Author: prabath
Date: Fri Jan 25 00:49:46 2008
New Revision: 12878
Log:
code refactoring
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
Fri Jan 25 00:49:46 2008
@@ -11,13 +11,9 @@
import javax.servlet.http.HttpSession;
import org.wso2.solutions.identity.UserStore;
-import org.openid4java.association.Association;
-import org.openid4java.association.AssociationException;
import org.openid4java.message.AuthRequest;
-import org.openid4java.message.AuthSuccess;
import org.openid4java.message.DirectError;
import org.openid4java.message.Message;
-import org.openid4java.message.MessageException;
import org.openid4java.message.MessageExtension;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.FetchRequest;
@@ -34,11 +30,9 @@
public class OpenIDProvider {
// Instantiate a ServerManager object.
- public static ServerManager manager = new ServerManager();
+ public static ServerManager manager = new OpenIDServerManager();
private String authPage;
- private final static int EXPIRES_IN = 1000;
-
private static String opAddress = null;
/**
@@ -58,61 +52,6 @@
}
/**
- * Creates an association between the OpenID Provider and the Relying
Party.
- *
- * @return Association.
- * @throws AssociationException
- */
- public static Association getAssocHandle() throws AssociationException {
-
- return manager.getPrivateAssociations().generate(
- org.openid4java.association.Association.TYPE_HMAC_SHA1,
- EXPIRES_IN);
- }
-
- /**
- * Generates nonce token to uniquely identify authentication responses.
- *
- * @return Nonce token.
- */
- public static String getNonce() {
-
- return manager.getNonceGenerator().next();
- }
-
- /**
- *
- * @param endPoint
- * End-point URL.
- * @param claimedID
- * Claim ID of the client.
- * @param compatibilty
- * Indicates the compatibility.
- * @param returnTo
- * ReturnTo URL.
- * @param nonce
- * Nonce token to uniquely identify authentication
responses.
- * @param assoc
- * Association between the OpenID Provider and the Relying
- * Party.
- * @return Signature.
- * @throws MessageException
- * @throws AssociationException
- */
- public static String getSignature(String endPoint, String claimedID,
- boolean compatibilty, String returnTo, String nonce,
- Association assoc) throws MessageException, AssociationException {
- AuthSuccess openidResp;
-
- openidResp = AuthSuccess.createAuthSuccess(endPoint, claimedID,
- claimedID, compatibilty, returnTo, nonce, null, assoc, true);
-
- // sign the message
- return openidResp.getSignature();
-
- }
-
- /**
* Process the Relying Party request at the OpenID Provider end.
*
* @param httpReq
@@ -123,163 +62,185 @@
* @throws Exception
*/
public String processRequest(HttpServletRequest httpReq,
- HttpServletResponse httpResp) throws Exception {
+ HttpServletResponse httpResp) throws IdentityProviderException {
ParameterList request = null;
Message message = null;
String responseText = null;
HttpSession session = null;
- session = httpReq.getSession();
+ try {
- if (IdentityConstants.OpenId.COMPLETE.equals(httpReq
- .getParameter(IdentityConstants.OpenId.ACTION))) {
- // Authentication completed.
- request = (ParameterList) session
- .getAttribute(IdentityProviderConstants.OpenId.PARAM_LIST);
- } else {
- // Extract the parameters from the request.
- // Authentication not completed.
- request = new ParameterList(httpReq.getParameterMap());
- }
+ session = httpReq.getSession();
- String mode = request.hasParameter(IdentityConstants.OpenId.ATTR_MODE)
? request
- .getParameterValue(IdentityConstants.OpenId.ATTR_MODE)
- : null;
-
- if (IdentityConstants.OpenId.ASSOCIATE.equals(mode)) {
- // Process an association request made by RP.
- message = manager.associationResponse(request);
- responseText = message.keyValueFormEncoding();
- } else if (IdentityConstants.OpenId.CHECKID_SETUP.equals(mode)
- || IdentityConstants.OpenId.CHECKID_IMMEDIATE.equals(mode)) {
+ if (IdentityConstants.OpenId.COMPLETE.equals(httpReq
+ .getParameter(IdentityConstants.OpenId.ACTION))) {
+ // Authentication completed.
+ request = (ParameterList) session
+
.getAttribute(IdentityProviderConstants.OpenId.PARAM_LIST);
+ } else {
+ // Extract the parameters from the request.
+ // Authentication not completed.
