Author: prabath
Date: Wed Mar 5 03:16:51 2008
New Revision: 14526
Log:
adding PAPE support
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDExtensionFactory.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDAttributeExchange.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDSimpleReg.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthenticationAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDSubmitAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDUserApprovalAction.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDExtensionFactory.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDExtensionFactory.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDExtensionFactory.java
Wed Mar 5 03:16:51 2008
@@ -35,16 +35,18 @@
* @param auth AuthRequest instance
* @return Appropriate OpenIDExtension instance
*/
- public OpenIDExtension getExtension(String alias, AuthRequest auth) {
+ public OpenIDExtension getExtension(OpenIDAuthenticationRequest request) {
+
+ String alias = request.getExtensionAlias();
if (alias.equals(AxMessage.OPENID_NS_AX)) {
- return new OpenIDAttributeExchange(auth);
+ return new OpenIDAttributeExchange(request);
} else if (alias
.equals(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)
|| alias.equals(SRegMessage.OPENID_NS_SREG)) {
- return new OpenIDSimpleReg(auth);
+ return new OpenIDSimpleReg(request);
} else if (alias.equals(PapeMessage.OPENID_NS_PAPE)) {
- return new OpenIDPape(auth);
+ return new OpenIDPape(request);
}
return null;
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
Wed Mar 5 03:16:51 2008
@@ -236,15 +236,31 @@
return message.getDestinationUrl(true);
else {
OpenIDExtension extension = null;
-
- for (Object alias : authReq.getExtensions()) {
- extension =
OpenIDExtensionFactory.getInstance().getExtension((String)alias,
- authReq);
+ OpenIDAuthenticationRequest req = null;
+
+ req = new OpenIDAuthenticationRequest();
+
+ if ("true".equals(session.getAttribute("infocardsignin"))) {
+ req.setPhishingResistanceLogin(true);
+ session.removeAttribute("infocardsignin");
+ }
+
+ if ("true".equals(session.getAttribute("multifactorlogin"))) {
+ req.setMultifactorLogin(true);
+ session.removeAttribute("multifactorlogin");
+ }
+
+ req.setAuthRequest(authReq);
+
+ for (Object alias : authReq.getExtensions()) {
+ req.setExtensionAlias((String) alias);
+ extension = OpenIDExtensionFactory.getInstance().getExtension(
+ req);
if (extension != null)
message.addExtension(extension.getMessageExtension(userId,
profileName));
}
-
+
return message.getDestinationUrl(true);
}
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDAttributeExchange.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDAttributeExchange.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDAttributeExchange.java
Wed Mar 5 03:16:51 2008
@@ -15,21 +15,22 @@
import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.admin.ClaimsAdmin;
+import org.wso2.solutions.identity.openid.OpenIDAuthenticationRequest;
import org.wso2.solutions.identity.openid.OpenIDClaim;
import org.wso2.solutions.identity.persistence.dataobject.ClaimDO;
public class OpenIDAttributeExchange extends OpenIDExtension {
- private AuthRequest authRequest;
+ private OpenIDAuthenticationRequest request;
private static Log log = LogFactory.getLog(OpenIDAttributeExchange.class);
/**
* Constructed during building the response
- * @param authSuccess An instance of AuthRequest
+ * @param request An instance of OpenIDAuthenticationRequest
*/
- public OpenIDAttributeExchange(AuthRequest authRequest) {
- this.authRequest = authRequest;
+ public OpenIDAttributeExchange(OpenIDAuthenticationRequest request) {
+ this.request = request;
}
/**
@@ -43,8 +44,10 @@
String profileName) throws IdentityProviderException {
MessageExtension extensions = null;
+ AuthRequest authRequest = null;
try {
+ authRequest = request.getAuthRequest();
extensions = authRequest.getExtension(FetchRequest.OPENID_NS_AX);
if (extensions instanceof FetchRequest) {
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
Wed Mar 5 03:16:51 2008
@@ -12,19 +12,20 @@
import org.openid4java.message.pape.PapeResponse;
import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderException;
+import org.wso2.solutions.identity.openid.OpenIDAuthenticationRequest;
public class OpenIDPape extends OpenIDExtension {
- private AuthRequest authRequest;
+ private OpenIDAuthenticationRequest request;
private static Log log = LogFactory.getLog(OpenIDPape.class);
/**
* Constructed during building the response
- * @param authSuccess An instance of AuthRequest
+ * @param request An instance of OpenIDAuthenticationRequest
*/
- public OpenIDPape(AuthRequest authRequest) {
- this.authRequest = authRequest;
+ public OpenIDPape(OpenIDAuthenticationRequest request) {
+ this.request = request;
}
/**
@@ -41,8 +42,10 @@
PapeRequest papeRequest = null;
