoveryInformation discovered = (DiscoveryInformation) session.getAttribute("discovery"); if (discovered == null) throw new RuntimeException("discovered information was null"); // extract the receiving URL from the HTTP request StringBuffer receivingURL = request.getRequestURL(); String queryString = request.getQueryString(); if (queryString != null && queryString.length() > 0) receivingURL.append("?").append(request.getQueryString()); // verify the response; ConsumerManager needs to be the same // (static) instance used to place the authentication request VerificationResult verification; try { verification = openIdConsumerManager.verify(receivingURL.toString(), responseParamList, discovered); } catch (Exception e) { throw new RuntimeException(e); } // examine the verification result and extract the verified identifier Identifier identifier = verification.getVerifiedId(); if (identifier != null) { AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); Map<String, List<String>> attributes = null; if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { FetchResponse fetchResp; try { fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); } catch (MessageException e) { throw new RuntimeException(e); } attributes = fetchResp.getAttributes(); } principal = createOpenIDPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes); request.getSession().setAttribute("PRINCIPAL", principal); if (trace) log.trace("Logged in as:" + principal); } else { response.sendError(HttpServletResponse.SC_FORBIDDEN); } return principal; }
/** * Processes the returned information from an authentication request from the OP. * * @param discoveryInformation DiscoveryInformation that was created earlier in the conversation * (by openid4java). This will need to be verified with openid4java to make sure everything * went smoothly and there are no possible problems. This object was probably stored in * session and retrieved for use in calling this method. * @param pageParameters PageParameters passed to the page handling the return verificaion. * @param returnToUrl The "return to" URL that was passed to the OP. It must match exactly, or * openid4java will issue a verification failed message in the logs. * @return RegistrationModel - null if there was a problem, or a RegistrationModel object, with * parameters filled in as compeletely as possible from the information available from the OP. * If you are using MyOpenID, most of the time what is returned is from your "Default" * profile, so if you need more information returned, make sure your Default profile is * completely filled out. * @throws AssociationException * @throws DiscoveryException * @throws MessageException */ public static RegistrationModel processReturn(HttpServletRequest req) throws MessageException, DiscoveryException, AssociationException { RegistrationModel ret = null; ParameterList response = new ParameterList(req.getParameterMap()); log.debug("RETURN STATE " + response.getParameterValue("openid.mode")); DiscoveryInformation discovered = (DiscoveryInformation) req.getSession().getAttribute("openid-disc"); // log.debug("Register: Authtype"+req.getAuthType().toString()); log.debug("Register Attribute names" + req.getAttributeNames()); // extract the receiving URL from the HTTP request // StringBuffer receivingURL = req.getRequestURL(); // String queryString = req.getQueryString(); // if (queryString != null && queryString.length() > 0) // receivingURL.append("?").append(req.getQueryString()); // HAck: String receivingURL = response.getParameterValue("openid.return_to"); System.out.println("ReturnTO" + receivingURL); // verify the response; ConsumerManager needs to be the same // (static) instance used to place the authentication request log.debug("Consumer start verify"); VerificationResult verification = getConsumerManager().verify(receivingURL.toString(), response, discovered); log.debug("Register: Messages :" + verification.getAuthResponse().toString()); log.debug( "Reigster Class of verification" + verification.getAuthResponse().getClass().toString()); log.debug("Register: ConsumerManager" + consumerManager.getDiscovery().toString()); if (verification.getAuthResponse() instanceof org.openid4java.message.AuthFailure) { log.debug("Evtl. Fehlerhafter Return"); } else if (verification.getAuthResponse() instanceof org.openid4java.message.AuthSuccess) { log.debug("Evtl. erfolgreicher