# HG changeset patch
# User Andre Heinecke <andre.heinecke@intevation.de>
# Date 1426262727 -3600
# Node ID 0e46adb8fcc5972c560c963267facac00cd653e8
# Parent  ac953bee7246f45117e560a621558badd1b6b67c
Get user roles from openid server

diff -r ac953bee7246 -r 0e46adb8fcc5 src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java
--- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Mar 13 15:20:29 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Mar 13 17:05:27 2015 +0100
@@ -47,6 +47,10 @@
 import org.openid4java.discovery.DiscoveryException;
 import org.openid4java.message.MessageException;
 import org.openid4java.message.AuthRequest;
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.ax.AxMessage;
+import org.openid4java.message.ax.FetchRequest;
+import org.openid4java.message.ax.FetchResponse;
 
 /** ServletFilter used for OpenID authentification. */
 @WebFilter("/*")
@@ -218,6 +222,25 @@
             return false;
         }
 
+        AuthSuccess authSuccess =
+                        (AuthSuccess) verification.getAuthResponse();
+        String rolesValue;
+        if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+            FetchResponse fetchResp = null;
+            try {
+                fetchResp = (FetchResponse) authSuccess.getExtension(
+                        AxMessage.OPENID_NS_AX);
+            } catch (MessageException e) {
+                logger.debug("Failed to fetch extended result: " +
+                        e.getMessage());
+                return false;
+            }
+            String roles = fetchResp.getAttributeValue("attr1");
+            logger.debug("Roles are: " + roles);
+        } else {
+            logger.debug("No such extension.");
+        }
+
         logger.debug("Verified user: " + verified);
 
         return true;
@@ -302,11 +325,17 @@
                 returnToUrl = params.getParameterValue("return_to");
             }
             try {
-                /*
-                String returnToUrl = hReq.getRequestURL().toString()
-                    + "?is_return=true";*/
                 AuthRequest authReq = manager.authenticate(discovered,
                         returnToUrl);
+                // Fetch the role attribute
+                FetchRequest fetch = FetchRequest.createFetchRequest();
+
+                fetch.addAttribute("attr1",
+                        "http://axschema.org/person/role",
+                        true, 0);
+                // attach the extension to the authentication request
+                authReq.addExtension(fetch);
+
                 authRequestURL = authReq.getDestinationUrl(true);
                 errorCode = 699;
             } catch (MessageException e) {