Author: prabath
Date: Thu Jan 24 04:59:35 2008
New Revision: 12826
Log:
exception handling and code formatting
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIDAuthenticationRequest.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIDConsumer.java
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIDAuthenticationRequest.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIDAuthenticationRequest.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIDAuthenticationRequest.java
Thu Jan 24 04:59:35 2008
@@ -1,55 +1,60 @@
package org.wso2.solutions.identity.openid.relyingparty;
+import java.util.ArrayList;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class OpenIDAuthenticationRequest {
-
- private String returnurl;
-
+
+ private String returnUrl;
+
private HttpServletResponse reponse;
-
+
private HttpServletRequest request;
-
+
private String openIDUrl;
+ private ArrayList requiredClaims = new ArrayList();
+
public String getOpenIDUrl() {
return openIDUrl;
}
-
public void setOpenIDUrl(String openIDUrl) {
this.openIDUrl = openIDUrl;
}
-
public HttpServletResponse getReponse() {
return reponse;
}
-
public void setReponse(HttpServletResponse reponse) {
this.reponse = reponse;
}
-
public HttpServletRequest getRequest() {
return request;
}
-
public void setRequest(HttpServletRequest request) {
this.request = request;
}
+ public String getReturnUrl() {
+ return returnUrl;
+ }
- public String getReturnurl() {
- return returnurl;
+ public void setReturnUrl(String returnurl) {
+ this.returnUrl = returnurl;
}
-
- public void setReturnurl(String returnurl) {
- this.returnurl = returnurl;
- }
+ public ArrayList getRequiredClaims() {
+ return requiredClaims;
+ }
+
+ public void addRequiredClaims(String attribute) {
+ requiredClaims.add(attribute);
+ }
}
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIDConsumer.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIDConsumer.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIDConsumer.java
Thu Jan 24 04:59:35 2008
@@ -5,12 +5,11 @@
import java.util.List;
import java.util.Map;
-
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
@@ -29,6 +28,7 @@
import org.openid4java.message.sreg.SRegRequest;
import org.openid4java.message.sreg.SRegResponse;
import org.wso2.solutions.identity.IdentityConstants;
+import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
public class OpenIDConsumer {
@@ -39,10 +39,15 @@
*
* @throws Exception
*/
- private OpenIDConsumer() throws Exception {
+ private OpenIDConsumer() throws RelyingPartyException {
// Instantiate a ConsumerManager object.
- manager = new ConsumerManager();
+ try {
+ manager = new ConsumerManager();
+ } catch (ConsumerException e) {
+ // Present error to the user
+ throw new RelyingPartyException(e.getMessage(), e);
+ }
manager.setAssociations(new InMemoryConsumerAssociationStore());
manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
@@ -56,7 +61,7 @@
* @return
* @throws Exception
*/
- public static OpenIDConsumer getInstance() throws Exception {
+ public static OpenIDConsumer getInstance() throws RelyingPartyException {
if (consumer == null)
consumer = new OpenIDConsumer();
@@ -73,9 +78,8 @@
* @return
* @throws IOException
*/
- protected String authRequest(String userSuppliedString, String returnToUrl,
- HttpServletRequest httpReq, HttpServletResponse httpResp)
- throws IOException {
+ protected String authRequest(OpenIDAuthenticationRequest request)
+ throws RelyingPartyException {
List discoveries = null;
DiscoveryInformation discovered = null;
@@ -83,55 +87,47 @@
try {
// Perform discovery on the user-supplied identifier
- discoveries = manager.discover(userSuppliedString);
+ discoveries = manager.discover(request.getOpenIDUrl());
// Attempt to associate with the OpenID provider
// and retrieve one service end-point for authentication
discovered = manager.associate(discoveries);
// Store the discovery information in the user's session
- httpReq.getSession().setAttribute("openid-disc", discovered);
+ request.getRequest().getSession().setAttribute("openid-disc",
+ discovered);
// Obtain a AuthRequest message to be sent to the OpenID provider
- AuthRequest authReq = manager.authenticate(discovered,
returnToUrl);
+ AuthRequest authReq = manager.authenticate(discovered, request
+ .getReturnUrl());
// OpenID Simple Registration Extension 1.1 - Draft 1
SRegRequest sregReq = SRegRequest.createFetchRequest();
- // TODO: User should be able to decide what attributes he requires.
