Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java @ 548:95a48e1f1a26 openid
Fix return_url handling and send params to client in header
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Fri, 27 Feb 2015 17:23:05 +0100 |
| parents | f9f1edd30b33 |
| children | fff43091ccc9 |
| rev | line source |
|---|---|
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2015 by Bundesamt fuer Strahlenschutz |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 * |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=3) |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 * the documentation coming with IMIS-Labordaten-Application for details. |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 */ |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 package de.intevation.lada.util.auth; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 import org.apache.log4j.Logger; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 import java.util.Map; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 import java.util.List; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 import java.util.LinkedHashMap; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 import java.net.URLDecoder; |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
17 import java.util.Date; |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
18 import java.util.Properties; |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
20 import java.io.InputStream; |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 import java.io.IOException; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 import javax.servlet.Filter; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 import javax.servlet.FilterChain; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 import javax.servlet.FilterConfig; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 import javax.servlet.ServletContext; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 import javax.servlet.ServletException; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 import javax.servlet.ServletRequest; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 import javax.servlet.ServletResponse; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 import javax.servlet.annotation.WebFilter; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 import javax.servlet.http.HttpServletRequest; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 import javax.servlet.http.HttpServletResponse; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 import javax.servlet.http.HttpServletRequestWrapper; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 import javax.servlet.http.HttpSession; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 import org.openid4java.association.AssociationSessionType; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 import org.openid4java.association.AssociationException; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 import org.openid4java.consumer.ConsumerManager; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 import org.openid4java.consumer.ConsumerException; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 import org.openid4java.consumer.InMemoryConsumerAssociationStore; |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
41 import org.openid4java.consumer.AbstractNonceVerifier; |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 import org.openid4java.message.ParameterList; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 import org.openid4java.consumer.VerificationResult; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 import org.openid4java.discovery.DiscoveryInformation; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 import org.openid4java.discovery.Identifier; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 import org.openid4java.discovery.DiscoveryException; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 import org.openid4java.message.MessageException; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 import org.openid4java.message.AuthRequest; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 /** ServletFilter used for OpenID authentification. */ |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 @WebFilter("/*") |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
52 public class OpenIDFilter implements Filter { |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
53 |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
54 private static final String CONFIG_FILE = "/openid.properties"; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
55 |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
56 /** The name of the header field used to transport OpenID parameters.*/ |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
57 private static final String OID_HEADER_DEFAULT = "X-OPENID-PARAMS"; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
58 private String oidHeader; |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
59 |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
60 /** The identity provider we accept here. */ |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
61 private static final String IDENTITY_PROVIDER_DEFAULT = |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
62 "https://localhost/openid/"; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
63 private String providerUrl; |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
64 |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
65 private static final int SESSION_TIMEOUT_DEFAULT_MINUTES = 60; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
66 private int sessionTimeout; |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
67 |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 private static Logger logger = Logger.getLogger(OpenIDFilter.class); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
70 /** Nonce verifier to allow a session based on openid information. |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
71 * |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
72 * Usually one would create a session for the user but this would not |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
73 * be an advantage here as we want to transport the session in a header |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
74 * anyway. |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
75 * |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
76 * A nonce will be valid as long as as the maxAge is not reached. |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
77 * This is implemented by the basis verifier. |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
78 * We only implement seed no mark that we accept nonce's multiple |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
79 * times. |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
80 */ |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
81 private class SessionNonceVerifier extends AbstractNonceVerifier { |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
82 public SessionNonceVerifier(int maxAge) { |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
83 super(maxAge); |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
84 } |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
85 |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
86 @Override |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
87 protected int seen(Date now, String opUrl, String nonce) { |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
88 return OK; |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
89 } |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
90 }; |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
91 |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
92 private ConsumerManager manager; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
93 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
94 /* This should be moved into a map <server->discovered> |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
95 * as we currently only supporting one server this is static. */ |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
96 boolean discoveryDone = false; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
97 private DiscoveryInformation discovered; |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
98 |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
99 private boolean discoverServer() { |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
100 /* Perform discovery on the configured providerUrl */ |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
