Author: prabath
Date: Tue Dec 18 00:07:21 2007
New Revision: 11336
Log:
added necessary checks
Modified:
branches/solutions/identity/openid-poc/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIdProvider.java
Modified:
branches/solutions/identity/openid-poc/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIdProvider.java
==============================================================================
---
branches/solutions/identity/openid-poc/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIdProvider.java
(original)
+++
branches/solutions/identity/openid-poc/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIdProvider.java
Tue Dec 18 00:07:21 2007
@@ -28,7 +28,6 @@
import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderException;
-
public class OpenIdProvider {
// instantiate a ServerManager object
@@ -45,27 +44,24 @@
HttpServletResponse httpResp) throws Exception {
ParameterList request = null;
- Message response;
- String responseText;
- HttpSession session;
-
+ Message response = null;
+ String responseText = null;
+ HttpSession session = null;
+
session = httpReq.getSession();
-
- // Completing the authz and authn process by redirecting here
- if ("complete".equals(httpReq.getParameter("_action")))
- {
- // On a redirect from the OP authn & authz sequence
- request=(ParameterList)
session.getAttribute("parameterlist");
- }
- else
- {
- // extract the parameters from the request
- request = new ParameterList(httpReq.getParameterMap());
- }
-
+
+ // completing the authentication process by redirecting here
+ if ("complete".equals(httpReq.getParameter("_action"))) {
+ request = (ParameterList)
session.getAttribute("parameterlist");
+ } else {
+ // extract the parameters from the request
+ request = new ParameterList(httpReq.getParameterMap());
+ }
+
+ // TODO: define constants for all openid reserved words
+
String mode = request.hasParameter("openid.mode") ? request
.getParameterValue("openid.mode") : null;
-
if ("associate".equals(mode)) {
// process an association request
@@ -73,25 +69,32 @@
responseText = response.keyValueFormEncoding();
} else if ("checkid_setup".equals(mode)
|| "checkid_immediate".equals(mode)) {
-
+
boolean authenticatedAndApproved = false;
-
+
// interact with the user and obtain data needed to
continue
List userData = userInteraction(request);
+
+ String userSelectedClaimedId = null;
+ String nickName = null;
+ String fullName = null;
+ String email = null;
- String userSelectedClaimedId = (String) userData.get(0);
- String nickName = (String) userData.get(1);
- String fullName = (String) userData.get(2);
- String email = (String) userData.get(3);
-
- authenticatedAndApproved = doLogin(nickName,
httpReq.getParameter("password"));
-
- if (!authenticatedAndApproved)
- {
- session.setAttribute("parameterlist", request);
- httpResp.sendRedirect(authPage);
- }
-
+ if (userData != null && userData.size() > 3) {
+ userSelectedClaimedId = (String)
userData.get(0);
+ nickName = (String) userData.get(1);
+ fullName = (String) userData.get(2);
+ email = (String) userData.get(3);
+ }
+
+ // authenticate the user
+ authenticatedAndApproved = doLogin(nickName, httpReq
+ .getParameter("password"));
+
+ if (!authenticatedAndApproved) {
+ session.setAttribute("parameterlist", request);
+ httpResp.sendRedirect(authPage);
+ }
// process an authentication request
AuthRequest authReq =
AuthRequest.createAuthRequest(request,
@@ -99,12 +102,6 @@
String opLocalId = null;
- // if the user chose a different claimed_id than the
one in request
- if (userSelectedClaimedId != null
- &&
userSelectedClaimedId.equals(authReq.getClaimed())) {
- // TODO: opLocalId =
lookupLocalId(userSelectedClaimedId);
- }
-
response = manager.authResponse(request, opLocalId,
userSelectedClaimedId,
authenticatedAndApproved);
@@ -116,12 +113,11 @@
.getExtension(AxMessage.OPENID_NS_AX);
if (ext instanceof FetchRequest) {
FetchRequest fetchReq =
(FetchRequest) ext;
+
Map required =
fetchReq.getAttributes(true);
- // Map optional =
fetchReq.getAttributes(false);
+
if
(required.containsKey("email")) {
- Map userDataExt = new
HashMap();
- //
userDataExt.put("email", userData.get(3));