- sregReq.addAttribute(
- IdentityConstants.OpenId.SimpleRegAttributes.NICK_NAME,
- true);
- sregReq.addAttribute(
- IdentityConstants.OpenId.SimpleRegAttributes.FULL_NAME,
- true);
- sregReq.addAttribute(
- IdentityConstants.OpenId.SimpleRegAttributes.EMAIL, true);
- sregReq.addAttribute(
- IdentityConstants.OpenId.SimpleRegAttributes.DOB, true);
- sregReq.addAttribute(
- IdentityConstants.OpenId.SimpleRegAttributes.GENDER, true);
- sregReq.addAttribute(
- IdentityConstants.OpenId.SimpleRegAttributes.POSTAL_CODE,
- true);
- sregReq.addAttribute(
- IdentityConstants.OpenId.SimpleRegAttributes.COUNTRY,
true);
- sregReq
- .addAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.LANGUAGE,
- true);
- sregReq
- .addAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.TIMEZONE,
- true);
+ if (request.getRequiredClaims() != null
+ && request.getRequiredClaims().size() > 0) {
+ for (Object requiredClaim : request.getRequiredClaims()) {
+ sregReq.addAttribute((String) requiredClaim, true);
+ }
+ } else {
+ // When RP does not set any required parameters we stick to the
+ // default parameter set.
+ setDefaultRequestParams(sregReq);
+ }
+
authReq.addExtension(sregReq);
// Redirect to the OpenID provider server for authentication.
- httpResp.sendRedirect(authReq.getDestinationUrl(true));
+ try {
+ request.getReponse().sendRedirect(
+ authReq.getDestinationUrl(true));
+ } catch (IOException e) {
+ throw new RelyingPartyException(e.getMessage(), e);
+ }
} catch (OpenIDException e) {
// Present error to the user
- throw new RuntimeException(e.getMessage(), e);
+ throw new RelyingPartyException(e.getMessage(), e);
}
return null;
@@ -141,7 +137,8 @@
*
* @param request
*/
- public void setSessionAttributes(HttpServletRequest request) {
+ public void setSessionAttributes(HttpServletRequest request)
+ throws RelyingPartyException {
DiscoveryInformation discovered = null;
ParameterList response = null;
@@ -149,7 +146,6 @@
String queryString = null;
VerificationResult verification = null;
AuthSuccess authSuccess = null;
- HttpSession session = null;
try {
// Extract the parameters from the authentication response
@@ -172,9 +168,10 @@
verification = manager.verify(receivingURL.toString(), response,
discovered);
- authSuccess = (AuthSuccess) verification.getAuthResponse();
+ if (verification.getVerifiedId() == null)
+ throw new RelyingPartyException("OpenID verification failed");
- session = request.getSession(true);
+ authSuccess = (AuthSuccess) verification.getAuthResponse();
request.setAttribute(IdentityConstants.OpenId.OPENID_IDENTIFIER,
authSuccess.getIdentity());
@@ -185,64 +182,21 @@
FetchResponse fetchResp = null;
fetchResp = (FetchResponse) authSuccess
.getExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX);
- session.setAttribute("emailFromFetch", fetchResp
- .getAttributeValues("email").get(0));
+
+ setRequestAttributes(fetchResp, request);
+
} else if (authSuccess
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
// OpenID Simple Registration Extension 1.1 - Draft 1.
SRegResponse sregResp = (SRegResponse) authSuccess
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.NICK_NAME,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.NICK_NAME));
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.FULL_NAME,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.FULL_NAME));
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.EMAIL,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.EMAIL));
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.DOB,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.DOB));
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.GENDER,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.GENDER));
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.POSTAL_CODE,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.POSTAL_CODE));
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.COUNTRY,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.COUNTRY));
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.LANGUAGE,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.LANGUAGE));
- request
- .setAttribute(
-
IdentityConstants.OpenId.SimpleRegAttributes.TIMEZONE,
- sregResp
-
.getAttributeValue(IdentityConstants.OpenId.SimpleRegAttributes.TIMEZONE));
+ setRequestAttributes(sregResp, request);
}
} catch (OpenIDException e) {
// Present error to the user.
- throw new RuntimeException(e.getMessage(), e);
+ throw new RelyingPartyException(e.getMessage(), e);
}
}
@@ -250,24 +204,17 @@
*
* @param request
*/
- public void doOpenIDAuthentication(OpenIDAuthenticationRequest request) {
+ public void doOpenIDAuthentication(OpenIDAuthenticationRequest request)
+ throws RelyingPartyException {
- String returnUrl = null;
-
- try {
+ if (request == null)
+ throw new RelyingPartyException("Null request");
- if (request.getReturnurl() != null)
- returnUrl = request.getReturnurl();
- else
- returnUrl = (String) request.getRequest().getParameter(
- "returnUrl");
-
- consumer = OpenIDConsumer.getInstance();
- consumer.authRequest(request.getOpenIDUrl(), returnUrl, request
- .getRequest(), request.getReponse());
- } catch (Exception e) {
+ if (request.getReturnUrl() == null)
+ request.setReturnUrl((String) request.getRequest().getParameter(
+ "returnUrl"));
- }
+ authRequest(request);
}
/**
@@ -277,7 +224,7 @@
* @throws OpenIDException
*/
public void setInfocardSessionAttributes(HttpServletRequest request)
- throws InfocardException, OpenIDException {
+ throws RelyingPartyException {
String xmlToken = null;
HttpSession session = null;
@@ -288,34 +235,19 @@
if (xmlToken != null) {
// Received an xmlToken from the identity selector.
