Menu
▾
▴
[Exist-commits] SF.net SVN: exist:[10660] branches/shabanovd/access_control/src/org/exist/ security/openid
|
From: <sha...@us...> - 2009-11-28 08:16:34
|
Revision: 10660
http://exist.svn.sourceforge.net/exist/?rev=10660&view=rev
Author: shabanovd
Date: 2009-11-28 08:16:28 +0000 (Sat, 28 Nov 2009)
Log Message:
-----------
[feature] OpenId authenticator servlet
Added Paths:
-----------
branches/shabanovd/access_control/src/org/exist/security/openid/servlet/
branches/shabanovd/access_control/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java
Added: branches/shabanovd/access_control/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java
===================================================================
--- branches/shabanovd/access_control/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java (rev 0)
+++ branches/shabanovd/access_control/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java 2009-11-28 08:16:28 UTC (rev 10660)
@@ -0,0 +1,140 @@
+/*
+ * eXist Open Source Native XML Database
+ * Copyright (C) 2009 The eXist Project
+ * http://exist-db.org
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ */
+package org.exist.security.openid.servlet;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.consumer.VerificationResult;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.discovery.Identifier;
+import org.openid4java.message.AuthRequest;
+import org.openid4java.message.ParameterList;
+
+/**
+ * @author <a href="mailto:sha...@gm...">Dmitriy Shabanov</a>
+ *
+ */
+public class AuthenticatorOpenId extends HttpServlet {
+
+ private static final long serialVersionUID = -2924397314671034627L;
+
+ public ConsumerManager manager;
+
+ public AuthenticatorOpenId() throws ConsumerException
+ {
+ manager = new ConsumerManager();
+ }
+
+ // authentication request
+ public String authRequest(String userSuppliedString,
+ HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws IOException, ServletException {
+
+ try {
+ httpReq.getContextPath();
+
+ // configure the return_to URL where your application will receive
+ // the authentication responses from the OpenID provider
+ String returnToUrl = "http://example.com/openid";
+
+ // perform discovery on the user-supplied identifier
+ List<?> discoveries = manager.discover(userSuppliedString);
+
+ // attempt to associate with the OpenID provider
+ // and retrieve one service endpoint for authentication
+ DiscoveryInformation discovered = manager.associate(discoveries);
+
+ // store the discovery information in the user's session
+ httpReq.getSession().setAttribute("openid-disc", discovered);
+
+ // obtain a AuthRequest message to be sent to the OpenID provider
+ AuthRequest authReq = manager.authenticate(discovered, returnToUrl);
+
+ if (!discovered.isVersion2()) {
+ // Option 1: GET HTTP-redirect to the OpenID Provider endpoint
+ // The only method supported in OpenID 1.x
+ // redirect-URL usually limited ~2048 bytes
+ httpResp.sendRedirect(authReq.getDestinationUrl(true));
+ return null;
+
+ } else {
+ // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)
+
+ RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("formredirection.jsp");
+ httpReq.setAttribute("parameterMap", authReq.getParameterMap());
+ httpReq.setAttribute("destinationUrl", authReq
+ .getDestinationUrl(false));
+ dispatcher.forward(httpReq, httpResp);
+ }
+ } catch (OpenIDException e) {
+ // present error to the user
+ }
+
+ return null;
+
+ }
+
+ // authentication response
+ public Identifier verifyResponse(HttpServletRequest httpReq)
+ throws ServletException {
+
+ try {
+ // extract the parameters from the authentication response
+ // (which comes in as a HTTP request from the OpenID provider)
+ ParameterList response = new ParameterList(httpReq.getParameterMap());
+
+ // retrieve the previously stored discovery information
+ DiscoveryInformation discovered = (DiscoveryInformation) httpReq.getSession().getAttribute("openid-disc");
+
+ // extract the receiving URL from the HTTP request
+ StringBuffer receivingURL = httpReq.getRequestURL();
+ String queryString = httpReq.getQueryString();
+ if (queryString != null && queryString.length() > 0)
+ receivingURL.append("?").append(httpReq.getQueryString());
+
+ // verify the response; ConsumerManager needs to be the same
+ // (static) instance used to place the authentication request
+ VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);
+
+ // examine the verification result and extract the verified
+ // identifier
+ Identifier verified = verification.getVerifiedId();
+ if (verified != null) {
+
+ return verified; // success
+ }
+ } catch (OpenIDException e) {
+ // present error to the user
+ }
+
+ return null;
+ }
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|