101 List discoveries = null; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
102 try { |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
103 discoveries = manager.discover(providerUrl); |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 } catch (DiscoveryException e) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 logger.debug("Discovery failed: " + e.getMessage()); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
106 return false; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
107 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
108 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
109 if (discoveries == null || discoveries.isEmpty()) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
110 logger.error( |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
111 "Failed discovery step. OpenID provider unavailable?"); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
112 return false; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
113 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
114 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
115 /* Add association for the discovered information */ |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
116 discovered = manager.associate(discoveries); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
117 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
118 return true; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
119 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
120 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
121 /** Split up the OpenID response query provided in the header. |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
122 * |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
123 * @param responseQuery The query provided in the header field. |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
124 * @return The query as ParameterList or null on error. |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
125 */ |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
126 private ParameterList splitParams(String responseQuery) { |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
127 if (responseQuery == null) { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
128 return null; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
129 } |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
130 Map<String, String> queryMap = |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
131 new LinkedHashMap<String, String>(); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
132 final String[] pairs = responseQuery.split("&"); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
133 for (String pair : pairs) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
134 final int idx = pair.indexOf("="); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
135 if (idx <= 0) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
136 logger.debug("Invalid query."); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
137 return null; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
138 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
139 try { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
140 final String key = URLDecoder.decode( |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
141 pair.substring(0, idx), "UTF-8"); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
142 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
143 if (queryMap.containsKey(key)) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
144 logger.debug("Invalid query. Duplicate key: " + key); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
145 return null; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
146 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
147 final String value = URLDecoder.decode( |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
148 pair.substring(idx + 1), "UTF-8"); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
149 queryMap.put(key, value); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
150 } catch (java.io.UnsupportedEncodingException e) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
151 logger.error("UTF-8 unkown?!"); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
152 return null; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
153 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
154 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
155 if (queryMap.isEmpty()) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
156 logger.debug("Empty query."); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
157 return null; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
158 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
159 return new ParameterList(queryMap); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
160 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
161 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
162 private boolean checkOpenIDHeader(ServletRequest req) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
163 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
164 HttpServletRequest hReq = (HttpServletRequest) req; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
165 /* First check if the header is provided at all */ |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
166 String oidParamString = hReq.getHeader(oidHeader); |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
167 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
168 if (oidParamString == null) { |
|
548
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
169 logger.debug("Header " + oidHeader + " not provided. Trying params."); |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
170 oidParamString = hReq.getQueryString(); |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
171 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
172 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
173 /* Parse the parameters to a map for openid4j */ |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
174 ParameterList oidParams = splitParams(oidParamString); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
175 if (oidParams == null) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
176 return false; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
177 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
178 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
179 /* Verify against the discovered server. */ |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
180 VerificationResult verification = null; |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
181 /* extract the receiving URL from the HTTP request */ |
|
548
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
182 String receivingURL = hReq.getRequestURL().toString(); |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
183 |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
184 if (!receivingURL.contains("?is_return=true&")) { |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
185 receivingURL += "?is_return=true&"; |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
186 } |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
187 /* XXX this is broken and does not work as that information only |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
188 * authenticates this Return url and not any other URL. We have |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
189 * to change this. */ |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
190 receivingURL.replace("localhost", "127.0.0.1"); |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
191 |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
192 try { |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
193 verification = manager.verify(receivingURL.toString(), oidParams, |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
194 discovered); |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
195 } catch (MessageException e) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
196 logger.debug("Verification failed: " + e.getMessage()); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
197 return false; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
198 } catch (DiscoveryException e) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
199 logger.debug("Verification discovery exception: " + e.getMessage()); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
200 return false; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
201 } catch (AssociationException e) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
