Mercurial > lada > lada-server

changeset 567:0e46adb8fcc5 openid

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Get user roles from openid server
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 13 Mar 2015 17:05:27 +0100
parents ac953bee7246
children b0d674240c29
files src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java
diffstat 1 files changed, 32 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Mar 13 15:20:29 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Mar 13 17:05:27 2015 +0100
@@ -47,6 +47,10 @@
 import org.openid4java.discovery.DiscoveryException;
 import org.openid4java.message.MessageException;
 import org.openid4java.message.AuthRequest;
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.ax.AxMessage;
+import org.openid4java.message.ax.FetchRequest;
+import org.openid4java.message.ax.FetchResponse;
 
 /** ServletFilter used for OpenID authentification. */
 @WebFilter("/*")
@@ -218,6 +222,25 @@
             return false;
         }
 
+        AuthSuccess authSuccess =
+                        (AuthSuccess) verification.getAuthResponse();
+        String rolesValue;
+        if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+            FetchResponse fetchResp = null;
+            try {
+                fetchResp = (FetchResponse) authSuccess.getExtension(
+                        AxMessage.OPENID_NS_AX);
+            } catch (MessageException e) {
+                logger.debug("Failed to fetch extended result: " +
+                        e.getMessage());
+                return false;
+            }
+            String roles = fetchResp.getAttributeValue("attr1");
+            logger.debug("Roles are: " + roles);
+        } else {
+            logger.debug("No such extension.");
+        }
+
         logger.debug("Verified user: " + verified);
 
         return true;
@@ -302,11 +325,17 @@
                 returnToUrl = params.getParameterValue("return_to");
             }
             try {
-                /*
-                String returnToUrl = hReq.getRequestURL().toString()
-                    + "?is_return=true";*/
                 AuthRequest authReq = manager.authenticate(discovered,
                         returnToUrl);
+                // Fetch the role attribute
+                FetchRequest fetch = FetchRequest.createFetchRequest();
+
+                fetch.addAttribute("attr1",
+                        "http://axschema.org/person/role",
+                        true, 0);
+                // attach the extension to the authentication request
+                authReq.addExtension(fetch);
+
                 authRequestURL = authReq.getDestinationUrl(true);
                 errorCode = 699;
             } catch (MessageException e) {
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)