Mercurial > lada > lada-server

changeset 605:03864256fafa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Split header and query authentication.
author Raimund Renkert <raimund.renkert@intevation.de>
date Thu, 16 Apr 2015 15:45:26 +0200
parents 6c2921100b7f
children 432e253e4788
files src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java
diffstat 1 files changed, 31 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Thu Apr 16 15:44:19 2015 +0200
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Thu Apr 16 15:45:26 2015 +0200
@@ -166,6 +166,17 @@
         return new ParameterList(queryMap);
     }
 
+    private boolean checkOpenIDQuery(ServletRequest req) {
+        HttpServletRequest hReq = (HttpServletRequest) req;
+
+        String oidParamString = hReq.getQueryString();
+
+        if (oidParamString == null) {
+            logger.debug("No query string.");
+        }
+        return checkOpenIDString(hReq, oidParamString);
+    }
+
     private boolean checkOpenIDHeader(ServletRequest req) {
 
         HttpServletRequest hReq = (HttpServletRequest) req;
@@ -185,9 +196,13 @@
         String oidParamString = hReq.getHeader(oidHeader);
 
         if (oidParamString == null) {
-            logger.debug("Header " + oidHeader + " not provided. Trying params.");
-            oidParamString = hReq.getQueryString();
+            logger.debug("Header " + oidHeader + " not provided.");
         }
+        return checkOpenIDString(hReq, oidParamString);
+    }
+
+    private boolean checkOpenIDString(HttpServletRequest hReq,
+                                      String oidParamString) {
 
         /* Parse the parameters to a map for openid4j */
         ParameterList oidParams = splitParams(oidParamString);
@@ -299,13 +314,21 @@
         if (!discoveryDone) {
             discoveryDone = discoverServer();
         }
-        if (discoveryDone && checkOpenIDHeader(req)) {
-            /** Successfully authenticated. */
-            hResp.addHeader(oidHeader, hReq.getQueryString().replace(
-                        "is_return=true",""));
-            chain.doFilter(req, resp);
-            return;
+        if (discoveryDone) {
+            if (checkOpenIDHeader(req))
+            {
+                /* Successfully authenticated. Through Header */
+                chain.doFilter(req, resp);
+                return;
+            } else if (checkOpenIDQuery(req)) {
+                /* Successfully authenticated. Through Query parameters.*/
+                hResp.addHeader(oidHeader, hReq.getQueryString().replace(
+                            "is_return=true",""));
+                chain.doFilter(req, resp);
+                return;
+            }
         }
+        /* Authentication failure */
         String authRequestURL = "Error communicating with openid server";
         int errorCode = 698;
         if (discoveryDone) {
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)