Mercurial > lada > lada-server

comparison src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java @ 567:0e46adb8fcc5 openid

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Get user roles from openid server
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 13 Mar 2015 17:05:27 +0100
parents ac953bee7246
children fb1f7418e1fc
comparison
equal deleted inserted replaced
555:ac953bee7246 567:0e46adb8fcc5
45 import org.openid4java.discovery.DiscoveryInformation; 45 import org.openid4java.discovery.DiscoveryInformation;
46 import org.openid4java.discovery.Identifier; 46 import org.openid4java.discovery.Identifier;
47 import org.openid4java.discovery.DiscoveryException; 47 import org.openid4java.discovery.DiscoveryException;
48 import org.openid4java.message.MessageException; 48 import org.openid4java.message.MessageException;
49 import org.openid4java.message.AuthRequest; 49 import org.openid4java.message.AuthRequest;
50 import org.openid4java.message.AuthSuccess;
51 import org.openid4java.message.ax.AxMessage;
52 import org.openid4java.message.ax.FetchRequest;
53 import org.openid4java.message.ax.FetchResponse;
50 54
51 /** ServletFilter used for OpenID authentification. */ 55 /** ServletFilter used for OpenID authentification. */
52 @WebFilter("/*") 56 @WebFilter("/*")
53 public class OpenIDFilter implements Filter { 57 public class OpenIDFilter implements Filter {
54 58
214 Identifier verified = verification.getVerifiedId(); 218 Identifier verified = verification.getVerifiedId();
215 if (verified == null) { 219 if (verified == null) {
216 logger.debug("Failed to verify Identity information: " + 220 logger.debug("Failed to verify Identity information: " +
217 verification.getStatusMsg()); 221 verification.getStatusMsg());
218 return false; 222 return false;
223 }
224
225 AuthSuccess authSuccess =
226 (AuthSuccess) verification.getAuthResponse();
227 String rolesValue;
228 if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
229 FetchResponse fetchResp = null;
230 try {
231 fetchResp = (FetchResponse) authSuccess.getExtension(
232 AxMessage.OPENID_NS_AX);
233 } catch (MessageException e) {
234 logger.debug("Failed to fetch extended result: " +
235 e.getMessage());
236 return false;
237 }
238 String roles = fetchResp.getAttributeValue("attr1");
239 logger.debug("Roles are: " + roles);
240 } else {
241 logger.debug("No such extension.");
219 } 242 }
220 243
221 logger.debug("Verified user: " + verified); 244 logger.debug("Verified user: " + verified);
222 245
223 return true; 246 return true;
300 return; 323 return;
301 } else { 324 } else {
302 returnToUrl = params.getParameterValue("return_to"); 325 returnToUrl = params.getParameterValue("return_to");
303 } 326 }
304 try { 327 try {
305 /*
306 String returnToUrl = hReq.getRequestURL().toString()
307 + "?is_return=true";*/
308 AuthRequest authReq = manager.authenticate(discovered, 328 AuthRequest authReq = manager.authenticate(discovered,
309 returnToUrl); 329 returnToUrl);
330 // Fetch the role attribute
331 FetchRequest fetch = FetchRequest.createFetchRequest();
332
333 fetch.addAttribute("attr1",
334 "http://axschema.org/person/role",
335 true, 0);
336 // attach the extension to the authentication request
337 authReq.addExtension(fetch);
338
310 authRequestURL = authReq.getDestinationUrl(true); 339 authRequestURL = authReq.getDestinationUrl(true);
311 errorCode = 699; 340 errorCode = 699;
312 } catch (MessageException e) { 341 } catch (MessageException e) {
313 logger.debug("Failed to create the Authentication request: " + 342 logger.debug("Failed to create the Authentication request: " +
314 e.getMessage()); 343 e.getMessage());
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)