Mercurial > lada > lada-server
comparison src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java @ 567:0e46adb8fcc5 openid
Get user roles from openid server
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Fri, 13 Mar 2015 17:05:27 +0100 |
parents | ac953bee7246 |
children | fb1f7418e1fc |
comparison
equal
deleted
inserted
replaced
555:ac953bee7246 | 567:0e46adb8fcc5 |
---|---|
45 import org.openid4java.discovery.DiscoveryInformation; | 45 import org.openid4java.discovery.DiscoveryInformation; |
46 import org.openid4java.discovery.Identifier; | 46 import org.openid4java.discovery.Identifier; |
47 import org.openid4java.discovery.DiscoveryException; | 47 import org.openid4java.discovery.DiscoveryException; |
48 import org.openid4java.message.MessageException; | 48 import org.openid4java.message.MessageException; |
49 import org.openid4java.message.AuthRequest; | 49 import org.openid4java.message.AuthRequest; |
50 import org.openid4java.message.AuthSuccess; | |
51 import org.openid4java.message.ax.AxMessage; | |
52 import org.openid4java.message.ax.FetchRequest; | |
53 import org.openid4java.message.ax.FetchResponse; | |
50 | 54 |
51 /** ServletFilter used for OpenID authentification. */ | 55 /** ServletFilter used for OpenID authentification. */ |
52 @WebFilter("/*") | 56 @WebFilter("/*") |
53 public class OpenIDFilter implements Filter { | 57 public class OpenIDFilter implements Filter { |
54 | 58 |
214 Identifier verified = verification.getVerifiedId(); | 218 Identifier verified = verification.getVerifiedId(); |
215 if (verified == null) { | 219 if (verified == null) { |
216 logger.debug("Failed to verify Identity information: " + | 220 logger.debug("Failed to verify Identity information: " + |
217 verification.getStatusMsg()); | 221 verification.getStatusMsg()); |
218 return false; | 222 return false; |
223 } | |
224 | |
225 AuthSuccess authSuccess = | |
226 (AuthSuccess) verification.getAuthResponse(); | |
227 String rolesValue; | |
228 if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { | |
229 FetchResponse fetchResp = null; | |
230 try { | |
231 fetchResp = (FetchResponse) authSuccess.getExtension( | |
232 AxMessage.OPENID_NS_AX); | |
233 } catch (MessageException e) { | |
234 logger.debug("Failed to fetch extended result: " + | |
235 e.getMessage()); | |
236 return false; | |
237 } | |
238 String roles = fetchResp.getAttributeValue("attr1"); | |
239 logger.debug("Roles are: " + roles); | |
240 } else { | |
241 logger.debug("No such extension."); | |
219 } | 242 } |
220 | 243 |
221 logger.debug("Verified user: " + verified); | 244 logger.debug("Verified user: " + verified); |
222 | 245 |
223 return true; | 246 return true; |
300 return; | 323 return; |
301 } else { | 324 } else { |
302 returnToUrl = params.getParameterValue("return_to"); | 325 returnToUrl = params.getParameterValue("return_to"); |
303 } | 326 } |
304 try { | 327 try { |
305 /* | |
306 String returnToUrl = hReq.getRequestURL().toString() | |
307 + "?is_return=true";*/ | |
308 AuthRequest authReq = manager.authenticate(discovered, | 328 AuthRequest authReq = manager.authenticate(discovered, |
309 returnToUrl); | 329 returnToUrl); |
330 // Fetch the role attribute | |
331 FetchRequest fetch = FetchRequest.createFetchRequest(); | |
332 | |
333 fetch.addAttribute("attr1", | |
334 "http://axschema.org/person/role", | |
335 true, 0); | |
336 // attach the extension to the authentication request | |
337 authReq.addExtension(fetch); | |
338 | |
310 authRequestURL = authReq.getDestinationUrl(true); | 339 authRequestURL = authReq.getDestinationUrl(true); |
311 errorCode = 699; | 340 errorCode = 699; |
312 } catch (MessageException e) { | 341 } catch (MessageException e) { |
313 logger.debug("Failed to create the Authentication request: " + | 342 logger.debug("Failed to create the Authentication request: " + |
314 e.getMessage()); | 343 e.getMessage()); |