Author: prabath
Date: Sat Jan 5 22:12:31 2008
New Revision: 11873
Log:
OpenID integration
Added:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIdConsumer.java
Added:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIdConsumer.java
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIdConsumer.java
Sat Jan 5 22:12:31 2008
@@ -0,0 +1,369 @@
+package org.wso2.solutions.identity.openid.relyingparty;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.consumer.InMemoryConsumerAssociationStore;
+import org.openid4java.consumer.InMemoryNonceVerifier;
+import org.openid4java.consumer.VerificationResult;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.infocard.InfocardException;
+import org.openid4java.infocard.OpenIDToken;
+import org.openid4java.message.AuthRequest;
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.Message;
+import org.openid4java.message.MessageExtension;
+import org.openid4java.message.ParameterList;
+import org.openid4java.message.ax.AxMessage;
+import org.openid4java.message.ax.FetchResponse;
+import org.openid4java.message.sreg.SRegMessage;
+import org.openid4java.message.sreg.SRegRequest;
+import org.openid4java.message.sreg.SRegResponse;
+import org.wso2.solutions.identity.IdentityConstants;
+
+public class OpenIdConsumer {
+
+ private ConsumerManager manager;
+ private static OpenIdConsumer consumer;
+ private static HashMap<String, String> attributes = new HashMap<String,
String>();
+
+ /**
+ *
+ */
+ static {
+
+ attributes.put(IdentityConstants.OpenId.Attributes.EMAIL_NS,
+ IdentityConstants.OpenId.Attributes.EMAIL);
+ attributes.put(IdentityConstants.OpenId.Attributes.FIRST_NAME_NS,
+ IdentityConstants.OpenId.Attributes.FIRST_NAME);
+ attributes.put(IdentityConstants.OpenId.Attributes.LAST_NAME_NS,
+ IdentityConstants.OpenId.Attributes.LAST_NAME);
+ attributes.put(IdentityConstants.OpenId.Attributes.FIRST_NAME_NS,
+ IdentityConstants.OpenId.Attributes.FULL_NAME);
+ attributes.put(IdentityConstants.OpenId.Attributes.NICK_NAME_NS,
+ IdentityConstants.OpenId.Attributes.NICK_NAME);
+ attributes.put(IdentityConstants.OpenId.Attributes.PHONE_NS,
+ IdentityConstants.OpenId.Attributes.PHONE);
+ attributes.put(IdentityConstants.OpenId.Attributes.ADDRESS_NS,
+ IdentityConstants.OpenId.Attributes.ADDRESS);
+ attributes.put(IdentityConstants.OpenId.Attributes.CITY_NS,
+ IdentityConstants.OpenId.Attributes.CITY);
+ attributes.put(IdentityConstants.OpenId.Attributes.ZIP_CODE_NS,
+ IdentityConstants.OpenId.Attributes.ZIP_CODE);
+ attributes.put(IdentityConstants.OpenId.Attributes.COUNTRY_NS,
+ IdentityConstants.OpenId.Attributes.COUNTRY);
+ attributes.put(IdentityConstants.OpenId.Attributes.BLOG_NS,
+ IdentityConstants.OpenId.Attributes.BLOG);
+ }
+
+ /**
+ *
+ * @throws Exception
+ */
+ private OpenIdConsumer() throws Exception {
+
+ // Instantiate a ConsumerManager object.
+ manager = new ConsumerManager();
+ manager.setAssociations(new InMemoryConsumerAssociationStore());
+ manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
+
+ // Not enforcing RP realm discovery
+ // since this new feature is not deployed in openid4java.
+ manager.getRealmVerifier().setEnforceRpId(false);
+ }
+
+ /**
+ *
+ * @return
+ * @throws Exception
+ */
+ public static OpenIdConsumer getInstance() throws Exception {
+
+ if (consumer == null)
+ consumer = new OpenIdConsumer();
+
+ return consumer;
+ }
+
+ /**
+ *
+ * @param userSuppliedString
+ * @param returnToUrl
+ * @param httpReq
+ * @param httpResp
+ * @return
+ * @throws IOException
+ */
+ public String authRequest(String userSuppliedString, String returnToUrl,
+ HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws IOException {
+
+ List discoveries = null;
+ DiscoveryInformation discovered = null;
+
+ try {
+
+ // Perform discovery on the user-supplied identifier
+ discoveries = manager.discover(userSuppliedString);
+
+ // Attempt to associate with the OpenID provider
+ // and retrieve one service end-point for authentication
+ discovered = manager.associate(discoveries);
+
+ // Store the discovery information in the user's session
+ httpReq.getSession().setAttribute("openid-disc", discovered);
+
+ // Obtain a AuthRequest message to be sent to the OpenID provider
+ AuthRequest authReq = manager.authenticate(discovered,
returnToUrl);
+
+ // OpenID Simple Registration Extension 1.1 - Draft 1
+ SRegRequest sregReq = SRegRequest.createFetchRequest();
+
+ // TODO: User should be able to what attributes he required.