PapeResponse papeResponse = null;
List preferredPolicies = null;
+ AuthRequest authRequest = null;
try {
+ authRequest = request.getAuthRequest();
message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);
if (message instanceof PapeRequest) {
@@ -50,11 +53,18 @@
preferredPolicies = papeRequest.getPreferredAuthPoliciesList();
papeResponse = PapeResponse.createPapeResponse();
papeResponse.setNistAuthLevel(1);
- papeResponse.setAuthAge(-1);
-
papeResponse.setAuthPolicies(PapeMessage.PAPE_POLICY_PHISHING_RESISTANT);
+ papeResponse.setAuthAge(1);
+
+ if (request.isPhishingResistanceLogin())
+ papeResponse
+
.setAuthPolicies(PapeMessage.PAPE_POLICY_PHISHING_RESISTANT);
+
+ if (request.isMultifactorLogin())
+ papeResponse
+
.setAuthPolicies(PapeMessage.PAPE_POLICY_MULTI_FACTOR);
}
-
- //TODO:
+
+ // TODO:
} catch (MessageException e) {
throw new IdentityProviderException(
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDSimpleReg.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDSimpleReg.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDSimpleReg.java
Wed Mar 5 03:16:51 2008
@@ -16,20 +16,21 @@
import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.admin.ClaimsAdmin;
+import org.wso2.solutions.identity.openid.OpenIDAuthenticationRequest;
import org.wso2.solutions.identity.openid.OpenIDClaim;
import org.wso2.solutions.identity.persistence.dataobject.ClaimDO;
public class OpenIDSimpleReg extends OpenIDExtension {
- private AuthRequest authRequest;
+ private OpenIDAuthenticationRequest request;
private static Log log = LogFactory.getLog(OpenIDSimpleReg.class);
/**
* Constructed during building the response
- * @param authSuccess An instance of AuthRequest
+ * @param request An instance of OpenIDAuthenticationRequest
*/
- public OpenIDSimpleReg(AuthRequest authRequest) {
- this.authRequest = authRequest;
+ public OpenIDSimpleReg(OpenIDAuthenticationRequest request) {
+ this.request = request;
}
/**
@@ -42,8 +43,10 @@
public MessageExtension getMessageExtension(String userId,
String profileName) throws IdentityProviderException {
MessageExtension extension = null;
+ AuthRequest authRequest = null;
try {
+ authRequest = request.getAuthRequest();
extension = authRequest.getExtension(SRegRequest.OPENID_NS_SREG);
if (extension == null)
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
Wed Mar 5 03:16:51 2008
@@ -106,6 +106,10 @@
infocardCookie.setSecure(true);
response.addCookie(infocardCookie);
+ // OpenID Provider needs to know which authentication mechanism
+ // the user went through while authenticating to the OP.
+ session.setAttribute("infocardsignin", "true");
+
if (!isRequiredUserApproval(request)) {
// User has already agreed to accept request from this RP
// always.
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthenticationAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthenticationAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthenticationAction.java
Wed Mar 5 03:16:51 2008
@@ -88,5 +88,4 @@
}
return SUCCESS;
}
-
}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDSubmitAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDSubmitAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDSubmitAction.java
Wed Mar 5 03:16:51 2008
@@ -97,5 +97,4 @@
public void setOpenIdUrl(String openIdUrl) {
this.openIdUrl = openIdUrl;
}
-
-}
+}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDUserApprovalAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDUserApprovalAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDUserApprovalAction.java
Wed Mar 5 03:16:51 2008
@@ -1,20 +1,16 @@
package org.wso2.solutions.identity.user.ui.action;
import java.util.Date;
-import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts2.StrutsStatics;
import org.openid4java.message.ParameterList;
import org.wso2.solutions.identity.IdentityConstants;
-import org.wso2.solutions.identity.UserStore;
import org.wso2.solutions.identity.admin.RelyingPartyAdmin;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.OpenIDUserRPDO;
import org.wso2.solutions.identity.user.ui.util.UserUtil;
-import org.wso2.solutions.identity.users.IdentityDefaultRealm;
-import org.wso2.solutions.identity.users.IdentityUserStoreReader;
import com.opensymphony.xwork2.ActionContext;
@@ -63,7 +59,7 @@
.getParameterValue(IdentityConstants.OpenId.ATTR_RETURN_TO);
String openididentity = requestp
.getParameterValue(IdentityConstants.OpenId.ATTR_IDENTITY);
-
+
rpUrl = UserUtil.getRelyingPartyUrl(rpUrl);
if (openididentity == null || rpUrl == null) {
@@ -72,7 +68,7 @@
}
String userName = UserUtil.getUserName(openididentity);
-
+
OpenIDUserRPDO rpdo = null;
rpdo = new OpenIDUserRPDO();
@@ -122,5 +118,4 @@
public void setProfileName(String profileName) {
this.profileName = profileName;
}
-
-}
+}
\ No newline at end of file
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
