changeset 551:68c8b9e5f3e9 openid

Let the return to url be handled by the client.
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 12 Mar 2015 17:40:20 +0100 (2015-03-12)
parents fff43091ccc9
children 28fd6616e0f8
files src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java
diffstat 1 files changed, 38 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Wed Mar 11 14:50:40 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Thu Mar 12 17:40:20 2015 +0100
@@ -16,6 +16,7 @@
 import java.net.URLDecoder;
 import java.util.Date;
 import java.util.Properties;
+import java.util.Enumeration;
 
 import java.io.InputStream;
 import java.io.IOException;
@@ -141,8 +142,8 @@
                         pair.substring(0, idx), "UTF-8");
 
                 if (queryMap.containsKey(key)) {
-                    logger.debug("Invalid query. Duplicate key: " + key);
-                    return null;
+                    logger.debug("Duplicate key: " + key + " ignored.");
+                    continue;
                 }
                 final String value = URLDecoder.decode(
                         pair.substring(idx + 1), "UTF-8");
@@ -162,6 +163,19 @@
     private boolean checkOpenIDHeader(ServletRequest req) {
 
         HttpServletRequest hReq = (HttpServletRequest) req;
+
+        /* Debug code to dump headers
+        Enumeration<String> headerNames = hReq.getHeaderNames();
+        while (headerNames.hasMoreElements()) {
+            String headerName = headerNames.nextElement();
+            logger.debug("Header: " + headerName);
+            Enumeration<String> headers = hReq.getHeaders(headerName);
+            while (headers.hasMoreElements()) {
+                String headerValue = headers.nextElement();
+                logger.debug("Value: " + headerValue);
+            }
+        }
+        */
         /* First check if the header is provided at all */
         String oidParamString = hReq.getHeader(oidHeader);
 
@@ -178,19 +192,10 @@
 
         /* Verify against the discovered server. */
         VerificationResult verification = null;
-        /* extract the receiving URL from the HTTP request */
-        String receivingURL = hReq.getRequestURL().toString();
-
-        if (!receivingURL.contains("?is_return=true&")) {
-            receivingURL += "?is_return=true&";
-        }
-        /* XXX this is broken and does not work as that information only
-         * authenticates this Return url and not any other URL. We have
-         * to change this. */
-        receivingURL.replace("localhost", "127.0.0.1");
+        String receivingURL = oidParams.getParameterValue("openid.return_to");
 
         try {
-            verification = manager.verify(receivingURL.toString(), oidParams,
+            verification = manager.verify(receivingURL, oidParams,
                     discovered);
         } catch (MessageException e) {
             logger.debug("Verification failed: " + e.getMessage());
@@ -268,14 +273,31 @@
             return;
         }
         String authRequestURL = "Error communicating with openid server";
+        int errorCode = 698;
         if (discoveryDone) {
-            /* Get the authentication url for this server. */
+            /* Parse the parameters to a map for openid4j */
+            ParameterList params = splitParams(hReq.getQueryString());
+            String returnToUrl;
+            if (params == null) {
+                logger.debug("Failed to get any parameters from url.");
+                hResp.reset();
+                hResp.setStatus(401);
+                hResp.getOutputStream().print("{\"success\":false,\"message\":\"" + errorCode + "\",\"data\":" +
+                        "\"No return url provided!\",\"errors\":{},\"warnings\":{}," +
+                        "\"readonly\":false,\"totalCount\":0}");
+                hResp.getOutputStream().flush();
+                return;
+            } else {
+                returnToUrl = params.getParameterValue("return_to");
+            }
             try {
+                /*
                 String returnToUrl = hReq.getRequestURL().toString()
-                    + "?is_return=true";
+                    + "?is_return=true";*/
                 AuthRequest authReq = manager.authenticate(discovered,
                         returnToUrl);
                 authRequestURL = authReq.getDestinationUrl(true);
+                errorCode = 699;
             } catch (MessageException e) {
                 logger.debug("Failed to create the Authentication request: " +
                         e.getMessage());
@@ -286,7 +308,7 @@
         }
         hResp.reset();
         hResp.setStatus(401);
-        hResp.getOutputStream().print("{\"success\":false,\"message\":\"699\",\"data\":" +
+        hResp.getOutputStream().print("{\"success\":false,\"message\":\"" + errorCode + "\",\"data\":" +
                 "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," +
                 "\"readonly\":false,\"totalCount\":0}");
         hResp.getOutputStream().flush();
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)