+ sregReq.addAttribute(IdentityConstants.OpenId.Attributes.NICK_NAME,
+ true);
+ sregReq.addAttribute(IdentityConstants.OpenId.Attributes.FULL_NAME,
+ true);
+ sregReq.addAttribute(IdentityConstants.OpenId.Attributes.EMAIL,
+ true);
+ sregReq.addAttribute(IdentityConstants.OpenId.Attributes.DOB,
true);
+ sregReq.addAttribute(IdentityConstants.OpenId.Attributes.GENDER,
+ true);
+ sregReq.addAttribute(
+ IdentityConstants.OpenId.Attributes.POSTAL_CODE, true);
+ sregReq.addAttribute(IdentityConstants.OpenId.Attributes.COUNTRY,
+ true);
+ sregReq.addAttribute(IdentityConstants.OpenId.Attributes.LANGUAGE,
+ true);
+ sregReq.addAttribute(IdentityConstants.OpenId.Attributes.TIMEZONE,
+ true);
+ authReq.addExtension(sregReq);
+
+ // Redirect to the OpenID provider server for authentication.
+ httpResp.sendRedirect(authReq.getDestinationUrl(true));
+
+ } catch (OpenIDException e) {
+ // Present error to the user
+ throw new RuntimeException(e.getMessage(), e);
+ }
+
+ return null;
+ }
+
+ /**
+ *
+ * @param request
+ */
+ public void setSessionAttributes(HttpServletRequest request) {
+
+ DiscoveryInformation discovered = null;
+ ParameterList response = null;
+ StringBuffer receivingURL = null;
+ String queryString = null;
+ VerificationResult verification = null;
+ AuthSuccess authSuccess = null;
+ HttpSession session = null;
+
+ try {
+ // Extract the parameters from the authentication response
+ // (which comes in as a HTTP request from the OpenID provider)
+ response = new ParameterList(request.getParameterMap());
+
+ // Retrieve the previously stored discovery information.
+ discovered = (DiscoveryInformation) request.getSession()
+ .getAttribute(IdentityConstants.OpenId.DISC);
+
+ // Extract the receiving URL from the HTTP request
+ receivingURL = request.getRequestURL();
+ queryString = request.getQueryString();
+
+ if (queryString != null && queryString.length() > 0)
+ receivingURL.append("?").append(request.getQueryString());
+
+ // Verify the response; ConsumerManager needs to be the same
+ // (static) instance used to place the authentication request.
+ verification = manager.verify(receivingURL.toString(), response,
+ discovered);
+
+ authSuccess = (AuthSuccess) verification.getAuthResponse();
+
+ session = request.getSession(true);
+ session.setAttribute(IdentityConstants.OpenId.OPENID_IDENTIFIER,
+ authSuccess.getIdentity());
+
+ // OpenID Attribute Exchange 1.0 - Draft 07.
+ if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+ FetchResponse fetchResp = null;
+ fetchResp = (FetchResponse) authSuccess
+ .getExtension(AxMessage.OPENID_NS_AX);
+ session.setAttribute("emailFromFetch", fetchResp
+ .getAttributeValues("email").get(0));
+ } else if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) {
+ // OpenID Simple Registration Extension 1.1 - Draft 1.
