/**
* Returns true if the user is successfully associated with his openid provider; The {@link
* OpenIdUser} is persisted if successful.
*/
public boolean associate(
OpenIdUser user, HttpServletRequest request, HttpServletResponse response) throws Exception {
if (_context.getAssociation().associate(user, _context)) {
_manager.saveUser(user, request, response);
return true;
}
return false;
}
/**
* Returns true if the user has succeeded authentication on his openid provider; The {@link
* OpenIdUser} is persisted if successful.
*/
public boolean verifyAuth(
OpenIdUser user, HttpServletRequest request, HttpServletResponse response) throws Exception {
if (_context.getAssociation().verifyAuth(user, getAuthParameters(request), _context)) {
_listener.onAuthenticate(user, request);
_manager.saveUser(user, request, response);
return true;
}
return false;
}
/**
* Return the current user, either an already authenticated one, or the one just discovered from
* the <i>openid.identifier.parameter</i> (= "openid_identifier" by default).<br>
* Returns <code>null</code> if the {@link Constants#OPENID_MODE} associated with the request is
* set to {@link Constants.Mode#CANCEL} (in order to login under a different id), or if the
* authentification is timed out.<br>
* If returned user is <code>null</code> and {@link #isAuthResponse(HttpServletRequest)} is <code>
* true</code> then we have an authentication timeout.
*
* @param request HttpServletRequest
* @return user OpenIdUser
*/
public OpenIdUser discover(HttpServletRequest request) throws Exception {
OpenIdUser user = (OpenIdUser) request.getAttribute(OpenIdUser.ATTR_NAME);
if (user == null) {
System.err.println("vvvvvv RelyingParty: user NOT in request");
user = _manager.getUser(request);
String id = null;
if (user != null) {
System.err.println("vvvvvv RelyingParty: user in session");
if (user.isAuthenticated()) {
System.err.println("vvvvvv RelyingParty: user authenticated");
_listener.onAccess(user, request);
request.setAttribute(OpenIdUser.ATTR_NAME, user);
return user;
}
System.err.println("vvvvvv RelyingParty: user NOT authenticated");
if ((id = request.getParameter(_identifierParameter)) == null) {
if (user.isAssociated()) {
String mode = request.getParameter(Constants.OPENID_MODE);
if (mode == null) return _automaticRedirect ? user : null;
return Constants.Mode.CANCEL.equals(mode) ? null : user;
}
return user;
} else if ((id = id.trim()).length() != 0) {
Identifier identifier = Identifier.getIdentifier(id, _resolver, _context);
if (identifier.isResolved()) {
if (!identifier.getId().equals(user.getIdentifier())) {
// new user or ... the user cancels authentication
// and provides a different openid identifier
return discover(identifier, request);
}
}
}
} else if ((id = request.getParameter(_identifierParameter)) != null
&& (id = id.trim()).length() != 0) {
System.err.println(
"vvvvvv RelyingParty: user NOT in session and parameter("
+ _identifierParameter
+ ") is NOT empty");
Identifier identifier = Identifier.getIdentifier(id, _resolver, _context);
if (identifier.isResolved()) return discover(identifier, request);
} else {
System.err.println(
"vvvvvv RelyingParty: user NOT in session and parameter("
+ _identifierParameter
+ ") is empty");
}
}
return user;
}
public boolean authenticate(
OpenIdUser user,
HttpServletRequest request,
HttpServletResponse response,
String trustRoot,
String realm,
String returnTo)
throws IOException {
UrlEncodedParameterMap params = getAuthUrlMap(user, trustRoot, realm, returnTo);
_listener.onPreAuthenticate(user, request, params);
_manager.saveUser(user, request, response);
_authRedirection.redirect(params, request, response);
return true;
}
/**
* Invalidates/terminates the openid session of the user associated with the given {@code
* request}; To logout an authenticated user, you invoke this method.
*/
public boolean invalidate(HttpServletRequest request, HttpServletResponse response)
throws IOException {
return _manager.invalidate(request, response);
}
/** Creates a new instance configured from the given {@code properties}. */
public static RelyingParty newInstance(Properties properties) {
// discovery
String discoveryParam = properties.getProperty("openid.discovery");
Discovery discovery =
discoveryParam == null
? new DefaultDiscovery()
: (Discovery) newObjectInstance(discoveryParam);
// association
String associationParam = properties.getProperty("openid.association");
Association association =
associationParam == null
? new DiffieHellmanAssociation()
: (Association) newObjectInstance(associationParam);
// http connector
String httpConnectorParam = properties.getProperty("openid.httpconnector");
HttpConnector httpConnector =
httpConnectorParam == null
? new SimpleHttpConnector()
: (HttpConnector) newObjectInstance(httpConnectorParam);
// user manager
String managerParam = properties.getProperty("openid.user.manager");
OpenIdUserManager manager =
managerParam == null
? new HttpSessionUserManager()
: (OpenIdUserManager) newObjectInstance(managerParam);
manager.init(properties);
// openid user cache
String userCacheParam = properties.getProperty("openid.user.cache");
UserCache userCache =
userCacheParam == null
? new IdentifierSelectUserCache()
: (UserCache) newObjectInstance(userCacheParam);
// openid automatic redirect
// when the user is redirected to his provider and he somehow navigates away from his
// provider and returns to your site ... the relying party will do an automatic redirect
// back to his provider for authentication (if set to true)
String automaticRedirectParam = properties.getProperty("openid.automatic_redirect");
boolean automaticRedirect =
automaticRedirectParam == null
? DEFAULT_AUTOMATIC_REDIRECT
: Boolean.parseBoolean(automaticRedirectParam);
// auth redirection
String authRedirectionParam = properties.getProperty("openid.authredirection");
AuthRedirection authRedirection =
authRedirectionParam == null
? new SimpleRedirection()
: (AuthRedirection) newObjectInstance(authRedirectionParam);
// identifier parameter (default is openid_identifier)
String identifierParameter =
properties.getProperty("openid.identifier.parameter", DEFAULT_IDENTIFIER_PARAMETER);
String identifierAsServerParam = properties.getProperty("openid.identifier_as_server");
boolean identifierAsServer = "true".equals(identifierAsServerParam);
RelyingParty relyingParty =
new RelyingParty(
new OpenIdContext(discovery, association, httpConnector),
manager,
userCache,
automaticRedirect,
identifierAsServer,
authRedirection,
identifierParameter);
// relying party listeners
String listenersParam = properties.getProperty("openid.relyingparty.listeners");
if (listenersParam != null) {
StringTokenizer tokenizer = new StringTokenizer(listenersParam, ",;");
while (tokenizer.hasMoreTokens())
relyingParty.addListener((Listener) newObjectInstance(tokenizer.nextToken().trim()));
}
// openid identifier resolvers
String resolversParam = properties.getProperty("openid.identifier.resolvers");
if (resolversParam != null) {
StringTokenizer tokenizer = new StringTokenizer(resolversParam, ",;");
while (tokenizer.hasMoreTokens())
relyingParty.addResolver((Resolver) newObjectInstance(tokenizer.nextToken().trim()));
}
return relyingParty;
}