Author: prabath
Date: Thu May 8 04:39:25 2008
New Revision: 16694
Log:
Constant name changes + made OpenID available for any realm
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/InfoCardUserRegistrationSubmitAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowLoginAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowMainAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowUserRegistrationAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UserRegistrationFormSubmitAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/util/UserUtil.java
trunk/solutions/identity/modules/user-ui/src/main/resources/struts.xml
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/login.jsp
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/InfoCardUserRegistrationSubmitAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/InfoCardUserRegistrationSubmitAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/InfoCardUserRegistrationSubmitAction.java
Thu May 8 04:39:25 2008
@@ -24,7 +24,6 @@
import org.wso2.solutions.identity.admin.ParameterAdmin;
import org.wso2.solutions.identity.admin.RegisteredInfoCardInfoAdmin;
import org.wso2.solutions.identity.admin.ReportAdmin;
-import org.wso2.solutions.identity.openid.OpenIDProvider;
import org.wso2.solutions.identity.openid.OpenIDUtil;
import org.wso2.solutions.identity.persistence.dataobject.ActionDO;
import org.wso2.solutions.identity.persistence.dataobject.ClaimDO;
@@ -80,7 +79,7 @@
ParameterAdmin paramAdmin = new ParameterAdmin();
boolean enableOpenIDRegistration = paramAdmin
-
.getParameter(IdentityProviderConstants.PARAM_NAME_ENABLE_OPENID_REGISTRATION)
!= null;
+
.getParameter(IdentityProviderConstants.PARAM_NAME_ENABLE_OPENID_LOGIN) != null;
String openid = null;
if (enableOpenIDRegistration) {
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
Thu May 8 04:39:25 2008
@@ -43,447 +43,452 @@
import org.wso2.solutions.identity.user.ui.util.UserUtil;
import org.wso2.solutions.identity.users.IdentityDefaultRealm;
import org.wso2.solutions.identity.users.IdentityUserStoreReader;
+import org.wso2.usermanager.Realm;
import org.wso2.usermanager.UserManagerException;
import com.opensymphony.xwork2.ActionContext;
public class OpenIDAuthVerificationAction extends ManagedAction {
- /**
- *
- */
- private static final long serialVersionUID = 7880796322220751491L;
-
- private List<String> profile = null;
-
- private List<ClaimValue> claimValues = null;
-
- private String defaultUserProfileName = null;
-
- private List<String> requiredAttributes = null;
-
- /**
- * This will get executed once the user provided his login credentials
- */
- public String execute() throws Exception {
-
- ActionContext context = null;
- HttpServletRequest request = null;
- String openID = null;
- HttpSession session = null;
- ParameterList requestParam = null;
- String user = null;
- String infoCardSignin = null;
- String rpUrl = null;
-
- context = ActionContext.getContext();
- request = (HttpServletRequest) context.get(StrutsStatics.HTTP_REQUEST);
- session = request.getSession();
-
- infoCardSignin = request.getParameter("InfoCardSignin");
-
- requestParam = (ParameterList) session
- .getAttribute(IdentityConstants.OpenId.PARAM_LIST);
-
- if (requestParam != null
- && requestParam
- .hasParameter(IdentityConstants.OpenId.ATTR_IDENTITY))
{
- openID = requestParam.getParameter(
- IdentityConstants.OpenId.ATTR_IDENTITY).getValue();
- } else {
- addErrorMessage(getText("openid_required"));
- return ERROR;
- }
-
- if
(requestParam.hasParameter(IdentityConstants.OpenId.ATTR_RETURN_TO)) {
- rpUrl = requestParam.getParameter(
- IdentityConstants.OpenId.ATTR_RETURN_TO).getValue();
- rpUrl = UserUtil.getRelyingPartyUrl(rpUrl);
- } else {
- addErrorMessage(getText("returnTo_required"));
- return ERROR;
- }
-
- requiredAttributes = (List<String>) session
- .getAttribute("RequestedAttr");
-
- user = UserUtil.getUserName(openID);
-
- if (infoCardSignin != null && "Log in".equals(infoCardSignin)) {
- // User logs in with an information card
- return handleInforCardLogin(openID, user, rpUrl);
- } else {
- // User logs in with user-name/password.