Auth"); } else { log.debug("Kein Positiver und kein negativer Auth. Fehler!"); } // examine the verification result and extract the verified identifier Identifier verified = verification.getVerifiedId(); log.debug("VerifiedID:" + verified); if (verified != null) { ret = new RegistrationModel(); AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); List<String> roles = fetchResp.getAttributeValues("label"); log.debug("roles size: " + roles.size()); if (roles.size() > 0) { String role = (String) roles.get(0); ret.setRole(role); } } if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) { MessageExtension extension = authSuccess.getExtension(SRegMessage.OPENID_NS_SREG); if (extension instanceof SRegResponse) { ret.setOpenId(verified.getIdentifier()); ret.setIs_verified(true); SRegResponse sRegResponse = (SRegResponse) extension; String value = sRegResponse.getAttributeValue("dob"); if (value != null) { ret.setDateOfBirth(value); } value = sRegResponse.getAttributeValue("email"); if (value != null) { ret.setEmailAddress(value); } value = sRegResponse.getAttributeValue("fullname"); if (value != null) { ret.setFullName(value); } } } } return ret; }
@Override public String readResponse(ThemeDisplay themeDisplay, ActionRequest actionRequest) throws PortalException { HttpServletRequest request = PortalUtil.getHttpServletRequest(actionRequest); request = PortalUtil.getOriginalServletRequest(request); String receivingURL = ParamUtil.getString(request, "openid.return_to"); ParameterList parameterList = new ParameterList(request.getParameterMap()); HttpSession session = request.getSession(); DiscoveryInformation discoveryInformation = (DiscoveryInformation) session.getAttribute(OpenIdWebKeys.OPEN_ID_DISCO); if (discoveryInformation == null) { return null; } AuthSuccess authSuccess = null; String firstName = null; String lastName = null; String emailAddress = null; try { VerificationResult verificationResult = _consumerManager.verify(receivingURL, parameterList, discoveryInformation); Identifier identifier = verificationResult.getVerifiedId(); if (identifier == null) { return null; } authSuccess = (AuthSuccess) verificationResult.getAuthResponse(); firstName = null; lastName = null; emailAddress = null; if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) { MessageExtension messageExtension = authSuccess.getExtension(SRegMessage.OPENID_NS_SREG); if (messageExtension instanceof SRegResponse) { SRegResponse sregResp = (SRegResponse) messageExtension; String fullName = GetterUtil.getString(sregResp.getAttributeValue(_OPEN_ID_SREG_ATTR_FULLNAME)); String[] names = splitFullName(fullName); if (names != null) { firstName = names[0]; lastName = names[1]; } emailAddress = sregResp.getAttributeValue(_OPEN_ID_SREG_ATTR_EMAIL); } } if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { MessageExtension messageExtension = authSuccess.getExtension(AxMessage.OPENID_NS_AX); if (messageExtension instanceof FetchResponse) { FetchResponse fetchResponse = (FetchResponse) messageExtension; OpenIdProvider openIdProvider = _openIdProviderRegistry.getOpenIdProvider(discoveryInformation.getOPEndpoint()); String[] openIdAXTypes = openIdProvider.getAxSchema(); for (String openIdAXType : openIdAXTypes) { if (openIdAXType.equals(_OPEN_ID_AX_ATTR_EMAIL)) { if (Validator.isNull(emailAddress)) { emailAddress = getFirstValue(fetchResponse.getAttributeValues(_OPEN_ID_AX_ATTR_EMAIL)); } } else if (openIdAXType.equals(_OPEN_ID_AX_ATTR_FIRST_NAME)) { if (Validator.isNull(firstName)) { firstName = getFirstValue(fetchResponse.getAttributeValues(_OPEN_ID_AX_ATTR_FIRST_NAME)); } } else if (openIdAXType.equals(_OPEN_ID_AX_ATTR_FULL_NAME)) { String fullName = fetchResponse.getAttributeValue(_OPEN_ID_AX_ATTR_FULL_NAME); String[] names = splitFullName(fullName); if (names != null) { if (Validator.isNull(firstName)) { firstName = names[0]; } if (Validator.isNull(lastName)) { lastName = names[1]; } } } else if (openIdAXType.equals(_OPEN_ID_AX_ATTR_LAST_NAME)) { if (Validator.isNull(lastName)) { lastName = getFirstValue(fetchResponse.getAttributeValues(_OPEN_ID_AX_ATTR_LAST_NAME)); } } } } } } catch (AssociationException ae) { throw new OpenIdServiceException.AssociationException(ae.getMessage(), ae); } catch (DiscoveryException de) { throw new OpenIdServiceException.DiscoveryException(de.getMessage(), de); } catch (MessageException me) { throw new OpenIdServiceException.MessageException(me.getMessage(), me); } String openId = normalize(authSuccess.getIdentity()); User user = _userLocalService.fetchUserByOpenId(themeDisplay.getCompanyId(), openId); if (user != null) { session.setAttribute(WebKeys.OPEN_ID_LOGIN, user.getUserId()); return null; } try { if (Validator.isNull(firstName) || Validator.isNull(lastName) || Validator.isNull(emailAddress)) { SessionMessages.add(request, "openIdUserInformationMissing"); if (_log.isInfoEnabled()) { _log.info( "The OpenID provider did not send the required " + "attributes to create an account"); } String createAccountURL = PortalUtil.getCreateAccountURL(request, themeDisplay); String portletId = HttpUtil.getParameter(createAccountURL, "p_p_id", false); String portletNamespace = PortalUtil.getPortletNamespace(portletId); createAccountURL = HttpUtil.setParameter(createAccountURL, portletNamespace + "openId", openId); session.setAttribute(WebKeys.OPEN_ID_LOGIN_PENDING, Boolean.TRUE); return createAccountURL; } } catch (Exception e) { throw new PortalException(e); } long creatorUserId = 0; long companyId = themeDisplay.getCompanyId(); boolean autoPassword = false; String password1 = PwdGenerator.getPassword(); String password2 = password1; boolean autoScreenName = true; String screenName = StringPool.BLANK; long facebookId = 0; Locale locale = themeDisplay.getLocale(); String middleName = StringPool.BLANK; long prefixId = 0; long suffixId = 0; boolean male = true; int birthdayMonth = Calendar.JANUARY; int birthdayDay = 1; int birthdayYear = 1970; String jobTitle = StringPool.BLANK; long[] groupIds = null; long[] organizationIds = null; long[] roleIds = null; long[] userGroupIds = null; boolean sendEmail = false; ServiceContext serviceContext = new ServiceContext(); user = _userLocalService.addUser( creatorUserId, companyId, autoPassword, password1, password2, autoScreenName, screenName, emailAddress, facebookId, openId, locale, firstName, middleName, lastName, prefixId, suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds, roleIds, userGroupIds, sendEmail, serviceContext); session.setAttribute(WebKeys.OPEN_ID_LOGIN, user.getUserId()); return null; }
// authentication response public Account verifyResponse(HttpServletRequest httpReq) throws ServletException { try { // extract the parameters from the authentication response // (which comes in as a HTTP request from the OpenID provider) ParameterList response = new ParameterList(httpReq.getParameterMap()); // retrieve the previously stored discovery information DiscoveryInformation discovered = (DiscoveryInformation) httpReq.getSession().getAttribute("openid-disc"); // extract the receiving URL from the HTTP request StringBuffer receivingURL = httpReq.getRequestURL(); String queryString = httpReq.getQueryString(); if (queryString != null && queryString.length() > 0) receivingURL.append("?").append(httpReq.getQueryString()); // verify the response; ConsumerManager needs to be the same // (static) instance used to place the authentication request VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered); // examine the verification result and extract the verified // identifier Identifier verified = verification.getVerifiedId(); if (verified != null) { // success String accountName = AccountImpl.escape(verified.getIdentifier()); AbstractAccount account = (AbstractAccount) OpenIDRealm.instance.getAccount(accountName); if (account == null) { Database db = OpenIDRealm.instance.getDatabase(); org.exist.security.Subject currentSubject = db.getSubject(); try { db.setSubject(db.getSecurityManager().getSystemSubject()); // XXX: set OpenID group by default account = (AbstractAccount) OpenIDRealm.instance.addAccount( new UserAider(OpenIDRealm.instance.getId(), accountName)); } finally { db.setSubject(currentSubject); } } org.exist.security.Subject principal = new SubjectAccreditedImpl(account, verified); AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); authSuccess.getExtensions(); if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) { MessageExtension ext = authSuccess.getExtension(SRegMessage.OPENID_NS_SREG); if (ext instanceof SRegResponse) { SRegResponse sregResp = (SRegResponse) ext; for (Iterator iter = sregResp.getAttributeNames().iterator(); iter.hasNext(); ) { String name = (String) iter.next(); if (LOG.isDebugEnabled()) LOG.debug(name + " : " + sregResp.getParameterValue(name)); principal.setMetadataValue( AXSchemaType.valueOfNamespace(name), sregResp.getParameterValue(name)); } } } if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); List aliases = fetchResp.getAttributeAliases(); for (Iterator iter = aliases.iterator(); iter.hasNext(); ) { String alias = (String) iter.next(); List values = fetchResp.getAttributeValues(alias); if (values.size() > 0) { if (LOG.isDebugEnabled()) LOG.debug(alias + " : " + values.get(0)); principal.setMetadataValue(AXSchemaType.valueOfAlias(alias), (String) values.get(0)); } } } // update metadata Database db = OpenIDRealm.instance.getDatabase(); org.exist.security.Subject currentSubject = db.getSubject(); try { db.setSubject(db.getSecurityManager().getSystemSubject()); OpenIDRealm.instance.updateAccount(principal); } finally { db.setSubject(currentSubject); } OpenIDUtility.registerUser(principal); return principal; } } catch (OpenIDException e) { LOG.error(e); } catch (ConfigurationException e) { LOG.error(e); } catch (PermissionDeniedException e) { LOG.error(e); } catch (EXistException e) { LOG.error(e); } return null; }
@SuppressWarnings({"unchecked"}) public Response verifyResponse(HttpServletRequest request, HttpServletResponse httpresponse) { try { HttpSession session = request.getSession(); // extract the parameters from the authentication response // (which comes in as a HTTP request from the OpenID provider) ParameterList response = new ParameterList(request.getParameterMap()); // retrieve the previously stored discovery information DiscoveryInformation discovered = (DiscoveryInformation) session.getAttribute("openid-disc"); // extract the receiving URL from the HTTP request StringBuffer receivingURL = request.getRequestURL(); String queryString = request.getQueryString(); if (queryString != null && queryString.length() > 0) receivingURL.append("?").append(request.getQueryString()); // verify the response; ConsumerManager needs to be the same // (static) instance used to place the authentication request VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered); // examine the verification result and extract the verified identifier Identifier verified = verification.getVerifiedId(); if (verified != null) { AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); String name = null; if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); Map<String, List<String>> attributes = fetchResp.getAttributes(); if (attributes.containsKey(AP_FULL_NAME)) { name = attributes.get(AP_FULL_NAME).get(0); } else { name = attributes.get(AP_FIRST_NAME).get(0) + " " + attributes.get(AP_LAST_NAME).get(0); } } log.info(String.format("Verified identity %s = %s", verified.getIdentifier(), name)); UserStore userstore = Registry.get().getUserStore(); boolean isRegistration = ((Boolean) session.getAttribute(SA_REGISTRATION)).booleanValue(); String registrationStatus = RS_LOGIN; if (isRegistration) { UserInfo userinfo = new UserInfo(verified.getIdentifier(), name); if (userstore.register(userinfo)) { registrationStatus = RS_NEW; } else { registrationStatus = RS_ALREADY_REGISTERED; } } RegToken token = new RegToken(verified.getIdentifier(), true); Subject subject = SecurityUtils.getSubject(); try { subject.login(token); session.setAttribute(VN_REGISTRATION_STATUS, registrationStatus); String provider = (String) session.getAttribute(SA_OPENID_PROVIDER); if (provider != null && !provider.isEmpty()) { Cookie cookie = new Cookie(PROVIDER_COOKIE, provider); cookie.setComment( "Records the openid provider you last used to log in to a UKGovLD registry"); cookie.setMaxAge(60 * 60 * 24 * 30); cookie.setHttpOnly(true); cookie.setPath("/"); httpresponse.addCookie(cookie); } return redirectTo(session.getAttribute(SA_RETURN_URL).toString()); // return RequestProcessor.render("admin.vm", uriInfo, servletContext, // request, VN_SUBJECT, subject, VN_REGISTRATION_STATUS, registrationStatus); } catch (Exception e) { log.error("Authentication failure: " + e); return RequestProcessor.render( "error.vm", uriInfo, servletContext, request, "message", "Could not find a registration for you."); } } } catch (Exception e) { throw new WebApplicationException(e); } return RequestProcessor.render( "error.vm", uriInfo, servletContext, request, "message", "OpenID login failed"); }