You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2008/11/01 17:03:01 UTC
svn commit: r709716 - in /geronimo/components/jaspi/trunk:
geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/
geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/
Author: djencks
Date: Sat Nov 1 09:03:00 2008
New Revision: 709716
URL: http://svn.apache.org/viewvc?rev=709716&view=rev
Log:
GERONIMO-3417 Error message fix in AuthModule code, make the openid auth modules work
Modified:
geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java
geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java
geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java
geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java
Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java (original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java Sat Nov 1 09:03:00 2008
@@ -21,12 +21,33 @@
package org.apache.geronimo.components.jaspi.modules.openid;
import java.security.Principal;
+import java.io.Serializable;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
-public class AuthenticatedPrincipal implements Principal {
+public class AuthenticatedPrincipal implements Principal, Serializable {
+ private static final String AUTHENTICATED = "authenticated";
+
+ public AuthenticatedPrincipal() {
+ }
+
+ public AuthenticatedPrincipal(String ignoredName) {
+ }
+
public String getName() {
- return "authenticated";
+ return AUTHENTICATED;
}
+
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ return true;
+ }
+
+ public int hashCode() {
+ return (AUTHENTICATED.hashCode());
+ }
+
}
Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java (original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java Sat Nov 1 09:03:00 2008
@@ -21,11 +21,12 @@
package org.apache.geronimo.components.jaspi.modules.openid;
import java.security.Principal;
+import java.io.Serializable;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
-public class IdentifierPrincipal implements Principal {
+public class IdentifierPrincipal implements Principal, Serializable {
private final String name;
public IdentifierPrincipal(String identifier) {
@@ -35,4 +36,19 @@
public String getName() {
return name;
}
+
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ IdentifierPrincipal principal = (IdentifierPrincipal) o;
+
+ if (name != null ? !name.equals(principal.name) : principal.name != null) return false;
+
+ return true;
+ }
+
+ public int hashCode() {
+ return (name != null ? name.hashCode() : 0);
+ }
}
Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java (original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java Sat Nov 1 09:03:00 2008
@@ -21,11 +21,12 @@
package org.apache.geronimo.components.jaspi.modules.openid;
import java.security.Principal;
+import java.io.Serializable;
/**
* @version $Rev$ $Date$
*/
-public class OpenIDProviderPrincipal implements Principal {
+public class OpenIDProviderPrincipal implements Principal, Serializable {
private final String name;
public OpenIDProviderPrincipal(String identifier) {
@@ -35,4 +36,19 @@
public String getName() {
return name;
}
+
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ OpenIDProviderPrincipal that = (OpenIDProviderPrincipal) o;
+
+ if (name != null ? !name.equals(that.name) : that.name != null) return false;
+
+ return true;
+ }
+
+ public int hashCode() {
+ return (name != null ? name.hashCode() : 0);
+ }
}
\ No newline at end of file
Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java (original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java Sat Nov 1 09:03:00 2008
@@ -64,6 +64,7 @@
private static final String DISCOVERY_SESSION_KEY = "openid-disc";
private static final String RETURN_ADDRESS = "/_openid_security_check";
private static final String ORIGINAL_URI_KEY = "org.apache.geronimo.components.jaspi.openid.URI";
+ private static final String RETURN_ADDRESS_KEY = "org.apache.geronimo.components.jaspi.openid.return.address";
private CallbackHandler callbackHandler;
private ConsumerManager consumerManager;
@@ -74,7 +75,7 @@
}
public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException {
- this.callbackHandler = callbackHandler;
+ this.callbackHandler = handler;
try {
consumerManager = new ConsumerManager();
} catch (ConsumerException e) {
@@ -93,7 +94,8 @@
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
- HttpSession session = request.getSession(isMandatory(messageInfo));
+ boolean isMandatory = isMandatory(messageInfo);
+ HttpSession session = request.getSession(isMandatory);
//auth not mandatory and not logged in.
if (session == null) {
return AuthStatus.SUCCESS;
@@ -104,18 +106,23 @@
if (uri.endsWith(RETURN_ADDRESS)) {
ParameterList parameterList = new ParameterList(request.getParameterMap());
DiscoveryInformation discovered = (DiscoveryInformation) session.getAttribute(DISCOVERY_SESSION_KEY);
- //TODO what if its missing?
- String originalURI = (String) session.getAttribute(ORIGINAL_URI_KEY);
+ String returnAddress = (String) session.getAttribute(RETURN_ADDRESS_KEY);
+ session.removeAttribute(RETURN_ADDRESS_KEY);
try {
- //TODO is originalURI correct for verify call???
- VerificationResult verification = consumerManager.verify(originalURI, parameterList, discovered);
+ VerificationResult verification = consumerManager.verify(returnAddress, parameterList, discovered);
Identifier identifier = verification.getVerifiedId();
- session.setAttribute(ID_KEY, identifier);
- //redirect back to original page
- session.removeAttribute(ORIGINAL_URI_KEY);
- response.setContentLength(0);
- response.sendRedirect(response.encodeRedirectURL(originalURI));
- return AuthStatus.SEND_CONTINUE;
+
+ if (identifier != null) {
+ session.setAttribute(ID_KEY, identifier);
+ //redirect back to original page
+ response.setContentLength(0);
+ String originalURI = (String) session.getAttribute(ORIGINAL_URI_KEY);
+ session.removeAttribute(ORIGINAL_URI_KEY);
+ response.sendRedirect(response.encodeRedirectURL(originalURI));
+ return AuthStatus.SEND_CONTINUE;
+ }
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "Response verification failed: " + verification.getStatusMsg());
+
// } catch (MessageException e) {
//
// } catch (DiscoveryException e) {
@@ -156,9 +163,17 @@
return AuthStatus.SUCCESS;
}
+ //if request is not mandatory, we don't authenticate.
+ if (!isMandatory) {
+ return AuthStatus.SUCCESS;
+ }
//assume not...
String openidIdentifier = request.getParameter(OPENID_IDENTIFIER);
+ //redirect to login page here...
+ if (openidIdentifier == null) {
+
+ }
try {
List<DiscoveryInformation> discoveries = consumerManager.discover(openidIdentifier);
//associate with one OP
@@ -166,8 +181,10 @@
//save association info in session
session.setAttribute(DISCOVERY_SESSION_KEY, discovered);
- AuthRequest authRequest = consumerManager.authenticate(discovered, RETURN_ADDRESS);
-
+ String returnAddress = request.getRequestURL().append(RETURN_ADDRESS).toString();
+ AuthRequest authRequest = consumerManager.authenticate(discovered, returnAddress);
+ session.setAttribute(RETURN_ADDRESS_KEY, authRequest.getReturnTo());
+
//save original uri in response, to be retrieved after redirect returns
session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
@@ -212,7 +229,7 @@
}
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
- return AuthStatus.SUCCESS;
+ return AuthStatus.SEND_SUCCESS;
}
}
Modified: geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java (original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java Sat Nov 1 09:03:00 2008
@@ -150,7 +150,7 @@
authModuleTypeOptions.setObject(reader, context, authModuleType, options);
} else {
- context.unexpectedElement(elementReader, new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "className"), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "requestPolicy"), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "responsePolicy"), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "options"));
+ context.unexpectedElement(elementReader, new QName(elementReader.getNamespaceURI(), elementReader.getLocalName()), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "requestPolicy"), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "responsePolicy"), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "options"));
}
}