Hello Ivo, On Sep 30, 2011, at 3:15 PM, Ivo Ladage-van Doorn wrote:
> Soon we would like to merge the OpenID client implemented for .com into the > .org. I did take a look at the .com codebase, which should be located here: > http://subversion.amdatu.org/svn/amdatu/sandbox/angelos/bndtools_build/org.amdatu.openid > > Now I have the following questions & remarks, hoping that anyone can answer > these: > > · Is the code up to date? It seems that the OpenID code is not > actually used. The bundle exports the packages org.amdatu.openid.client and > org.amdatu.openid.server, but none of the classes contained by these packages > are actually used by any other bundle. I thought there was some OpenID > specific logic implemented in the login service and gadget but I simply can’t > find it. The code is up to date. It publishes an OpenIDClient service. The server part is not implemented. The OpenID client is indeed not used from within this codebase, but it's ready to be used. The javadoc should explain the basics and I've pasted part of the code that we use to login below (not a complete working example, but this should explain the basics): /** * Builds an OpenID request that can be sent to an OpenID server for validation and returns * the data that is needed to actually send the request. It's assumed that the caller does that. * Afterwards, control will return via the asynchronous <code>OpenIDResponse</code> callback * interface, which is implemented in this class as well. */ @POST @Path("openid") @Consumes("application/x-www-form-urlencoded") @Produces({ MediaType.APPLICATION_JSON }) public Response openid(@FormParam("openid") final String openid, @Context final HttpServletRequest request) { JSONObject jsonObject = new JSONObject(); try { try { String host = m_applicationContext.getProperty(ApplicationContextProperties.HOSTNAME); int port = Integer.parseInt(m_applicationContext.getProperty(ApplicationContextProperties.PORTNR)); URL realm; if (port == 80) { realm = new URL("http", host, "/openid/"); } else { realm = new URL("http", host, port, "/openid/"); } URL returnURL = new URL(realm, "auth"); OpenIDAttribute email = new OpenIDAttribute("email", "http://schema.openid.net/contact/email";, true, 1); OpenIDAttribute first = new OpenIDAttribute("firstName", "http://axschema.org/namePerson/first";, true, 1); OpenIDAttribute last = new OpenIDAttribute("lastName", "http://axschema.org/namePerson/last";, true, 1); OpenIDRequest openIDRequest = m_openIDClient.createRequest( openid, realm.toExternalForm(), returnURL.toExternalForm(), this, email, first, last); jsonObject.append("parameterMap", openIDRequest.getParameters()); jsonObject.append("destinationUrl", openIDRequest.getURL().toString()); jsonObject.append("result", "ok"); } catch (NoSuchElementException nsee) { m_logService.log(LogService.LOG_ERROR, "Application context not properly configured.", nsee); jsonObject.append("result", "failed"); jsonObject.append("msg", "Problem: " + nsee.getMessage()); } catch (Exception e) { m_logService.log(LogService.LOG_ERROR, "OpenID client failed to create request.", e); jsonObject.append("result", "failed"); jsonObject.append("msg", "Problem: " + e.getMessage()); } } catch (JSONException je) { m_logService.log(LogService.LOG_ERROR, "Could not append JSON data to response.", je); } return Response.ok(jsonObject.toString(), MediaType.APPLICATION_JSON_TYPE).build(); } /** * OpenID server returned successfully. */ @Override public void onSuccess(HttpServletRequest request, HttpServletResponse response, OpenIDAttribute... attributes) { String username = request.getParameter("openid.identity"); String password = request.getParameter("openid.sig"); login(username, password, request, response); } /** * OpenID server returned an error. We relay that error back to our caller at the hardcoded * <code>RETURN_URL</code>, adding properties that describe the error. */ @Override public void onFailure(HttpServletRequest request, HttpServletResponse response, String reason) { String host = m_applicationContext.getProperty(ApplicationContextProperties.HOSTNAME); String port = m_applicationContext.getProperty(ApplicationContextProperties.PORTNR); URI responseURL = URI.create("http://"; + host + ":" + port + RETURN_URL + "?error=openidfailed&reason=" + reason); try { response.sendRedirect(responseURL.toString()); } catch (IOException e) { m_logService.log(LogService.LOG_ERROR, "Redirect failed, user unknown."); } } Does this make more sense? > · There is a lot of magic going on with the dependency on the > HttpService and dynamic servlet registration, no idea why. Servlets are > registered directly using the HttpService while it should be using the > whiteboard pattern. It seems that the only thing it actually does is > registering the OpenID callback servlet. What’s the fuzz about? This code was written to work without a whiteboard pattern, so that part we should probably refactor to start using it. > · A simple example actually using the OpenID client would help, I’m > not sure how I am supposed to use it and the code contains > obsolete/uncommented code. See above. Greetings, Marcel
_______________________________________________ Amdatu-developers mailing list [email protected] http://lists.amdatu.org/mailman/listinfo/amdatu-developers
