From: <sha...@us...> - 2009-11-28 08:16:34
|
Revision: 10660 http://exist.svn.sourceforge.net/exist/?rev=10660&view=rev Author: shabanovd Date: 2009-11-28 08:16:28 +0000 (Sat, 28 Nov 2009) Log Message: ----------- [feature] OpenId authenticator servlet Added Paths: ----------- branches/shabanovd/access_control/src/org/exist/security/openid/servlet/ branches/shabanovd/access_control/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java Added: branches/shabanovd/access_control/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java =================================================================== --- branches/shabanovd/access_control/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java (rev 0) +++ branches/shabanovd/access_control/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java 2009-11-28 08:16:28 UTC (rev 10660) @@ -0,0 +1,140 @@ +/* + * eXist Open Source Native XML Database + * Copyright (C) 2009 The eXist Project + * http://exist-db.org + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + */ +package org.exist.security.openid.servlet; + +import java.io.IOException; +import java.util.List; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.openid4java.OpenIDException; +import org.openid4java.consumer.ConsumerException; +import org.openid4java.consumer.ConsumerManager; +import org.openid4java.consumer.VerificationResult; +import org.openid4java.discovery.DiscoveryInformation; +import org.openid4java.discovery.Identifier; +import org.openid4java.message.AuthRequest; +import org.openid4java.message.ParameterList; + +/** + * @author <a href="mailto:sha...@gm...">Dmitriy Shabanov</a> + * + */ +public class AuthenticatorOpenId extends HttpServlet { + + private static final long serialVersionUID = -2924397314671034627L; + + public ConsumerManager manager; + + public AuthenticatorOpenId() throws ConsumerException + { + manager = new ConsumerManager(); + } + + // authentication request + public String authRequest(String userSuppliedString, + HttpServletRequest httpReq, HttpServletResponse httpResp) + throws IOException, ServletException { + + try { + httpReq.getContextPath(); + + // configure the return_to URL where your application will receive + // the authentication responses from the OpenID provider + String returnToUrl = "http://example.com/openid"; + + // perform discovery on the user-supplied identifier + List<?> discoveries = manager.discover(userSuppliedString); + + // attempt to associate with the OpenID provider + // and retrieve one service endpoint for authentication + DiscoveryInformation discovered = manager.associate(discoveries); + + // store the discovery information in the user's session + httpReq.getSession().setAttribute("openid-disc", discovered); + + // obtain a AuthRequest message to be sent to the OpenID provider + AuthRequest authReq = manager.authenticate(discovered, returnToUrl); + + if (!discovered.isVersion2()) { + // Option 1: GET HTTP-redirect to the OpenID Provider endpoint + // The only method supported in OpenID 1.x + // redirect-URL usually limited ~2048 bytes + httpResp.sendRedirect(authReq.getDestinationUrl(true)); + return null; + + } else { + // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) + + RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("formredirection.jsp"); + httpReq.setAttribute("parameterMap", authReq.getParameterMap()); + httpReq.setAttribute("destinationUrl", authReq + .getDestinationUrl(false)); + dispatcher.forward(httpReq, httpResp); + } + } catch (OpenIDException e) { + // present error to the user + } + + return null; + + } + + // authentication response + public Identifier verifyResponse(HttpServletRequest httpReq) + throws ServletException { + + try { + // extract the parameters from the authentication response + // (which comes in as a HTTP request from the OpenID provider) + ParameterList response = new ParameterList(httpReq.getParameterMap()); + + // retrieve the previously stored discovery information + DiscoveryInformation discovered = (DiscoveryInformation) httpReq.getSession().getAttribute("openid-disc"); + + // extract the receiving URL from the HTTP request + StringBuffer receivingURL = httpReq.getRequestURL(); + String queryString = httpReq.getQueryString(); + if (queryString != null && queryString.length() > 0) + receivingURL.append("?").append(httpReq.getQueryString()); + + // verify the response; ConsumerManager needs to be the same + // (static) instance used to place the authentication request + VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered); + + // examine the verification result and extract the verified + // identifier + Identifier verified = verification.getVerifiedId(); + if (verified != null) { + + return verified; // success + } + } catch (OpenIDException e) { + // present error to the user + } + + return null; + } +} This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |