# HG changeset patch
# User Raimund Renkert <raimund.renkert@intevation.de>
# Date 1429191926 -7200
# Node ID 03864256fafa871f19e56ad6409473bb1f4e593e
# Parent  6c2921100b7f62a6d4564dc1d2faaf63b84d0f90
Split header and query authentication.

diff -r 6c2921100b7f -r 03864256fafa src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java
--- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Thu Apr 16 15:44:19 2015 +0200
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Thu Apr 16 15:45:26 2015 +0200
@@ -166,6 +166,17 @@
         return new ParameterList(queryMap);
     }
 
+    private boolean checkOpenIDQuery(ServletRequest req) {
+        HttpServletRequest hReq = (HttpServletRequest) req;
+
+        String oidParamString = hReq.getQueryString();
+
+        if (oidParamString == null) {
+            logger.debug("No query string.");
+        }
+        return checkOpenIDString(hReq, oidParamString);
+    }
+
     private boolean checkOpenIDHeader(ServletRequest req) {
 
         HttpServletRequest hReq = (HttpServletRequest) req;
@@ -185,9 +196,13 @@
         String oidParamString = hReq.getHeader(oidHeader);
 
         if (oidParamString == null) {
-            logger.debug("Header " + oidHeader + " not provided. Trying params.");
-            oidParamString = hReq.getQueryString();
+            logger.debug("Header " + oidHeader + " not provided.");
         }
+        return checkOpenIDString(hReq, oidParamString);
+    }
+
+    private boolean checkOpenIDString(HttpServletRequest hReq,
+                                      String oidParamString) {
 
         /* Parse the parameters to a map for openid4j */
         ParameterList oidParams = splitParams(oidParamString);
@@ -299,13 +314,21 @@
         if (!discoveryDone) {
             discoveryDone = discoverServer();
         }
-        if (discoveryDone && checkOpenIDHeader(req)) {
-            /** Successfully authenticated. */
-            hResp.addHeader(oidHeader, hReq.getQueryString().replace(
-                        "is_return=true",""));
-            chain.doFilter(req, resp);
-            return;
+        if (discoveryDone) {
+            if (checkOpenIDHeader(req))
+            {
+                /* Successfully authenticated. Through Header */
+                chain.doFilter(req, resp);
+                return;
+            } else if (checkOpenIDQuery(req)) {
+                /* Successfully authenticated. Through Query parameters.*/
+                hResp.addHeader(oidHeader, hReq.getQueryString().replace(
+                            "is_return=true",""));
+                chain.doFilter(req, resp);
+                return;
+            }
         }
+        /* Authentication failure */
         String authRequestURL = "Error communicating with openid server";
         int errorCode = 698;
         if (discoveryDone) {