- return handleUserNameLogin(openID, user, rpUrl);
- }
- }
-
- /**
- * Handles user-name/password login
- * @param openID OpenID
- * @param user User name
- * @param rpUrl Relying party URL
- * @return Success/Failure
- * @throws RelyingPartyException
- * @throws IdentityProviderException
- * @throws IOException
- */
- protected String handleUserNameLogin(String openID, String user,
- String rpUrl) throws RelyingPartyException,
- IdentityProviderException, IOException {
-
- ActionContext context = null;
- HttpServletRequest request = null;
- HttpServletResponse response = null;
- HttpSession session = null;
- String password = null;
-
- context = ActionContext.getContext();
- request = (HttpServletRequest) context.get(StrutsStatics.HTTP_REQUEST);
- response = (HttpServletResponse) context
- .get(StrutsStatics.HTTP_RESPONSE);
- session = request.getSession();
-
- password = request
- .getParameter(IdentityProviderConstants.OpenId.PASSWORD);
- if (password == null) {
- password = (String) session
- .getAttribute(IdentityProviderConstants.OpenId.PASSWORD);
- if (password != null)
- session
-
.removeAttribute(IdentityProviderConstants.OpenId.PASSWORD);
- }
-
- if (UserUtil.doLogin(user, password)) {
-
- populateUserProfiles(user, rpUrl);
-
- String remeberMe = null;
-
- if (request.getParameter("remember") != null) {
- remeberMe = request.getParameter("remember");
- }
-
- if (remeberMe != null && remeberMe.equalsIgnoreCase("true")) {
- // Add cookie
- Cookie rememberMeCookie = new Cookie("rememberme", "true");
- // Expires in two weeks
- rememberMeCookie.setMaxAge(60 * 60 * 24 * 14);
- response.addCookie(rememberMeCookie);
-
- Cookie openIDCookie = new Cookie("openid", openID);
- openIDCookie.setMaxAge(60 * 60 * 24 * 14);
- openIDCookie.setSecure(true);
- response.addCookie(openIDCookie);
-
- // Encode the password
- Cookie passwordCookie = new Cookie("password",
- new sun.misc.BASE64Encoder().encode(password
- .getBytes("UTF-8")));
- passwordCookie.setMaxAge(60 * 60 * 24 * 14);
- passwordCookie.setSecure(true);
- response.addCookie(passwordCookie);
- }
-
- String message = getText("successful_for", new String[] { user });
- ReportAdmin.record(user, ActionDO.ACTION_USER_LOG_IN_OPENID,
- message);
-
- session.setAttribute(IdentityConstants.PASSWORD,password);
-
- if (!isRequiredUserApproval(request)) {
- String authMessage = getText("successful_for",
- new String[] { user });
- ReportAdmin.record(user,
- ActionDO.ACTION_USER_APPROVED_OPENID_RP_ALWAYS,
- authMessage);
- // User has already agreed to accept request from this RP
- // always.
- response
-
.sendRedirect("server?_action=complete&authenticatedAndApproved=true");
- }
- return SUCCESS;
- } else {
- String message = getText("invalid_user_password");
- ReportAdmin.record(user, ActionDO.ACTION_USER_FAILURE, message);
- this.addErrorMessage(getText("invalid_user_password"));
- return ERROR;
- }
- }
-
- /**
- * Handles information card login
- * @param openID OpenID
- * @param user User name
- * @param rpUrl Relying party URL
- * @return Success/Failure
- * @throws RelyingPartyException
- * @throws IdentityProviderException
- * @throws IOException
- */
- protected String handleInforCardLogin(String openID, String user,
- String rpUrl) throws RelyingPartyException,
- IdentityProviderException, IOException {
-
- ActionContext context = null;
- HttpServletRequest request = null;
- HttpServletResponse response = null;
- HttpSession session = null;
- ParameterList requestParam = null;
- boolean isRedirected = false;
- String[] policies = null;
-
- context = ActionContext.getContext();
- request = (HttpServletRequest) context.get(StrutsStatics.HTTP_REQUEST);
- response = (HttpServletResponse) context
- .get(StrutsStatics.HTTP_RESPONSE);
- session = request.getSession();
-
- requestParam = (ParameterList) session
- .getAttribute(IdentityConstants.OpenId.PARAM_LIST);
-
- if (UserUtil.verifyInfoCardLogin(context, openID)) {
-
- policies = OpenIDUtil
- .getRequestedAuthenticationPolicies(requestParam);
-
- if (policies != null) {
- for (String policy : policies) {
- if (policy
-
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.MULTI_FACTOR)) {
- session
- .setAttribute(
-
"multiFactorAuthenticationWithUsernamePassword",
- "true");
- session.setAttribute("multifactorlogin", "true");
- isRedirected = true;
- response.sendRedirect("OpenIDAuthentication.action");
- break;
- }
- }
- }
-
- populateUserProfiles(user, rpUrl);
-
- // Okay - user used InfoCards to login - next when tries
- // login we'll let him use his InfoCard directly, by passing the
- // authentication page.
-
- // Encode the password
- Cookie infocardCookie = new Cookie("infocardCookie", openID);
- infocardCookie.setMaxAge(60 * 60 * 24 * 14);
- infocardCookie.setSecure(true);
- response.addCookie(infocardCookie);
-
- // OpenID Provider needs to know which authentication
- // mechanism the user went through while authenticating to the
- // OP.
