in geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java [141:266]
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
boolean isMandatory = isMandatory(messageInfo);
HttpSession session = request.getSession(isMandatory);
String uri = request.getRequestURI();
if (session == null || isLoginOrErrorPage(uri)) {
//auth not mandatory and not logged in.
return AuthStatus.SUCCESS;
}
//are we returning from the OP redirect?
if (uri.endsWith(RETURN_ADDRESS)) {
ParameterList parameterList = new ParameterList(request.getParameterMap());
DiscoveryInformation discovered = (DiscoveryInformation) session.getAttribute(DISCOVERY_SESSION_KEY);
String returnAddress = (String) session.getAttribute(RETURN_ADDRESS_KEY);
session.removeAttribute(RETURN_ADDRESS_KEY);
try {
VerificationResult verification = consumerManager.verify(returnAddress, parameterList, discovered);
Identifier identifier = verification.getVerifiedId();
if (identifier != null) {
session.setAttribute(ID_KEY, identifier);
//redirect back to original page
response.setContentLength(0);
String originalURI = (String) session.getAttribute(ORIGINAL_URI_KEY);
session.removeAttribute(ORIGINAL_URI_KEY);
if (originalURI == null || originalURI.length() == 0) {
originalURI = request.getContextPath();
if (originalURI.length() == 0) {
originalURI = "/";
}
}
response.sendRedirect(response.encodeRedirectURL(originalURI));
return AuthStatus.SEND_CONTINUE;
}
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Response verification failed: " + verification.getStatusMsg());
// } catch (MessageException e) {
//
// } catch (DiscoveryException e) {
//
// } catch (AssociationException e) {
//
// } catch (IOException e) {
} catch (Exception e) {
try {
//TODO redirect to error page or just send error
response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
} catch (IOException e1) {
}
}
return AuthStatus.SEND_FAILURE;
}
//are we already logged in, and not expired?
Identifier identifier = (Identifier) session.getAttribute(ID_KEY);
if (identifier != null) {
//TODO set up subject and callback handler.
final IdentifierPrincipal principal = new IdentifierPrincipal(identifier.getIdentifier());
clientSubject.getPrincipals().add(principal);
clientSubject.getPrincipals().add(new AuthenticatedPrincipal());
DiscoveryInformation discovered = (DiscoveryInformation) session.getAttribute(DISCOVERY_SESSION_KEY);
URL opEndpoint = discovered.getOPEndpoint();
clientSubject.getPrincipals().add(new OpenIDProviderPrincipal(opEndpoint.toString()));
CallerPrincipalCallback cpCallback = new CallerPrincipalCallback(clientSubject, principal);
GroupPrincipalCallback gpCallback = new GroupPrincipalCallback(clientSubject, new String[]{"authenticated"});
try {
callbackHandler.handle(new Callback[]{cpCallback, gpCallback});
} catch (IOException e) {
} catch (UnsupportedCallbackException e) {
}
return AuthStatus.SUCCESS;
}
//if request is not mandatory, we don't authenticate.
if (!isMandatory) {
return AuthStatus.SUCCESS;
}
//assume not...
String openidIdentifier = request.getParameter(OPENID_IDENTIFIER);
try {
//redirect to login page here...
if (openidIdentifier == null) {
// redirect to login page
session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(addPaths(request.getContextPath(), loginPage)));
return AuthStatus.SEND_CONTINUE;
}
List<DiscoveryInformation> discoveries = consumerManager.discover(openidIdentifier);
//associate with one OP
DiscoveryInformation discovered = consumerManager.associate(discoveries);
//save association info in session
session.setAttribute(DISCOVERY_SESSION_KEY, discovered);
String returnAddress = request.getRequestURL().append(RETURN_ADDRESS).toString();
AuthRequest authRequest = consumerManager.authenticate(discovered, returnAddress);
session.setAttribute(RETURN_ADDRESS_KEY, authRequest.getReturnTo());
//save original uri in response, to be retrieved after redirect returns
if (session.getAttribute(ORIGINAL_URI_KEY) == null) {
session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
}
//TODO openid 2.0 form redirect
response.sendRedirect(authRequest.getDestinationUrl(true));
return AuthStatus.SEND_CONTINUE;
} catch (DiscoveryException e) {
throw (AuthException) new AuthException("Could not authenticate").initCause(e);
} catch (ConsumerException e) {
throw (AuthException) new AuthException("Could not authenticate").initCause(e);
} catch (MessageException e) {
throw (AuthException) new AuthException("Could not authenticate").initCause(e);
} catch (IOException e) {
throw (AuthException) new AuthException("Could not authenticate").initCause(e);
}
// return null;
}