+ request = new ParameterList(httpReq.getParameterMap());
+ }
- boolean authenticatedAndApproved = false;
- String userSelectedClaimedId = null;
- String openId = null;
- String userId = null;
-
- openId = request
- .hasParameter(IdentityConstants.OpenId.ATTR_IDENTITY) ?
request
- .getParameterValue(IdentityConstants.OpenId.ATTR_IDENTITY)
+ String mode = request
+ .hasParameter(IdentityConstants.OpenId.ATTR_MODE) ? request
+ .getParameterValue(IdentityConstants.OpenId.ATTR_MODE)
: null;
- userId = getUserName(openId);
-
- // Authenticate the user.
- authenticatedAndApproved = doLogin(userId, httpReq
- .getParameter(IdentityProviderConstants.OpenId.PASSWORD));
-
- if (!authenticatedAndApproved) {
- // Not authenticated, redirect to the authentication page.
- session.setAttribute(
- IdentityProviderConstants.OpenId.PARAM_LIST, request);
- return authPage;
- }
+ if (IdentityConstants.OpenId.ASSOCIATE.equals(mode)) {
+ // Process an association request made by RP.
+ message = manager.associationResponse(request);
+ responseText = message.keyValueFormEncoding();
+ } else if (IdentityConstants.OpenId.CHECKID_SETUP.equals(mode)
+ ||
IdentityConstants.OpenId.CHECKID_IMMEDIATE.equals(mode)) {
+
+ boolean authenticatedAndApproved = false;
+ String userSelectedClaimedId = null;
+ String openId = null;
+ String userId = null;
+
+ openId = request
+ .hasParameter(IdentityConstants.OpenId.ATTR_IDENTITY)
? request
+
.getParameterValue(IdentityConstants.OpenId.ATTR_IDENTITY)
+ : null;
+
+ if (openId == null)
+ throw new IdentityProviderException(
+ "Required attribute,openid.identity, is missing");
+
+ userId = getUserName(openId);
+
+ // Authenticate the user.
+ authenticatedAndApproved = doLogin(
+ userId,
+ httpReq
+
.getParameter(IdentityProviderConstants.OpenId.PASSWORD));
+
+ if (!authenticatedAndApproved) {
+ // Not authenticated, redirect to the authentication page.
+ session.setAttribute(
+ IdentityProviderConstants.OpenId.PARAM_LIST,
+ request);
+ return authPage;
+ }
- // Process an authentication request.
- AuthRequest authReq = AuthRequest.createAuthRequest(request,
- manager.getRealmVerifier());
+ // Process an authentication request.
+ AuthRequest authReq = AuthRequest.createAuthRequest(request,
+ manager.getRealmVerifier());
- String opLocalId = null;
+ String opLocalId = null;
- message = manager.authResponse(request, opLocalId,
- userSelectedClaimedId, authenticatedAndApproved);
+ message = manager.authResponse(request, opLocalId,
+ userSelectedClaimedId, authenticatedAndApproved);
- if (message instanceof DirectError)
- return directResponse(httpResp,
message.keyValueFormEncoding());
- else {
- if (authReq
-
.hasExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX)) {
+ if (message instanceof DirectError)
+ return directResponse(httpResp, message
+ .keyValueFormEncoding());
+ else {
+ if (authReq
+
.hasExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX)) {
- MessageExtension extensions = authReq
-
.getExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX);
+ MessageExtension extensions = authReq
+
.getExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX);
- if (extensions instanceof FetchRequest) {
+ if (extensions instanceof FetchRequest) {
- Map required = null;
- Map userDataExt = null;
- FetchRequest fetchReq = null;
- FetchResponse fetchResp = null;
- OpenIDProviderData openIDData = null;
- Map claimValues = null;
+ Map required = null;
+ Map userDataExt = null;
+ FetchRequest fetchReq = null;
+ FetchResponse fetchResp = null;
+ OpenIDProviderData openIDData = null;
+ Map claimValues = null;
- fetchReq = (FetchRequest) extensions;
+ fetchReq = (FetchRequest) extensions;
- // Get the required attributes as requested by the RP.
- required = fetchReq.getAttributes(true);
+ // Get the required attributes as requested by the
+ // RP.
