# HG changeset patch # User Andre Heinecke # Date 1425054185 -3600 # Node ID 95a48e1f1a267c38c765d70331ae21b85165fe81 # Parent f9f1edd30b33f511234a42e7c3a95b6f76e752b0 Fix return_url handling and send params to client in header diff -r f9f1edd30b33 -r 95a48e1f1a26 src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java --- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java Fri Feb 27 16:42:43 2015 +0100 +++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java Fri Feb 27 17:23:05 2015 +0100 @@ -166,9 +166,7 @@ String oidParamString = hReq.getHeader(oidHeader); if (oidParamString == null) { - logger.debug("Header " + oidHeader + " not provided."); - } else { - logger.debug("Trying to verify query."); + logger.debug("Header " + oidHeader + " not provided. Trying params."); oidParamString = hReq.getQueryString(); } @@ -181,10 +179,15 @@ /* Verify against the discovered server. */ VerificationResult verification = null; /* extract the receiving URL from the HTTP request */ - StringBuffer receivingURL = hReq.getRequestURL(); - String queryString = hReq.getQueryString(); - if (queryString != null && queryString.length() > 0) - receivingURL.append("?").append(hReq.getQueryString()); + String receivingURL = hReq.getRequestURL().toString(); + + if (!receivingURL.contains("?is_return=true&")) { + receivingURL += "?is_return=true&"; + } + /* XXX this is broken and does not work as that information only + * authenticates this Return url and not any other URL. We have + * to change this. */ + receivingURL.replace("localhost", "127.0.0.1"); try { verification = manager.verify(receivingURL.toString(), oidParams, @@ -252,11 +255,15 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { + HttpServletRequest hReq = (HttpServletRequest) req; + HttpServletResponse hResp = (HttpServletResponse) resp; if (!discoveryDone) { discoveryDone = discoverServer(); } if (discoveryDone && checkOpenIDHeader(req)) { /** Successfully authenticated. */ + hResp.addHeader(oidHeader, hReq.getQueryString().replace( + "is_return=true","")); chain.doFilter(req, resp); return; } @@ -264,7 +271,6 @@ if (discoveryDone) { /* Get the authentication url for this server. */ try { - HttpServletRequest hReq = (HttpServletRequest) req; String returnToUrl = hReq.getRequestURL().toString() + "?is_return=true"; AuthRequest authReq = manager.authenticate(discovered, @@ -278,7 +284,7 @@ e.getMessage()); } } - ((HttpServletResponse) resp).sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" + + hResp.sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" + "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," + "\"readonly\":false,\"totalCount\":0}"); }