- session.setAttribute("phishingResistanceAuthentication", "true");
- if (!isRedirected) {
-
- String message = getText("successful_for",
- new String[] { user });
- ReportAdmin.record(user,
- ActionDO.ACTION_USER_LOG_IN_SELF_ISSUED_CARD, message);
-
- if (!isRequiredUserApproval(request)) {
- String authMessage = getText("successful_for",
- new String[] { user });
- ReportAdmin.record(user,
- ActionDO.ACTION_USER_APPROVED_OPENID_RP_ALWAYS,
- authMessage);
-
- // User has already agreed to accept request from this
- // RP always.
- response
-
.sendRedirect("server?_action=complete&authenticatedAndApproved=true");
- }
- }
- return SUCCESS;
- } else {
-
- Cookie[] cookies = request.getCookies();
- Cookie curCookie = null;
- String useInfoCard = null;
-
- for (int x = 0; x < cookies.length; x++) {
- curCookie = cookies[x];
- if (curCookie.getName().equalsIgnoreCase("infocardCookie")) {
- useInfoCard = curCookie.getValue();
-
- if (useInfoCard != null && useInfoCard.equals(openID)) {
- curCookie.setMaxAge(0);
- response.addCookie(curCookie);
- }
- }
- }
-
- String message = getText("invalid_user_password");
- ReportAdmin.record(user, ActionDO.ACTION_USER_FAILURE, message);
-
- this.addErrorMessage(getText("invalid_card_login"));
- return ERROR;
- }
- }
-
- /**
- * Populates user profiles with all his profile names.
- * @param userName Unique user name
- * @throws RelyingPartyException
- */
- protected void populateUserProfiles(String userName, String rpUrl)
- throws RelyingPartyException {
-
- IdentityDefaultRealm realm = null;
- IdentityUserStoreReader reader = null;
- IPPersistenceManager db = null;
-
- try {
- profile = new ArrayList<String>();
- realm = (IdentityDefaultRealm) UserStore.getInstance().getRealm();
- reader = realm.getIdentityUserStoreReader();
- profile = reader.getUserProfileNames(userName);
-
- db = IPPersistenceManager.getPersistanceManager();
-
- defaultUserProfileName = db.getOpenIDDefaultUserProfile(userName,
- rpUrl);
-
- if (defaultUserProfileName == null) {
- defaultUserProfileName = reader
- .getDefaultUserProfileName(userName);
- }
-
- profile.remove(defaultUserProfileName);
-
- profile.add(0, defaultUserProfileName);
-
- readDefaultProfileValues(userName, defaultUserProfileName);
-
- } catch (IdentityProviderException e) {
- throw new RelyingPartyException(
- IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE, e);
- } catch (UserManagerException e) {
- throw new RelyingPartyException(
- IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE, e);
- }
- }
-
- /**
- * @param userName
- * @param profileName
- * @throws RelyingPartyException
- */
- protected void readDefaultProfileValues(String userName, String
profileName)
- throws RelyingPartyException {
-
- IdentityDefaultRealm realm = null;
- IdentityUserStoreReader reader = null;
- Map<String, String> userProperties = null;
- ClaimsAdmin claimsAdmin = null;
- ClaimValue calimValue = null;
-
- try {
- userProperties = new HashMap<String, String>();
- realm = (IdentityDefaultRealm) UserStore.getInstance().getRealm();
- reader = realm.getIdentityUserStoreReader();
- userProperties = reader.getUserProperties(userName, profileName);
-
- claimsAdmin = new ClaimsAdmin();
- claimValues = new ArrayList<ClaimValue>();
-
- Iterator<Entry<String, String>> iterator = null;
- Entry<String, String> entry = null;
-
- iterator = userProperties.entrySet().iterator();
-
- while (iterator.hasNext()) {
- entry = iterator.next();
- calimValue = new ClaimValue();
- calimValue.setClaimValue(entry.getValue());
- if (requiredAttributes.contains(entry.getKey())) {
- calimValue.setClaim(claimsAdmin.findClaimByURI(entry
- .getKey()));
- claimValues.add(calimValue);
- }
- }
-
- } catch (IdentityProviderException e) {
- throw new RelyingPartyException(
- IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE, e);
- } catch (UserManagerException e) {
- throw new RelyingPartyException(
- IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE, e);
- }
-
- }
-
- /**
- * Check whether user has already agreed to accept request from this RP
- * always
- * @param request HttpServletRequest
- * @return true if required user approval, else false
- * @throws RelyingPartyException
- */
- private boolean isRequiredUserApproval(HttpServletRequest request)
- throws RelyingPartyException {
-
- ParameterList requestParam = null;
- IPPersistenceManager db = null;
-
- requestParam = (ParameterList) request.getSession().getAttribute(
- IdentityConstants.OpenId.PARAM_LIST);
- String openID = requestParam.getParameter(
- IdentityConstants.OpenId.ATTR_IDENTITY).getValue();
- String rpUrl = requestParam
- .getParameterValue(IdentityConstants.OpenId.ATTR_RETURN_TO);
-
- rpUrl = UserUtil.getRelyingPartyUrl(rpUrl);
-
- OpenIDUserRPDO[] rpdos = null;
- OpenIDUserRPDO rpdo = null;
-
- try {
- db = IPPersistenceManager.getPersistanceManager();
- } catch (IdentityProviderException e) {
- throw new RelyingPartyException("dbConnectionFailure");
- }
-
- // Get matching data, related to the requested RP.
- rpdos = db.getOpenIDUserRP(UserUtil.getUserName(openID), rpUrl);
-
- if (rpdos != null && rpdos.length > 0) {
- // User has already logged into this RP.
- rpdo = rpdos[0];
- if (rpdo.getIsTrustedAlways()) {
- // User trusts this RP.
- rpdo.setVisitCount(rpdo.getVisitCount() + 1);
- rpdo.setLastVisit(new Date());
- db.update(rpdo);
- return false;
- }
- }
- return true;
- }
-
- public List<ClaimValue> getClaimValues() {
- return claimValues;
- }
-
- public List<String> getProfile() {
- return profile;
- }
-
- public void setProfile(List<String> profile) {
- this.profile = profile;
- }
-
- public String getDefaultUserProfileName() {
- return defaultUserProfileName;
- }
-
- public void setDefaultUserProfileName(String defaultUserProfileName) {
- this.defaultUserProfileName = defaultUserProfileName;
- }
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7880796322220751491L;
+
+ private List<String> profile = null;
+
+ private List<ClaimValue> claimValues = null;
+
+ private String defaultUserProfileName = null;
+
+ private List<String> requiredAttributes = null;
+
+ /**
+ * This will get executed once the user provided his login credentials
+ */
+ public String execute() throws Exception {
+
+ ActionContext context = null;
+ HttpServletRequest request = null;
+ String openID = null;
+ HttpSession session = null;
+ ParameterList requestParam = null;
+ String user = null;
+ String infoCardSignin = null;
+ String rpUrl = null;
+
+ context = ActionContext.getContext();
+ request = (HttpServletRequest)
context.get(StrutsStatics.HTTP_REQUEST);
+ session = request.getSession();
+
+ infoCardSignin = request.getParameter("InfoCardSignin");
+
+ requestParam = (ParameterList)
session.getAttribute(IdentityConstants.OpenId.PARAM_LIST);
+
+ if (requestParam != null
+ &&
requestParam.hasParameter(IdentityConstants.OpenId.ATTR_IDENTITY)) {
+ openID =
requestParam.getParameter(IdentityConstants.OpenId.ATTR_IDENTITY).getValue();
+ } else {
+ addErrorMessage(getText("openid_required"));
+ return ERROR;
+ }
+
+ if
(requestParam.hasParameter(IdentityConstants.OpenId.ATTR_RETURN_TO)) {
+ rpUrl =
requestParam.getParameter(IdentityConstants.OpenId.ATTR_RETURN_TO).getValue();
+ rpUrl = UserUtil.getRelyingPartyUrl(rpUrl);
+ } else {
+ addErrorMessage(getText("returnTo_required"));
+ return ERROR;
+ }
+
+ requiredAttributes = (List<String>)
session.getAttribute("RequestedAttr");
+
+ try {
+ user = UserUtil.getUserName(openID);
+ } catch (RelyingPartyException e) {
+ return ERROR;
+ }
+ if (infoCardSignin != null && "Log in".equals(infoCardSignin)) {
+ // User logs in with an information card
+ return handleInforCardLogin(openID, user, rpUrl);
+ } else {
+ // User logs in with user-name/password.
