public boolean initialFacebookInteraction( HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(); Map<String, String> params = new HashMap<String, String>(); params.put(OAuthConstants.REDIRECT_URI_PARAMETER, returnURL); params.put(OAuthConstants.CLIENT_ID_PARAMETER, clientID); if (facebookScope != null) { params.put(OAuthConstants.SCOPE_PARAMETER, facebookScope); } String location = new StringBuilder(FacebookConstants.SERVICE_URL) .append("?") .append(createFacebookQueryString(params)) .toString(); try { session.setAttribute("STATE", STATES.AUTH.name()); if (trace) log.trace("Redirect:" + location); response.sendRedirect(location); return false; } catch (IOException e) { throw new RuntimeException(e); } }
protected boolean processOpenID(HttpServletRequest request, HttpServletResponse response) throws IOException { Principal userPrincipal = request.getUserPrincipal(); if (userPrincipal != null) { if (trace) log.trace("Logged in as:" + userPrincipal); return true; } if (!openidProcessor.isInitialized()) { try { openidProcessor.initialize(roles); } catch (Exception e) { throw new RuntimeException(e); } } HttpSession httpSession = request.getSession(); String state = (String) httpSession.getAttribute("STATE"); if (trace) log.trace("state=" + state); if (STATES.FINISH.name().equals(state)) { // This is a replay. We need to resend a request back to the OpenID provider httpSession.setAttribute("STATE", STATES.AUTH.name()); return prepareAndSendAuthRequest(request, response); } if (state == null || state.isEmpty()) { return prepareAndSendAuthRequest(request, response); } // We have sent an auth request if (state.equals(STATES.AUTH.name())) { Principal principal = processIncomingAuthResult(request, response); if (principal == null) { log.error( "Principal was null. Maybe login modules need to be configured properly. Or user chose no data"); return false; } return dealWithOpenIDPrincipal(request, response, principal); } return false; }
@SuppressWarnings("unchecked") private boolean prepareAndSendAuthRequest( HttpServletRequest request, HttpServletResponse response) throws IOException { // Figure out the service url String authType = request.getParameter(AUTH_TYPE); if (authType == null || authType.length() == 0) { authType = (String) request.getSession().getAttribute(AUTH_TYPE); } determineServiceUrl(authType); String openId = openIdServiceUrl; HttpSession session = request.getSession(true); if (openId != null) { session.setAttribute("openid", openId); List<DiscoveryInformation> discoveries; try { discoveries = openIdConsumerManager.discover(openId); } catch (DiscoveryException e) { throw new RuntimeException(e); } DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries); session.setAttribute("discovery", discovered); try { AuthRequest authReq = openIdConsumerManager.authenticate(discovered, returnURL); // Add in required attributes authReq.addExtension(fetchRequest); String url = authReq.getDestinationUrl(true); response.sendRedirect(url); request.getSession().setAttribute("STATE", STATES.AUTH.name()); return false; } catch (Exception e) { throw new RuntimeException(e); } } return false; }
protected boolean processFacebook(HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(); String state = (String) session.getAttribute("STATE"); if (STATES.FINISH.name().equals(state)) { Principal principal = request.getUserPrincipal(); if (principal == null) { principal = getFacebookPrincipal(request, response); } if (principal == null) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return false; } return dealWithFacebookPrincipal(request, response, principal); } if (state == null || state.isEmpty()) { return initialFacebookInteraction(request, response); } // We have sent an auth request if (state.equals(STATES.AUTH.name())) { return facebookProcessor.handleAuthStage(request, response); } // Principal facebookPrincipal = null; if (state.equals(STATES.AUTHZ.name())) { Principal principal = getFacebookPrincipal(request, response); if (principal == null) { log.error( "Principal was null. Maybe login modules need to be configured properly. Or user chose no data"); response.sendError(HttpServletResponse.SC_FORBIDDEN); return false; } return dealWithFacebookPrincipal(request, response, principal); } return false; }