You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2008/11/02 19:06:41 UTC
svn commit: r709897 - in
/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src:
main/java/org/apache/geronimo/components/jaspi/modules/openid/
test/java/org/apache/geronimo/components/jaspi/modules/openid/
Author: djencks
Date: Sun Nov 2 10:06:41 2008
New Revision: 709897
URL: http://svn.apache.org/viewvc?rev=709897&view=rev
Log:
add login page options
Modified:
geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java
Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java?rev=709897&r1=709896&r2=709897&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java (original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java Sun Nov 2 10:06:41 2008
@@ -20,36 +20,36 @@
package org.apache.geronimo.components.jaspi.modules.openid;
-import java.util.Map;
-import java.util.List;
import java.io.IOException;
import java.net.URL;
+import java.util.List;
+import java.util.Map;
-import javax.security.auth.message.module.ServerAuthModule;
-import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
-import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.Subject;
+import javax.security.auth.message.module.ServerAuthModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.ConsumerException;
+import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
-import org.openid4java.message.MessageException;
import org.openid4java.message.AuthRequest;
+import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
/**
@@ -57,7 +57,7 @@
*/
public class OpenIDServerAuthModule implements ServerAuthModule {
- private static final Class[] SUPPORTED_MESSAGE_TYPES = new Class[] {HttpServletRequest.class, HttpServletResponse.class};
+ private static final Class[] SUPPORTED_MESSAGE_TYPES = new Class[]{HttpServletRequest.class, HttpServletResponse.class};
public static final String MANDATORY_KEY = "javax.security.auth.message.MessagePolicy.isMandatory";
public static final String AUTH_METHOD_KEY = "javax.servlet.http.authType";
private static final String OPENID_IDENTIFIER = "openid_identifier";
@@ -66,6 +66,14 @@
private static final String ORIGINAL_URI_KEY = "org.apache.geronimo.components.jaspi.openid.URI";
private static final String RETURN_ADDRESS_KEY = "org.apache.geronimo.components.jaspi.openid.return.address";
+ public static final String LOGIN_PAGE_KEY = "org.apache.geronimo.security.jaspi.openid.LoginPage";
+ public static final String ERROR_PAGE_KEY = "org.apache.geronimo.security.jaspi.openid.ErrorPage";
+
+ private String errorPage;
+ private String errorPath;
+ private String loginPage;
+ private String loginPath;
+
private CallbackHandler callbackHandler;
private ConsumerManager consumerManager;
private static final String ID_KEY = "org.apache.geronimo.components.jaspi.openid.ID";
@@ -75,17 +83,56 @@
}
public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException {
+ if (options == null) {
+ throw new AuthException("No options supplied");
+ }
this.callbackHandler = handler;
try {
consumerManager = new ConsumerManager();
} catch (ConsumerException e) {
- throw (AuthException)new AuthException("Unable to create ConsumerManager").initCause(e);
+ throw (AuthException) new AuthException("Unable to create ConsumerManager").initCause(e);
}
consumerManager.setAssociations(new InMemoryConsumerAssociationStore());
consumerManager.setNonceVerifier(new InMemoryNonceVerifier(5000));
//??
consumerManager.getRealmVerifier().setEnforceRpId(false);
+ setLoginPage((String) options.get(LOGIN_PAGE_KEY));
+ setErrorPage((String) options.get(ERROR_PAGE_KEY));
+ }
+
+ private void setLoginPage(String path) throws AuthException {
+ if (path == null) {
+ throw new AuthException("No login page specified with key " + LOGIN_PAGE_KEY);
+ }
+ if (!path.startsWith("/")) {
+ path = "/" + path;
+ }
+ loginPage = path;
+ loginPath = path;
+ if (loginPath.indexOf('?') > 0) {
+ loginPath = loginPath.substring(0, loginPath.indexOf('?'));
+ }
+ }
+
+ private void setErrorPage(String path) throws AuthException {
+ if (path == null) {
+ throw new AuthException("No error page specified with key " + ERROR_PAGE_KEY);
+ }
+ if (path == null || path.trim().length() == 0) {
+ errorPath = null;
+ errorPage = null;
+ } else {
+ if (!path.startsWith("/")) {
+ path = "/" + path;
+ }
+ errorPage = path;
+ errorPath = path;
+
+ if (errorPath.indexOf('?') > 0) {
+ errorPath = errorPath.substring(0, errorPath.indexOf('?'));
+ }
+ }
}
public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
@@ -96,11 +143,11 @@
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
boolean isMandatory = isMandatory(messageInfo);
HttpSession session = request.getSession(isMandatory);
- //auth not mandatory and not logged in.
- if (session == null) {
+ String uri = request.getPathInfo();
+ if (session == null || isLoginOrErrorPage(uri)) {
+ //auth not mandatory and not logged in.
return AuthStatus.SUCCESS;
}
- String uri = request.getPathInfo();
//are we returning from the OP redirect?
if (uri.endsWith(RETURN_ADDRESS)) {
@@ -118,6 +165,12 @@
response.setContentLength(0);
String originalURI = (String) session.getAttribute(ORIGINAL_URI_KEY);
session.removeAttribute(ORIGINAL_URI_KEY);
+ if (originalURI == null || originalURI.length() == 0) {
+ originalURI = request.getContextPath();
+ if (originalURI.length() == 0) {
+ originalURI = "/";
+ }
+ }
response.sendRedirect(response.encodeRedirectURL(originalURI));
return AuthStatus.SEND_CONTINUE;
}
@@ -152,9 +205,9 @@
URL opEndpoint = discovered.getOPEndpoint();
clientSubject.getPrincipals().add(new OpenIDProviderPrincipal(opEndpoint.toString()));
CallerPrincipalCallback cpCallback = new CallerPrincipalCallback(clientSubject, principal);
- GroupPrincipalCallback gpCallback = new GroupPrincipalCallback(clientSubject, new String[] {"authenticated"});
+ GroupPrincipalCallback gpCallback = new GroupPrincipalCallback(clientSubject, new String[]{"authenticated"});
try {
- callbackHandler.handle(new Callback[] {cpCallback, gpCallback});
+ callbackHandler.handle(new Callback[]{cpCallback, gpCallback});
} catch (IOException e) {
} catch (UnsupportedCallbackException e) {
@@ -170,11 +223,16 @@
//assume not...
String openidIdentifier = request.getParameter(OPENID_IDENTIFIER);
- //redirect to login page here...
- if (openidIdentifier == null) {
-
- }
try {
+ //redirect to login page here...
+ if (openidIdentifier == null) {
+ // redirect to login page
+ session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
+ response.setContentLength(0);
+ response.sendRedirect(response.encodeRedirectURL(addPaths(request.getContextPath(), loginPage)));
+ return AuthStatus.SEND_CONTINUE;
+
+ }
List<DiscoveryInformation> discoveries = consumerManager.discover(openidIdentifier);
//associate with one OP
DiscoveryInformation discovered = consumerManager.associate(discoveries);
@@ -184,14 +242,16 @@
String returnAddress = request.getRequestURL().append(RETURN_ADDRESS).toString();
AuthRequest authRequest = consumerManager.authenticate(discovered, returnAddress);
session.setAttribute(RETURN_ADDRESS_KEY, authRequest.getReturnTo());
-
+
//save original uri in response, to be retrieved after redirect returns
- session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
+ if (session.getAttribute(ORIGINAL_URI_KEY) == null) {
+ session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
+ }
//TODO openid 2.0 form redirect
response.sendRedirect(authRequest.getDestinationUrl(true));
return AuthStatus.SEND_CONTINUE;
-
+
} catch (DiscoveryException e) {
throw (AuthException) new AuthException("Could not authenticate").initCause(e);
} catch (ConsumerException e) {
@@ -202,10 +262,32 @@
throw (AuthException) new AuthException("Could not authenticate").initCause(e);
}
-
// return null;
}
+ private boolean isLoginOrErrorPage(String uri) {
+ return (uri != null &&
+ (uri.equals(loginPage) || uri.equals(errorPage)));
+ }
+
+ private String addPaths(String p1, String p2) {
+ StringBuilder b = new StringBuilder(p1);
+ if (p1.endsWith("/")) {
+ if (p2.startsWith("/")) {
+ b.append(p2, 1, p2.length() - 1);
+ } else {
+ b.append(p2);
+ }
+ } else {
+ if (!p2.startsWith("/")) {
+ b.append("/");
+ }
+ b.append(p2);
+ }
+
+ return b.toString();
+ }
+
private StringBuilder getFullRequestURI(HttpServletRequest request) {
StringBuilder builder = new StringBuilder();
builder.append(request.getScheme()).append("://");
@@ -222,7 +304,7 @@
private boolean isMandatory(MessageInfo messageInfo) {
String mandatory = (String) messageInfo.getMap().get(MANDATORY_KEY);
- if (mandatory == null){
+ if (mandatory == null) {
return false;
}
return Boolean.valueOf(mandatory);
Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java?rev=709897&r1=709896&r2=709897&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java (original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java Sun Nov 2 10:06:41 2008
@@ -20,6 +20,9 @@
package org.apache.geronimo.components.jaspi.modules.openid;
+import java.util.Map;
+import java.util.HashMap;
+
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
@@ -44,6 +47,10 @@
AuthConfigFactory factory1 = AuthConfigFactory.getFactory();
AuthModuleType<ServerAuthModule> authModuleType = new AuthModuleType<ServerAuthModule>();
authModuleType.setClassName(OpenIDServerAuthModule.class.getName());
+ Map<String, String> options = new HashMap<String, String>();
+ options.put(OpenIDServerAuthModule.LOGIN_PAGE_KEY, "/login.jsp");
+ options.put(OpenIDServerAuthModule.ERROR_PAGE_KEY, "/error.jsp");
+ authModuleType.setOptions(options);
AuthConfigProvider authConfigProvider = JaspiUtil.wrapServerAuthModule("Http", "testApp", "id", authModuleType, true, new ConstantClassLoaderLookup(getClass().getClassLoader()));
factory1.registerConfigProvider(authConfigProvider, "Http", "testApp", "description");
AuthConfigProvider authConfigProvider2 = factory1.getConfigProvider("Http", "testApp", null);