+ return handleUserNameLogin(openID, user, rpUrl);
+ }
+ }
+
+ /**
+ * Handles user-name/password login
+ *
+ * @param openID OpenID
+ * @param user User name
+ * @param rpUrl Relying party URL
+ * @return Success/Failure
+ * @throws RelyingPartyException
+ * @throws IdentityProviderException
+ * @throws IOException
+ */
+ protected String handleUserNameLogin(String openID, String user, String
rpUrl)
+ throws RelyingPartyException,
IdentityProviderException, IOException {
+
+ ActionContext context = null;
+ HttpServletRequest request = null;
+ HttpServletResponse response = null;
+ HttpSession session = null;
+ String password = null;
+
+ context = ActionContext.getContext();
+ request = (HttpServletRequest)
context.get(StrutsStatics.HTTP_REQUEST);
+ response = (HttpServletResponse)
context.get(StrutsStatics.HTTP_RESPONSE);
+ session = request.getSession();
+
+ password =
request.getParameter(IdentityProviderConstants.OpenId.PASSWORD);
+ if (password == null) {
+ password = (String)
session.getAttribute(IdentityProviderConstants.OpenId.PASSWORD);
+ if (password != null)
+
session.removeAttribute(IdentityProviderConstants.OpenId.PASSWORD);
+ }
+
+ if (UserUtil.doLogin(user, password)) {
+
+ populateUserProfiles(user, rpUrl);
+
+ String remeberMe = null;
+
+ if (request.getParameter("remember") != null) {
+ remeberMe = request.getParameter("remember");
+ }
+
+ if (remeberMe != null &&
remeberMe.equalsIgnoreCase("true")) {
+ // Add cookie
+ Cookie rememberMeCookie = new
Cookie("rememberme", "true");
+ // Expires in two weeks
+ rememberMeCookie.setMaxAge(60 * 60 * 24 * 14);
+ response.addCookie(rememberMeCookie);
+
+ Cookie openIDCookie = new Cookie("openid",
openID);
+ openIDCookie.setMaxAge(60 * 60 * 24 * 14);
+ openIDCookie.setSecure(true);
+ response.addCookie(openIDCookie);
+
+ // Encode the password
+ Cookie passwordCookie = new Cookie("password",
new sun.misc.BASE64Encoder()
+
.encode(password.getBytes("UTF-8")));
+ passwordCookie.setMaxAge(60 * 60 * 24 * 14);
+ passwordCookie.setSecure(true);
+ response.addCookie(passwordCookie);
+ }
+
+ String message = getText("successful_for", new String[]
{ user });
+ ReportAdmin.record(user,
ActionDO.ACTION_USER_LOG_IN_OPENID, message);
+
+ session.setAttribute(IdentityConstants.PASSWORD,
password);
+
+ if (!isRequiredUserApproval(request)) {
+ String authMessage = getText("successful_for",
new String[] { user });
+ ReportAdmin.record(user,
ActionDO.ACTION_USER_APPROVED_OPENID_RP_ALWAYS,
+ authMessage);
+ // User has already agreed to accept request
from this RP
+ // always.
+
response.sendRedirect("server?_action=complete&" +
IdentityConstants.USER_APPROVED
+ + "=true");
+ }
+ return SUCCESS;
+ } else {
+ String message = getText("invalid_user_password");
+ ReportAdmin.record(user, ActionDO.ACTION_USER_FAILURE,
message);
+ this.addErrorMessage(getText("invalid_user_password"));
+ return ERROR;
+ }
+ }
+
+ /**
+ * Handles information card login
+ *
+ * @param openID OpenID
+ * @param user User name
+ * @param rpUrl Relying party URL
+ * @return Success/Failure
+ * @throws RelyingPartyException
+ * @throws IdentityProviderException
+ * @throws IOException
+ */
+ protected String handleInforCardLogin(String openID, String user,
String rpUrl)
+ throws RelyingPartyException,
IdentityProviderException, IOException {
+
+ ActionContext context = null;
+ HttpServletRequest request = null;
+ HttpServletResponse response = null;
+ HttpSession session = null;
+ ParameterList requestParam = null;
+ boolean isRedirected = false;
+ String[] policies = null;
+
+ context = ActionContext.getContext();
+ request = (HttpServletRequest)
context.get(StrutsStatics.HTTP_REQUEST);
+ response = (HttpServletResponse)
context.get(StrutsStatics.HTTP_RESPONSE);
+ session = request.getSession();
+
+ requestParam = (ParameterList)
session.getAttribute(IdentityConstants.OpenId.PARAM_LIST);
+
+ session.removeAttribute(IdentityConstants.INFOCARD_LOGIN);
+
+ if (UserUtil.verifyInfoCardLogin(context, openID)) {
+
+ policies =
OpenIDUtil.getRequestedAuthenticationPolicies(requestParam);
+
+ if (policies != null) {
+ for (String policy : policies) {
+ if (policy
+
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.MULTI_FACTOR)) {
+
session.setAttribute("multiFactorAuthenticationWithUsernamePassword",
+ "true");
+
session.setAttribute("multifactorlogin", "true");
+ isRedirected = true;
+
response.sendRedirect("OpenIDAuthentication.action");
+ break;
+ }
+ }
+ }
+
+ populateUserProfiles(user, rpUrl);
+
+ // Okay - user used InfoCards to login - next when tries
+ // login we'll let him use his InfoCard directly, by
passing the
+ // authentication page.
+
+ // Encode the password
+ Cookie infocardCookie = new Cookie("infocardCookie",
openID);
+ infocardCookie.setMaxAge(60 * 60 * 24 * 14);
+ infocardCookie.setSecure(true);
+ response.addCookie(infocardCookie);
+
+ // OpenID Provider needs to know which authentication
+ // mechanism the user went through while authenticating
to the
+ // OP.