+ SRegResponse sregResp = (SRegResponse) authSuccess
+ .getExtension(SRegMessage.OPENID_NS_SREG);
+ request
+ .setAttribute(
+ IdentityConstants.OpenId.Attributes.NICK_NAME,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.NICK_NAME));
+ request
+ .setAttribute(
+ IdentityConstants.OpenId.Attributes.FULL_NAME,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.FULL_NAME));
+ request
+ .setAttribute(
+ IdentityConstants.OpenId.Attributes.EMAIL,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.EMAIL));
+ request
+ .setAttribute(
+ IdentityConstants.OpenId.Attributes.DOB,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.DOB));
+ request
+ .setAttribute(
+ IdentityConstants.OpenId.Attributes.GENDER,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.GENDER));
+ request
+ .setAttribute(
+
IdentityConstants.OpenId.Attributes.POSTAL_CODE,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.POSTAL_CODE));
+ request
+ .setAttribute(
+ IdentityConstants.OpenId.Attributes.COUNTRY,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.COUNTRY));
+ request
+ .setAttribute(
+ IdentityConstants.OpenId.Attributes.LANGUAGE,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.LANGUAGE));
+ request
+ .setAttribute(
+ IdentityConstants.OpenId.Attributes.TIMEZONE,
+ sregResp
+
.getAttributeValue(IdentityConstants.OpenId.Attributes.TIMEZONE));
+
+ }
+
+ } catch (OpenIDException e) {
+ // Present error to the user.
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ }
+
+ /**
+ *
+ * @param request
+ * @throws InfocardException
+ * @throws OpenIDException
+ */
+ public void setInfocardSessionAttributes(HttpServletRequest request)
+ throws InfocardException, OpenIDException {
+
+ String xmlToken = null;
+ HttpSession session = null;
+
+ xmlToken = request.getParameter(IdentityConstants.XML_TOKEN);
+ session = request.getSession();
+
+ if (xmlToken != null) {
+ // Received an xmlToken from the identity selector.
+ ParameterList openidResp = extractFromInfocardPost(request);
+ processOpenIDResp(request, session, openidResp);
+ } else {
+ throw new InfocardException("xmlToken not set");
+ }
+ }
+
+ /**
+ *
+ * @param request
+ * @return
+ * @throws InfocardException
+ */
+ private ParameterList extractFromInfocardPost(HttpServletRequest request)
+ throws InfocardException {
+
+ OpenIDToken token = null;
+ String xmlToken = null;
+
+ xmlToken = request.getParameter(IdentityConstants.XML_TOKEN);
+ request.getSession().setAttribute(IdentityConstants.OpenId.ASSERTION,
+ xmlToken);
+ token = OpenIDToken.createFromXmlToken(xmlToken);
+
+ return token.getOpenIDParams();
+ }
+
+ /**
+ *
+ * @param request
+ * @param session
+ * @param openidResp
+ * @throws OpenIDException
+ */
+ private void processOpenIDResp(HttpServletRequest request,
+ HttpSession session, ParameterList openidResp)
+ throws OpenIDException {
+
+ // Retrieve the previously stored discovery information
+ DiscoveryInformation discovered = (DiscoveryInformation) session
+ .getAttribute("discovered");
+
+ // TODO: remove the hard-coded string
+ StringBuffer receivingURL = new StringBuffer(
+ "https://localhost:12443/OpenIdInfoCardLogin.action";);//
request.getRequestURL();
+ String queryString = request.getQueryString();
+
+ if (queryString != null && queryString.length() > 0)
+ receivingURL.append("?").append(request.getQueryString());
+
+ // verify the response
+ VerificationResult verification = manager.verify(receivingURL
+ .toString(), openidResp, discovered);
+
+ verification.getVerifiedId();
+
+ Message authResponse = verification.getAuthResponse();
+
+ if (authResponse instanceof AuthSuccess) {
+
+ FetchResponse fetchResp = null;
+ AuthSuccess authSuccess = null;
+ MessageExtension extension = null;
+
+ authSuccess = (AuthSuccess) authResponse;
+ extension = authSuccess.getExtension(AxMessage.OPENID_NS_AX);
+
+ if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)
+ && extension instanceof FetchResponse) {
+ fetchResp = (FetchResponse) extension;
+
+ List aliases = fetchResp.getAttributeAliases();
+ Map types = fetchResp.getAttributeTypes();
+ String alias;
+ List values;
+ for (Object a : aliases) {
+ alias = (String) a;
+ values = fetchResp.getAttributeValues(alias);
+ request.setAttribute(alias.toLowerCase(), (String) values
+ .get(0));
+ }
+ }
+ }
+
+ }
+}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
