protected OpenIdManager getManager(ParmManipulator manip) { if (manager == null) { manager = new OpenIdManager(); manager.setReturnTo(manip.serverQualifyUrl("/openIdLoginResult")); manager.setRealm(manip.getCurrentRealm()); } return manager; }
@Handle("/openIdLoginResult") public Object loginResult( HttpServletRequest request, ParmManipulator manip, String endpoint, Location location) { byte[] mac_key = (byte[]) request.getSession().getAttribute(ATTR_MAC); String alias = (String) request.getSession().getAttribute(ATTR_ALIAS); Authentication auth = manager.getAuthentication(request, mac_key, alias); checkNonce(request.getParameter("openid.response_nonce")); if (auth == null || StringUtils.isBlank(auth.getEmail())) { return new Show(failureShowPage); } User user = authenticationService.getUserByProfileName(auth.getEmail()); if (user == null) { user = todoService.createNewUser( auth.getEmail(), auth.getFullname(), auth.getEmail(), (String) request.getSession().getAttribute(ATTR_ENDPOINT)); } ((Location) location.get(Constants.SESSION_LOCATION)).put(Constants.CURRENT_USER_OBJECT, user); // loading the object so it doesn't have a lazy init exception user.getGroupNames(); return new Show(successShowPage); }
@Handle("/openIdLogin") public Object login(String endpoint, ParmManipulator manip, HttpServletRequest request) { if (StringUtils.isBlank(endpoint)) { throw new IllegalArgumentException( "The endpoint for an Open ID login must not be null. Make sure it says Google, Yahoo, etc."); } Endpoint edp = getManager(manip).lookupEndpoint(endpoint); Association asso = getManager(manip).lookupAssociation(edp); request.getSession().setAttribute(ATTR_MAC, asso.getRawMacKey()); request.getSession().setAttribute(ATTR_ALIAS, edp.getAlias()); request.getSession().setAttribute(ATTR_ENDPOINT, endpoint); return new Show(manager.getAuthenticationUrl(edp, asso)); }
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String pathUtente = request.getServletPath(); /** Gestione login OpenID */ if (pathUtente.equals("/openid")) { String baseUrl = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + "/faccioshopping-war"; String returnUrl = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + "/faccioshopping-war/openid"; String redirectUrl = ""; manager.setRealm(baseUrl); manager.setReturnTo(returnUrl); String op = request.getParameter("op"); String oresponse = request.getParameter("openid.mode"); if (op == null && !oresponse.equals("cancel")) { // check sign on result from Google or Yahoo: checkNonce(request.getParameter("openid.response_nonce")); // get authentication: byte[] mac_key = (byte[]) request.getSession().getAttribute(ATTR_MAC); String alias = (String) request.getSession().getAttribute(ATTR_ALIAS); Authentication authentication = manager.getAuthentication(request, mac_key, alias); redirectUrl = checkAuthentication(authentication, baseUrl, request); } else if (op != null && (op.equals("Google") || op.equals("Yahoo"))) { // redirect to Google or Yahoo sign on page: Endpoint endpoint = manager.lookupEndpoint(op); Association association = manager.lookupAssociation(endpoint); request.getSession().setAttribute(ATTR_MAC, association.getRawMacKey()); request.getSession().setAttribute(ATTR_ALIAS, endpoint.getAlias()); redirectUrl = manager.getAuthenticationUrl(endpoint, association); } else if (oresponse.equals("cancel")) { request.setAttribute("err", "Processo di autenticazione annullato."); request.getRequestDispatcher("/home").forward(request, response); return; } else { throw new ServletException("Unsupported OP: " + op); } try { response.sendRedirect(redirectUrl); } catch (Exception ex) { Logger.getLogger(this.getClass().getName()).log(Level.WARNING, null, ex); } } else { /** Gestione login dal sito */ if (pathUtente.equals("/login")) { Utente _utente = gestoreUtente.login(request.getParameter("email"), request.getParameter("password")); String action = (request.getParameter("action") != null) ? request.getParameter("action") : ""; pathUtente = "/view/login"; if (action.equals("entra")) { if (_utente == null) { request.setAttribute("err", "Errore nel processo di login."); } else { request.getSession().setAttribute("utentefaccioshopping", _utente); pathUtente = "index"; } } } else if (pathUtente.equals("/logout")) { HttpSession session = request.getSession(); if (session != null) { session.invalidate(); pathUtente = "index"; } } else if (pathUtente.equals("/registra")) { pathUtente = "/view/registra"; String action = (request.getParameter("action") != null) ? request.getParameter("action") : ""; if (action.equals("inserisci")) { boolean isInterno = (Integer.parseInt(request.getParameter("isInterno")) != 0); Utente _nuovoUtente = gestoreUtente.registrazione( request.getParameter("lastname"), request.getParameter("firstname"), request.getParameter("email"), request.getParameter("password"), isInterno); if (_nuovoUtente != null) { request.setAttribute("ok", "Utente registrato con successo."); request.getSession().setAttribute("utentefaccioshopping", _nuovoUtente); request.getSession().setAttribute("authentication", null); pathUtente = "index"; } else { request.setAttribute( "err", "Errore durante la registrazione. Email già utilizzato!"); pathUtente = "/view/registra"; } } else if (action.equals("openID")) { request.setAttribute("ok", "Utente riconosciuto! Controlla i dati e conferma."); pathUtente = "/view/registra"; } } else if (pathUtente.equals("/modifica")) { pathUtente = "/view/modificautente"; String action = (request.getParameter("action") != null) ? request.getParameter("action") : ""; if (action.equals("aggiorna")) { Utente _utente = (Utente) request.getSession().getAttribute("utentefaccioshopping"); Utente _nuovoUtente = gestoreUtente.modifica( _utente.getId(), request.getParameter("lastname"), request.getParameter("firstname"), request.getParameter("email"), request.getParameter("opassword"), request.getParameter("npassword"), _utente.getIsInterno()); if (_nuovoUtente != null) { request.getSession().setAttribute("utentefaccioshopping", _nuovoUtente); request.setAttribute("ok", "Utente modificato con successo."); } else { request.setAttribute("err", "Errore durante la modifica dell'utente."); } pathUtente = "index"; } } // use RequestDispatcher to forward request internally String url = pathUtente + ".jsp"; try { request.getRequestDispatcher(url).forward(request, response); } catch (Exception ex) { Logger.getLogger(this.getClass().getName()).log(Level.WARNING, null, ex); } } }