+
session.setAttribute("phishingResistanceAuthentication", "true");
+ if (!isRedirected) {
+
+ String message = getText("successful_for", new
String[] { user });
+ ReportAdmin.record(user,
ActionDO.ACTION_USER_LOG_IN_SELF_ISSUED_CARD, message);
+
+
session.setAttribute(IdentityConstants.INFOCARD_LOGIN,
+
IdentityConstants.INFOCARD_LOGIN);
+
+ if (!isRequiredUserApproval(request)) {
+ String authMessage =
getText("successful_for", new String[] { user });
+ ReportAdmin.record(user,
ActionDO.ACTION_USER_APPROVED_OPENID_RP_ALWAYS,
+ authMessage);
+
+ // User has already agreed to accept
request from this
+ // RP always.
+
response.sendRedirect("server?_action=complete&"
+ +
IdentityConstants.USER_APPROVED + "=true");
+ }
+ }
+ return SUCCESS;
+ } else {
+
+ Cookie[] cookies = request.getCookies();
+ Cookie curCookie = null;
+ String useInfoCard = null;
+
+ for (int x = 0; x < cookies.length; x++) {
+ curCookie = cookies[x];
+ if
(curCookie.getName().equalsIgnoreCase("infocardCookie")) {
+ useInfoCard = curCookie.getValue();
+
+ if (useInfoCard != null &&
useInfoCard.equals(openID)) {
+ curCookie.setMaxAge(0);
+ response.addCookie(curCookie);
+ }
+ }
+ }
+
+ String message = getText("invalid_user_password");
+ ReportAdmin.record(user, ActionDO.ACTION_USER_FAILURE,
message);
+
+ this.addErrorMessage(getText("invalid_card_login"));
+ return ERROR;
+ }
+ }
+
+ /**
+ * Populates user profiles with all his profile names.
+ *
+ * @param userName Unique user name
+ * @throws RelyingPartyException
+ */
+ protected void populateUserProfiles(String userName, String rpUrl)
throws RelyingPartyException {
+
+ IdentityDefaultRealm identityRealm = null;
+ Realm realm = null;
+ IdentityUserStoreReader reader = null;
+ IPPersistenceManager db = null;
+
+ try {
+ profile = new ArrayList<String>();
+ realm = UserStore.getInstance().getRealm();
+
+ if (realm instanceof IdentityDefaultRealm) {
+
+ // multiple profiles are supported only through
+ // IdentityDefaultRealm
+ identityRealm = (IdentityDefaultRealm) realm;
+ reader =
identityRealm.getIdentityUserStoreReader();
+ profile = reader.getUserProfileNames(userName);
+
+ db =
IPPersistenceManager.getPersistanceManager();
+
+ defaultUserProfileName =
db.getOpenIDDefaultUserProfile(userName, rpUrl);
+
+ if (defaultUserProfileName == null) {
+ defaultUserProfileName =
reader.getDefaultUserProfileName(userName);
+ }
+
+ profile.remove(defaultUserProfileName);
+ profile.add(0, defaultUserProfileName);
+ }
+
+ readDefaultProfileValues(userName,
defaultUserProfileName);
+
+ } catch (IdentityProviderException e) {
+ throw new
RelyingPartyException(IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE,
+ e);
+ } catch (UserManagerException e) {
+ throw new
RelyingPartyException(IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE,
+ e);
+ }
+ }
+
+ /**
+ * @param userName
+ * @param profileName
+ * @throws RelyingPartyException
+ */
+ protected void readDefaultProfileValues(String userName, String
profileName)
+ throws RelyingPartyException {
+
+ IdentityDefaultRealm identityRealm = null;
+ IdentityUserStoreReader identityReader = null;
+ Map<String, String> userProperties = null;
+ ClaimsAdmin claimsAdmin = null;
+ ClaimValue calimValue = null;
+ Realm realm = null;
+
+ try {
+
+ if (profileName == null) {
+ defaultUserProfileName =
IdentityConstants.DEFAULT_PROFILE;
+ profile.add(0, defaultUserProfileName);
+ }
+
+ userProperties = new HashMap<String, String>();
+ realm = UserStore.getInstance().getRealm();
+
+ if (realm instanceof IdentityDefaultRealm) {
+ // multiple profiles are supported only through
+ // IdentityDefaultRealm
+ identityRealm = (IdentityDefaultRealm) realm;
+ identityReader =
identityRealm.getIdentityUserStoreReader();
+ userProperties =
identityReader.getUserProperties(userName, profileName);
+ } else {
+ userProperties =
realm.getUserStoreReader().getUserProperties(userName);
+ }
+
+ claimsAdmin = new ClaimsAdmin();
+ claimValues = new ArrayList<ClaimValue>();
+
+ Iterator<Entry<String, String>> iterator = null;
+ Entry<String, String> entry = null;
+
+ iterator = userProperties.entrySet().iterator();
+
+ while (iterator.hasNext()) {
+ entry = iterator.next();