-
+ Map userDataExt = new
HashMap();
FetchResponse fetchResp
= FetchResponse
.createFetchResponse(fetchReq, userDataExt);
// (alternatively)
manually add attribute values
@@ -140,8 +136,7 @@
if (ext instanceof SRegRequest) {
SRegRequest sregReq =
(SRegRequest) ext;
List required =
sregReq.getAttributes(true);
- // TODO: List optional =
sregReq.getAttributes(false);
-
+
// data released by the user
Map userDataSReg = new
HashMap();
SRegResponse sregResp =
SRegResponse
@@ -166,9 +161,7 @@
throw new
UnsupportedOperationException("TODO");
}
}
- // caller will need to decide which of the
following to use:
-
- // option1: GET HTTP-redirect to the return_to
URL
+
return response.getDestinationUrl(true);
}
} else if ("check_authentication".equals(mode)) {
@@ -185,31 +178,37 @@
return responseText;
}
- protected List userInteraction(ParameterList request)
+ private List userInteraction(ParameterList request)
throws ServerException, IdentityProviderException {
- List back = new ArrayList();
-
+ List claimValueList = null;
UserStore userStore = null;
List claimList = null;
List users = null;
Map mapValues = null;
-
String openId = null;
+ claimValueList = new ArrayList();
+
openId = request.hasParameter("openid.identity") ? request
.getParameterValue("openid.identity") : null;
- userStore = UserStore.getInstance();
-
- users = userStore.getAllUserNames();
-
+ // TODO: right now claim list is predefined, in the future
change this
+ // so the use will be able to add the required claims.
claimList = new ArrayList();
claimList.add(IdentityConstants.CLAIM_EMAIL_ADDRESS);
claimList.add(IdentityConstants.CLAIM_GIVEN_NAME);
claimList.add(IdentityConstants.CLAIM_SURNAME);
claimList.add(IdentityConstants.CLAIM_OPENID);
+ userStore = UserStore.getInstance();
+
+ users = userStore.getAllUserNames();
+
+ // TODO; externalize the hard-coded strings
+ if (users == null)
+ throw new IdentityProviderException("No users found");
+
Iterator iterator = users.iterator();
while (iterator.hasNext()) {
@@ -217,20 +216,42 @@
String user = (String) iterator.next();
mapValues = userStore.getClaimValues(user, claimList);
- if (mapValues != null && !mapValues.isEmpty()) {
- if (openId.indexOf((String) mapValues
-
.get(IdentityConstants.CLAIM_OPENID)) >= 0) {
-
back.add(mapValues.get(IdentityConstants.CLAIM_OPENID));
- back.add(user);
-
back.add(mapValues.get(IdentityConstants.CLAIM_SURNAME));
- back.add(mapValues
-
.get(IdentityConstants.CLAIM_EMAIL_ADDRESS));
- break;
+ if (mapValues != null) {
+
+ // user has defined claims!
+ String claimId = (String) mapValues
+
.get(IdentityConstants.CLAIM_OPENID);
+
+ if (mapValues != null && !mapValues.isEmpty()) {
+ if (openId.indexOf(claimId) >= 0
+ &&
openId.endsWith(claimId.substring(claimId
+
.length() - 1))) {
+ // TODO: right now claim list
is predefined, in the
+ // future change this so the
use will be able to add the required claims.
+ claimValueList.add(mapValues
+
.get(IdentityConstants.CLAIM_OPENID));
+ claimValueList.add(user);
+ claimValueList.add(mapValues
+
.get(IdentityConstants.CLAIM_SURNAME));
+ claimValueList.add(mapValues
+
.get(IdentityConstants.CLAIM_EMAIL_ADDRESS));
+ break;
+ }
}
}
}
- return back;
+ return claimValueList;
+ }
+
+ private boolean doLogin(String username, String password) {
+ try {
+ UserStore userStore = UserStore.getInstance();
+ return userStore.authenticate(username, password);
+ } catch (Exception e) {
+ return false;
+ }
+
}
private String directResponse(HttpServletResponse httpResp, String
response)
@@ -238,25 +259,11 @@
ServletOutputStream os = httpResp.getOutputStream();
os.write(response.getBytes());
os.close();
-
return null;
}
-
- private boolean doLogin(String username, String password) {
- try {
- UserStore userStore = UserStore.getInstance();
- return userStore.authenticate(username, password);
- } catch (Exception e) {
-
- return false;
- }
-
- }
-
- public void setAuthPage(String authPage)
- {
- this.authPage = authPage;
+
+ public void setAuthPage(String authPage) {
+ this.authPage = authPage;
}
-
}
\ No newline at end of file
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