+ required = fetchReq.getAttributes(true);
- userDataExt = new HashMap();
- openIDData = new OpenIDProviderData();
+ userDataExt = new HashMap();
+ openIDData = new OpenIDProviderData();
- fetchResp = FetchResponse.createFetchResponse(fetchReq,
- userDataExt);
+ fetchResp = FetchResponse.createFetchResponse(
+ fetchReq, userDataExt);
- claimValues = openIDData.populateAttributeValues(
- required, userId);
+ claimValues = openIDData.populateAttributeValues(
+ required, userId);
- openIDData.setAttributeExchangeValues(fetchResp,
- claimValues);
- message.addExtension(fetchResp);
+ openIDData.setAttributeExchangeValues(fetchResp,
+ claimValues);
+ message.addExtension(fetchResp);
- } else {
- throw new UnsupportedOperationException("TODO");
+ } else {
+ throw new UnsupportedOperationException("TODO");
+ }
}
- }
- if (authReq
-
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
+ if (authReq
+
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
- MessageExtension extension = authReq
-
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
+ MessageExtension extension = authReq
+
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
- if (extension instanceof SRegRequest) {
+ if (extension instanceof SRegRequest) {
- SRegRequest sregReq = null;
- List required = null;
- Map userDataSReg = null;
- Map claimValues = null;
- SRegResponse response = null;
- OpenIDProviderData openIDData = null;
+ SRegRequest sregReq = null;
+ List required = null;
+ Map userDataSReg = null;
+ Map claimValues = null;
+ SRegResponse response = null;
+ OpenIDProviderData openIDData = null;
- sregReq = (SRegRequest) extension;
+ sregReq = (SRegRequest) extension;
- // Get the required attributes as requested by the RP.
- required = sregReq.getAttributes(true);
+ // Get the required attributes as requested by the
+ // RP.
+ required = sregReq.getAttributes(true);
- userDataSReg = new HashMap();
- openIDData = new OpenIDProviderData();
+ userDataSReg = new HashMap();
+ openIDData = new OpenIDProviderData();
- response = SRegResponse.createSRegResponse(sregReq,
- userDataSReg);
+ response = SRegResponse.createSRegResponse(sregReq,
+ userDataSReg);
- claimValues = openIDData.populateAttributeValues(
- required, userId);
+ claimValues = openIDData.populateAttributeValues(
+ required, userId);
- openIDData.setSimpleAttributeRegistrationValues(
- response, claimValues);
+ openIDData.setSimpleAttributeRegistrationValues(
+ response, claimValues);
- message.addExtension(response);
+ message.addExtension(response);
- } else {
- throw new UnsupportedOperationException("TODO");
+ } else {
+ throw new UnsupportedOperationException("TODO");
+ }
}
- }
-
- return message.getDestinationUrl(true);
+ return message.getDestinationUrl(true);
+ }
+ } else if (IdentityConstants.OpenId.CHECK_AUTHENTICATION
+ .equals(mode)) {
+ // Processing a verification request.
+ message = manager.verify(request);
+ responseText = message.keyValueFormEncoding();
+ } else {
+ // Error response.
+ message = DirectError.createDirectError("Unknown request");
+ responseText = message.keyValueFormEncoding();
}
- } else if (IdentityConstants.OpenId.CHECK_AUTHENTICATION.equals(mode))
{
- // Processing a verification request.
- message = manager.verify(request);
- responseText = message.keyValueFormEncoding();
- } else {
+ } catch (Exception e) {
// Error response.
- message = DirectError.createDirectError("Unknown request");
+ message = DirectError.createDirectError(e.getMessage());
responseText = message.keyValueFormEncoding();
}
- // Return the result to the user.
- return directResponse(httpResp, responseText);
+ try {
+ // Return the result to the user.
+ return directResponse(httpResp, responseText);
+ } catch (IOException e) {
+ throw new IdentityProviderException(e.getMessage());
+ }
}
/**
@@ -351,6 +312,34 @@
}
/**
+ *
+ * @param authPage
+ * Authentication page
+ */
+ public void setAuthPage(String authPage) {
+
+ ServerConfiguration serverConfig = null;
+ String openIDServerUrl = null;
+
+ serverConfig = ServerConfiguration.getInstance();
+ openIDServerUrl = serverConfig.getFirstProperty("OpenIDServerUrl");
+
+ this.authPage = openIDServerUrl + "/" + authPage;
+ }
+
+ /**
+ *
+ * @return OpenID Provider server URL.
+ */
+ public static String getOpAddress() {
+ return opAddress;
+ }
+
+ public static ServerManager getManager() {
+ return manager;
+ }
+
+ /**
* Verify authentication.
*
* @param username
@@ -391,29 +380,4 @@
}
return null;
}
-
- /**
- *
- * @param authPage
- * Authentication page
- */
- public void setAuthPage(String authPage) {
-
- ServerConfiguration serverConfig = null;
- String openIDServerUrl = null;
-
- serverConfig = ServerConfiguration.getInstance();
- openIDServerUrl = serverConfig.getFirstProperty("OpenIDServerUrl");
-
- this.authPage = openIDServerUrl + "/" + authPage;
- }
-
- /**
- *
- * @return OpenID Provider server URL.
- */
- public static String getOpAddress() {
- return opAddress;
- }
-
}
\ No newline at end of file
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