202 logger.debug("Verification assoc exception: " + e.getMessage()); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
203 return false; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
204 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
205 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
206 /* See what could be verified */ |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
207 Identifier verified = verification.getVerifiedId(); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
208 if (verified == null) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
209 logger.debug("Failed to verify Identity information: " + |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
210 verification.getStatusMsg()); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
211 return false; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
212 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
213 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
214 logger.debug("Verified user: " + verified); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
215 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
216 return true; |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
217 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
218 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
219 @Override |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
220 public void init(FilterConfig config) |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
221 throws ServletException |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
222 { |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
223 /* Read config and initialize configuration variables */ |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
224 Properties properties = new Properties(); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
225 InputStream stream = null; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
226 try { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
227 stream = getClass().getResourceAsStream(CONFIG_FILE); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
228 properties.load(stream); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
229 stream.close(); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
230 } catch (java.io.FileNotFoundException e) { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
231 logger.error ("Failed to find config file: " + CONFIG_FILE); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
232 } catch (java.io.IOException e) { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
233 logger.error ("Failed to read config file: " + CONFIG_FILE); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
234 } |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
235 try { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
236 sessionTimeout = Integer.parseInt( |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
237 properties.getProperty("session_timeout_minutes")); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
238 } catch (NumberFormatException e) { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
239 sessionTimeout = SESSION_TIMEOUT_DEFAULT_MINUTES; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
240 } |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
241 oidHeader = properties.getProperty("oidHeader", OID_HEADER_DEFAULT); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
242 providerUrl = properties.getProperty("identity_provider", |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
243 IDENTITY_PROVIDER_DEFAULT); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
244 |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
245 manager = new ConsumerManager(); |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
246 /* We probably want to implement our own association store to keep |
|
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
247 * associations persistent. */ |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
248 manager.setAssociations(new InMemoryConsumerAssociationStore()); |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
249 manager.setNonceVerifier(new SessionNonceVerifier(sessionTimeout)); |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
250 manager.setMinAssocSessEnc(AssociationSessionType.DH_SHA256); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
251 discoveryDone = discoverServer(); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
252 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
253 |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
254 @Override |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
255 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
256 throws IOException, ServletException |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
257 { |
|
548
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
258 HttpServletRequest hReq = (HttpServletRequest) req; |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
259 HttpServletResponse hResp = (HttpServletResponse) resp; |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
260 if (!discoveryDone) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
261 discoveryDone = discoverServer(); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
262 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
263 if (discoveryDone && checkOpenIDHeader(req)) { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
264 /** Successfully authenticated. */ |
|
548
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
265 hResp.addHeader(oidHeader, hReq.getQueryString().replace( |
|
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
266 "is_return=true","")); |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
267 chain.doFilter(req, resp); |
|
546
b691c8697e6f
Implement pseudo session based on OpenID nonce
Andre Heinecke <andre.heinecke@intevation.de>
parents:
545
diff
changeset
|
268 return; |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
269 } |
|
547
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
270 String authRequestURL = "Error communicating with openid server"; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
271 if (discoveryDone) { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
272 /* Get the authentication url for this server. */ |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
273 try { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
274 String returnToUrl = hReq.getRequestURL().toString() |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
275 + "?is_return=true"; |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
276 AuthRequest authReq = manager.authenticate(discovered, |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
277 returnToUrl); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
278 authRequestURL = authReq.getDestinationUrl(true); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
279 } catch (MessageException e) { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
280 logger.debug("Failed to create the Authentication request: " + |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
281 e.getMessage()); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
282 } catch (ConsumerException e) { |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
283 logger.debug("Error in consumer manager: " + |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
284 e.getMessage()); |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
285 } |
|
f9f1edd30b33
Get openid configuration from properties file and start on return url handling
Andre Heinecke <andre.heinecke@intevation.de>
parents:
546
diff
changeset
|
286 } |
|
548
95a48e1f1a26
Fix return_url handling and send params to client in header
Andre Heinecke <andre.heinecke@intevation.de>
parents:
547
diff
changeset
|
287 hResp.sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" + |
|
545
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
288 "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," + |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
289 "\"readonly\":false,\"totalCount\":0}"); |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
290 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
291 @Override |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
292 public void destroy() |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
293 { |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
294 } |
|
8e3f57e2f4af
Change openID authentication to a filter.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
295 }; |