HTTPOpenIDProvider.java example

Explorer
picketlink-master
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2008, Red Hat Middleware LLC, and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.picketlink.social.standalone.openid.web;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.openid4java.message.AuthSuccess;
import org.openid4java.message.DirectError;
import org.openid4java.message.Message;
import org.openid4java.message.ParameterList;
import org.openid4java.server.InMemoryServerAssociationStore;
import org.openid4java.server.ServerManager;

/**
 * Common code at an OpenID Provider
 *
 * @author Anil.Saldhana@redhat.com
 * @since Jul 7, 2009
 */
public class HTTPOpenIDProvider {
    public String process(HttpServletRequest request, HttpServletResponse response) throws IOException {
        HttpSession session = request.getSession();

        ServerManager manager = new ServerManager();
        manager.setSharedAssociations(new InMemoryServerAssociationStore());
        manager.setPrivateAssociations(new InMemoryServerAssociationStore());
        manager.setOPEndpointUrl(request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort()
                + "/simple-openid/provider.jsp");

        ParameterList requestp;

        if ("complete".equals(request.getParameter("_action"))) // Completing the authz and authn process by redirecting here
        {
            requestp = (ParameterList) session.getAttribute("parameterlist"); // On a redirect from the OP authn & authz
                                                                              // sequence
        } else {
            requestp = new ParameterList(request.getParameterMap());
        }

        String mode = requestp.hasParameter("openid.mode") ? requestp.getParameterValue("openid.mode") : null;

        Message responsem;
        String responseText;

        if ("associate".equals(mode)) {
            // --- process an association request ---
            responsem = manager.associationResponse(requestp);
            responseText = responsem.keyValueFormEncoding();
        } else if ("checkid_setup".equals(mode) || "checkid_immediate".equals(mode)) {
            // interact with the user and obtain data needed to continue
            // List userData = userInteraction(requestp);
            String userSelectedId = null;
            String userSelectedClaimedId = null;
            Boolean authenticatedAndApproved = Boolean.FALSE;

            if ((session.getAttribute("authenticatedAndApproved") == null)
                    || (((Boolean) session.getAttribute("authenticatedAndApproved")) == Boolean.FALSE)) {
                session.setAttribute("parameterlist", requestp);
                response.sendRedirect("provider_authorization.jsp");
            } else {
                userSelectedId = (String) session.getAttribute("openid.claimed_id");
                userSelectedClaimedId = (String) session.getAttribute("openid.identity");
                authenticatedAndApproved = (Boolean) session.getAttribute("authenticatedAndApproved");
                // Remove the parameterlist so this provider can accept requests from elsewhere
                session.removeAttribute("parameterlist");
                session.setAttribute("authenticatedAndApproved", Boolean.FALSE); // Makes you authorize each and every time
            }

            // --- process an authentication request ---
            responsem = manager.authResponse(requestp, userSelectedId, userSelectedClaimedId,
                    authenticatedAndApproved.booleanValue());

            // caller will need to decide which of the following to use:
            // - GET HTTP-redirect to the return_to URL
            // - HTML FORM Redirection
            // responseText = response.wwwFormEncoding();
            if (responsem instanceof AuthSuccess) {
                response.sendRedirect(((AuthSuccess) responsem).getDestinationUrl(true));
                return "";
            } else {
                responseText = "<pre>" + responsem.keyValueFormEncoding() + "</pre>";
            }
        } else if ("check_authentication".equals(mode)) {
            // --- processing a verification request ---
            responsem = manager.verify(requestp);
            responseText = responsem.keyValueFormEncoding();
        } else {
            // --- error response ---
            responsem = DirectError.createDirectError("Unknown request");
            responseText = responsem.keyValueFormEncoding();
        }

        return responseText != null ? responseText.trim() : null;
    }

}