changeset 548:95a48e1f1a26 openid

Fix return_url handling and send params to client in header
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 27 Feb 2015 17:23:05 +0100
parents f9f1edd30b33
children 130e647078ea
files src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java
diffstat 1 files changed, 15 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Feb 27 16:42:43 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Feb 27 17:23:05 2015 +0100
@@ -166,9 +166,7 @@
         String oidParamString = hReq.getHeader(oidHeader);
 
         if (oidParamString == null) {
-            logger.debug("Header " + oidHeader + " not provided.");
-        } else {
-            logger.debug("Trying to verify query.");
+            logger.debug("Header " + oidHeader + " not provided. Trying params.");
             oidParamString = hReq.getQueryString();
         }
 
@@ -181,10 +179,15 @@
         /* Verify against the discovered server. */
         VerificationResult verification = null;
         /* extract the receiving URL from the HTTP request */
-        StringBuffer receivingURL = hReq.getRequestURL();
-        String queryString = hReq.getQueryString();
-        if (queryString != null && queryString.length() > 0)
-            receivingURL.append("?").append(hReq.getQueryString());
+        String receivingURL = hReq.getRequestURL().toString();
+
+        if (!receivingURL.contains("?is_return=true&")) {
+            receivingURL += "?is_return=true&";
+        }
+        /* XXX this is broken and does not work as that information only
+         * authenticates this Return url and not any other URL. We have
+         * to change this. */
+        receivingURL.replace("localhost", "127.0.0.1");
 
         try {
             verification = manager.verify(receivingURL.toString(), oidParams,
@@ -252,11 +255,15 @@
     public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
     throws IOException, ServletException
     {
+        HttpServletRequest hReq = (HttpServletRequest) req;
+        HttpServletResponse hResp = (HttpServletResponse) resp;
         if (!discoveryDone) {
             discoveryDone = discoverServer();
         }
         if (discoveryDone && checkOpenIDHeader(req)) {
             /** Successfully authenticated. */
+            hResp.addHeader(oidHeader, hReq.getQueryString().replace(
+                        "is_return=true",""));
             chain.doFilter(req, resp);
             return;
         }
@@ -264,7 +271,6 @@
         if (discoveryDone) {
             /* Get the authentication url for this server. */
             try {
-                HttpServletRequest hReq = (HttpServletRequest) req;
                 String returnToUrl = hReq.getRequestURL().toString()
                     + "?is_return=true";
                 AuthRequest authReq = manager.authenticate(discovered,
@@ -278,7 +284,7 @@
                         e.getMessage());
             }
         }
-        ((HttpServletResponse) resp).sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" +
+        hResp.sendError(401, "{\"success\":false,\"message\":\"699\",\"data\":" +
                 "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," +
                 "\"readonly\":false,\"totalCount\":0}");
     }
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)