org.picketlink.identity.federation.web.openid.HTTPOpenIDProvider Maven / Gradle / Ivy
/*
* JBoss, Home of Professional Open Source.
* Copyright 2008, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.picketlink.identity.federation.web.openid;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.DirectError;
import org.openid4java.message.Message;
import org.openid4java.message.ParameterList;
import org.openid4java.server.InMemoryServerAssociationStore;
import org.openid4java.server.ServerManager;
/**
* Common code at an OpenID Provider
* @author [email protected]
* @since Jul 7, 2009
*/
public class HTTPOpenIDProvider
{
public String process(HttpServletRequest request, HttpServletResponse response)
throws IOException
{
HttpSession session = request.getSession();
ServerManager manager=new ServerManager();
manager.setSharedAssociations(new InMemoryServerAssociationStore());
manager.setPrivateAssociations(new InMemoryServerAssociationStore());
manager.setOPEndpointUrl(request.getScheme() + "://"
+ request.getServerName() + ":"
+ request.getServerPort() + "/simple-openid/provider.jsp");
ParameterList requestp;
if ("complete".equals(request.getParameter("_action"))) // Completing the authz and authn process by redirecting here
{
requestp=(ParameterList) session.getAttribute("parameterlist"); // On a redirect from the OP authn & authz sequence
}
else
{
requestp = new ParameterList(request.getParameterMap());
}
String mode = requestp.hasParameter("openid.mode") ?
requestp.getParameterValue("openid.mode") : null;
Message responsem;
String responseText;
if ("associate".equals(mode))
{
// --- process an association request ---
responsem = manager.associationResponse(requestp);
responseText = responsem.keyValueFormEncoding();
}
else if ("checkid_setup".equals(mode)
|| "checkid_immediate".equals(mode))
{
// interact with the user and obtain data needed to continue
//List userData = userInteraction(requestp);
String userSelectedId = null;
String userSelectedClaimedId = null;
Boolean authenticatedAndApproved = Boolean.FALSE;
if ((session.getAttribute("authenticatedAndApproved") == null) ||
(((Boolean)session.getAttribute("authenticatedAndApproved")) == Boolean.FALSE) )
{
session.setAttribute("parameterlist", requestp);
response.sendRedirect("provider_authorization.jsp");
}
else
{
userSelectedId = (String) session.getAttribute("openid.claimed_id");
userSelectedClaimedId = (String) session.getAttribute("openid.identity");
authenticatedAndApproved = (Boolean) session.getAttribute("authenticatedAndApproved");
// Remove the parameterlist so this provider can accept requests from elsewhere
session.removeAttribute("parameterlist");
session.setAttribute("authenticatedAndApproved", Boolean.FALSE); // Makes you authorize each and every time
}
// --- process an authentication request ---
responsem = manager.authResponse(requestp,
userSelectedId,
userSelectedClaimedId,
authenticatedAndApproved.booleanValue());
// caller will need to decide which of the following to use:
// - GET HTTP-redirect to the return_to URL
// - HTML FORM Redirection
//responseText = response.wwwFormEncoding();
if (responsem instanceof AuthSuccess)
{
response.sendRedirect(((AuthSuccess) responsem).getDestinationUrl(true));
return "";
}
else
{
responseText=""+responsem.keyValueFormEncoding()+"
";
}
}
else if ("check_authentication".equals(mode))
{
// --- processing a verification request ---
responsem = manager.verify(requestp);
responseText = responsem.keyValueFormEncoding();
}
else
{
// --- error response ---
responsem = DirectError.createDirectError("Unknown request");
responseText = responsem.keyValueFormEncoding();
}
return responseText != null ? responseText.trim() : null;
}
}