+ calimValue = new ClaimValue();
+ calimValue.setClaimValue(entry.getValue());
+ if
(requiredAttributes.contains(entry.getKey())) {
+
calimValue.setClaim(claimsAdmin.findClaimByURI(entry.getKey()));
+ claimValues.add(calimValue);
+ }
+ }
+
+ } catch (IdentityProviderException e) {
+ throw new
RelyingPartyException(IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE,
+ e);
+ } catch (UserManagerException e) {
+ throw new
RelyingPartyException(IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE,
+ e);
+ }
+
+ }
+
+ /**
+ * Check whether user has already agreed to accept request from this RP
+ * always
+ *
+ * @param request HttpServletRequest
+ * @return true if required user approval, else false
+ * @throws RelyingPartyException
+ */
+ private boolean isRequiredUserApproval(HttpServletRequest request)
throws RelyingPartyException {
+
+ ParameterList requestParam = null;
+ IPPersistenceManager db = null;
+
+ requestParam = (ParameterList)
request.getSession().getAttribute(
+ IdentityConstants.OpenId.PARAM_LIST);
+ String openID =
requestParam.getParameter(IdentityConstants.OpenId.ATTR_IDENTITY)
+ .getValue();
+ String rpUrl =
requestParam.getParameterValue(IdentityConstants.OpenId.ATTR_RETURN_TO);
+
+ rpUrl = UserUtil.getRelyingPartyUrl(rpUrl);
+
+ OpenIDUserRPDO[] rpdos = null;
+ OpenIDUserRPDO rpdo = null;
+
+ try {
+ db = IPPersistenceManager.getPersistanceManager();
+ } catch (IdentityProviderException e) {
+ throw new RelyingPartyException("dbConnectionFailure");
+ }
+
+ // Get matching data, related to the requested RP.
+ rpdos = db.getOpenIDUserRP(UserUtil.getUserName(openID), rpUrl);
+
+ if (rpdos != null && rpdos.length > 0) {
+ // User has already logged into this RP.
+ rpdo = rpdos[0];
+ if (rpdo.getIsTrustedAlways()) {
+ // User trusts this RP.
+ rpdo.setVisitCount(rpdo.getVisitCount() + 1);
+ rpdo.setLastVisit(new Date());
+ db.update(rpdo);
+ return false;
+ }
+ }
+ return true;
+ }
+
+ public List<ClaimValue> getClaimValues() {
+ return claimValues;
+ }
+
+ public List<String> getProfile() {
+ return profile;
+ }
+
+ public void setProfile(List<String> profile) {
+ this.profile = profile;
+ }
+
+ public String getDefaultUserProfileName() {
+ return defaultUserProfileName;
+ }
+
+ public void setDefaultUserProfileName(String defaultUserProfileName) {
+ this.defaultUserProfileName = defaultUserProfileName;
+ }
}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowLoginAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowLoginAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowLoginAction.java
Thu May 8 04:39:25 2008
@@ -26,13 +26,13 @@
private boolean allowUserRegistration;
- private boolean enableOpenIDRegistration;
+ private boolean enableOpenIDLogin;
public String execute() throws Exception {
ParameterAdmin paramAdmin = new ParameterAdmin();
this.allowUserRegistration =
paramAdmin.getParameter(IdentityProviderConstants.PARAM_NAME_ALLOW_USER_REGISTRATION)
!= null;
- this.enableOpenIDRegistration =
paramAdmin.getParameter(IdentityProviderConstants.PARAM_NAME_ENABLE_OPENID_REGISTRATION)
!= null;
+ this.enableOpenIDLogin =
paramAdmin.getParameter(IdentityProviderConstants.PARAM_NAME_ENABLE_OPENID_LOGIN)
!= null;
loadMessages();
return SUCCESS;
@@ -42,8 +42,8 @@
return allowUserRegistration;
}
- public boolean isEnableOpenIDRegistration() {
- return enableOpenIDRegistration;
+ public boolean isEnableOpenIDLogin() {
+ return enableOpenIDLogin;
}
}
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowMainAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowMainAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowMainAction.java
Thu May 8 04:39:25 2008
@@ -75,7 +75,7 @@
ParameterAdmin paramAdmin = new ParameterAdmin();
this.enableOpenIDRegistration = paramAdmin
-
.getParameter(IdentityProviderConstants.PARAM_NAME_ENABLE_OPENID_REGISTRATION)
!= null;
+
.getParameter(IdentityProviderConstants.PARAM_NAME_ENABLE_OPENID_LOGIN) != null;
this.allowUserRegistration = paramAdmin
.getParameter(IdentityProviderConstants.PARAM_NAME_ALLOW_USER_REGISTRATION) !=
null;
@@ -103,7 +103,7 @@
// Right now we don't have a single method in UserStore, which
// returns
// the value of a single claim so we use a List.
- mapValues = userStore.getClaimValues(user, propertyNames);
+ mapValues = userStore.getClaimValues(user);
if (mapValues != null && !mapValues.isEmpty()) {
String openid = (String) mapValues
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowUserRegistrationAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowUserRegistrationAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/ShowUserRegistrationAction.java
Thu May 8 04:39:25 2008
@@ -16,6 +16,7 @@
package org.wso2.solutions.identity.user.ui.action;
+import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.admin.ClaimsAdmin;
import org.wso2.solutions.identity.persistence.dataobject.ClaimDO;
@@ -24,30 +25,29 @@
public class ShowUserRegistrationAction extends ManagedAction {
- private static final long serialVersionUID = 989738652983579280L;
+ private static final long serialVersionUID = 989738652983579280L;
- private List<ClaimDO> claims;
-
-
- @Override
- public String execute() throws Exception {
- //Get enabled claims
- ClaimsAdmin ClaimsAdmin = new ClaimsAdmin();
- ClaimDO[] claimDOs = ClaimsAdmin.getAllMappedEnabledClaims();
- claims = new ArrayList<ClaimDO>();
- for (int i = 0; i < claimDOs.length; i++) {
- if(claimDOs[i].isUserEditable()) {
- claims.add(claimDOs[i]);
- }
- }
-
- this.loadMessages();
- return SUCCESS;
- }
-
- public List getClaims() {
- return claims;
- }
+ private List<ClaimDO> claims;
+ @Override
+ public String execute() throws Exception {
+ // Get enabled claims
+ ClaimsAdmin ClaimsAdmin = new ClaimsAdmin();
+ ClaimDO[] claimDOs = ClaimsAdmin.getAllMappedEnabledClaims();
+ claims = new ArrayList<ClaimDO>();
+ for (int i = 0; i < claimDOs.length; i++) {
+ if (claimDOs[i].isUserEditable()
+ &&
!IdentityConstants.CLAIM_OPENID.equals(claimDOs[i].getUri())) {
+ claims.add(claimDOs[i]);
+ }
+ }
+
+ this.loadMessages();
+ return SUCCESS;
+ }
+
+ public List getClaims() {
+ return claims;
+ }
}
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UserRegistrationFormSubmitAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UserRegistrationFormSubmitAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UserRegistrationFormSubmitAction.java
Thu May 8 04:39:25 2008
@@ -89,7 +89,7 @@
ParameterAdmin paramAdmin = new ParameterAdmin();
boolean enableOpenIDRegistration = paramAdmin
-
.getParameter(IdentityProviderConstants.PARAM_NAME_ENABLE_OPENID_REGISTRATION)
!= null;
+
.getParameter(IdentityProviderConstants.PARAM_NAME_ENABLE_OPENID_LOGIN) != null;
String openid = null;
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/util/UserUtil.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/util/UserUtil.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/util/UserUtil.java
Thu May 8 04:39:25 2008
@@ -81,7 +81,7 @@
String user = iterator.next();
try {
- mapValues = userStore.getClaimValues(user, null);
+ mapValues = userStore.getClaimValues(user);
} catch (IdentityProviderException e) {
throw new RelyingPartyException(
IdentityConstants.ErrorCodes.CLAIM_RETRIEVAL_FAILED);
@@ -204,7 +204,7 @@
String user = iterator.next();
try {
- mapValues = userStore.getClaimValues(user, null);
+ mapValues = userStore.getClaimValues(user);
} catch (IdentityProviderException e) {
throw new RelyingPartyException(
IdentityConstants.ErrorCodes.CLAIM_RETRIEVAL_FAILED);
Modified: trunk/solutions/identity/modules/user-ui/src/main/resources/struts.xml
==============================================================================
--- trunk/solutions/identity/modules/user-ui/src/main/resources/struts.xml
(original)
+++ trunk/solutions/identity/modules/user-ui/src/main/resources/struts.xml
Thu May 8 04:39:25 2008
@@ -189,8 +189,8 @@
<action name="OpenIDUserApproval"
class="org.wso2.solutions.identity.user.ui.action.OpenIDUserApprovalAction">
- <result name="success"
type="redirect">server?_action=complete&authenticatedAndApproved=true</result>
- <result name="error"
type="redirect">server?_action=cancel&authenticatedAndApproved=false</result>
+ <result name="success"
type="redirect">server?_action=complete&userApproved=true</result>
+ <result name="error"
type="redirect">server?_action=cancel&userApproved=false</result>
</action>
<action name="UpdateOpenIDUserRP"
Modified: trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/login.jsp
==============================================================================
--- trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/login.jsp
(original)
+++ trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/login.jsp
Thu May 8 04:39:25 2008
@@ -92,7 +92,7 @@
first login with your username
and password and register a card.</div>
</td>
</tr>
- <s:if test="%{enableOpenIDRegistration}">
+ <s:if test="%{enableOpenIDLogin}">
<tr>
<td valign="top"><br />
<br />
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