ParameterList openidResp = extractFromInfocardPost(request);
- processOpenIDResp(request, session, openidResp);
+ try {
+ processOpenIDResp(request, session, openidResp);
+ } catch (OpenIDException e) {
+ // Present error to the user.
+ throw new RelyingPartyException(e.getMessage(), e);
+ }
} else {
- throw new InfocardException("xmlToken not set");
+ throw new RelyingPartyException("xmlToken not set");
}
}
/**
*
- * @param request
- * @return
- * @throws InfocardException
- */
- private ParameterList extractFromInfocardPost(HttpServletRequest request)
- throws InfocardException {
-
- OpenIDToken token = null;
- String xmlToken = null;
-
- xmlToken = request.getParameter(IdentityConstants.XML_TOKEN);
- request.getSession().setAttribute(IdentityConstants.OpenId.ASSERTION,
- xmlToken);
- token = OpenIDToken.createFromXmlToken(xmlToken);
-
- return token.getOpenIDParams();
- }
-
- /**
- *
* @param xmlToken
* @return
*/
@@ -344,7 +276,7 @@
try {
map = request.getParameterMap();
-
+
if (map == null)
return false;
@@ -375,9 +307,9 @@
* @param openidResp
* @throws OpenIDException
*/
- private void processOpenIDResp(HttpServletRequest request,
+ protected void processOpenIDResp(HttpServletRequest request,
HttpSession session, ParameterList openidResp)
- throws OpenIDException {
+ throws OpenIDException,RelyingPartyException {
DiscoveryInformation discovered = null;
StringBuffer receivingURL = null;
@@ -403,64 +335,133 @@
// identifier
verified = verification.getVerifiedId();
- if (verified != null) {
+ if (verified == null)
+ throw new RelyingPartyException("OpenID verification failed");
- Message authResponse = verification.getAuthResponse();
+ Message authResponse = verification.getAuthResponse();
- request.setAttribute(IdentityConstants.OpenId.OPENID_IDENTIFIER,
- openidResp.getParameter(
-
IdentityConstants.OpenId.ATTR_IDENTITY).getValue());
+ request.setAttribute(IdentityConstants.OpenId.OPENID_IDENTIFIER,
+ openidResp.getParameter(IdentityConstants.OpenId.ATTR_IDENTITY)
+ .getValue());
- if (authResponse instanceof AuthSuccess) {
+ if (authResponse instanceof AuthSuccess) {
- AuthSuccess authSuccess = null;
- MessageExtension extension = null;
+ AuthSuccess authSuccess = null;
+ MessageExtension extension = null;
- authSuccess = (AuthSuccess) authResponse;
-
- if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
- extension = authSuccess
- .getExtension(AxMessage.OPENID_NS_AX);
-
- FetchResponse fetchResp = null;
- List aliases = null;
- Map types = null;
- String alias = null;
- List values = null;
-
- fetchResp = (FetchResponse) extension;
-
- aliases = fetchResp.getAttributeAliases();
- types = fetchResp.getAttributeTypes();
-
- for (Object a : aliases) {
- alias = (String) a;
- values = fetchResp.getAttributeValues(alias);
- request.setAttribute(alias.toLowerCase(),
- (String) values.get(0));
- }
- } else if (authSuccess
-
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
-
- SRegResponse regResponse = null;
- Iterator iterator = null;
- Map attributes = null;
- String key = null;
-
- extension = authSuccess
-
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
- regResponse = (SRegResponse) extension;
-
- attributes = regResponse.getAttributes();
- iterator = attributes.keySet().iterator();
-
- while (iterator.hasNext()) {
- key = (String) iterator.next();
- request.setAttribute(key.toLowerCase(), attributes
- .get(key));
- }
- }
+ authSuccess = (AuthSuccess) authResponse;
+
+ if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+
+ FetchResponse fetchResp = null;
+ extension = authSuccess.getExtension(AxMessage.OPENID_NS_AX);
+
+ fetchResp = (FetchResponse) extension;
+ setRequestAttributes(fetchResp, request);
+
+ } else if (authSuccess
+
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
+
+ SRegResponse regResponse = null;
+ extension = authSuccess
+
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
+
+ regResponse = (SRegResponse) extension;
+ setRequestAttributes(regResponse, request);
}
+
+ }
+ }
+
+ /**
+ *
+ * @param request
+ * @return
+ * @throws InfocardException
+ */
+ private ParameterList extractFromInfocardPost(HttpServletRequest request)
+ throws RelyingPartyException {
+
+ OpenIDToken token = null;
+ String xmlToken = null;
+
+ xmlToken = request.getParameter(IdentityConstants.XML_TOKEN);
+ request.getSession().setAttribute(IdentityConstants.OpenId.ASSERTION,
+ xmlToken);
+ try {
+ token = OpenIDToken.createFromXmlToken(xmlToken);
+ } catch (InfocardException e) {
+ // Present error to the user.
+ throw new RelyingPartyException(e.getMessage(), e);
+ }
+
+ return token.getOpenIDParams();
+ }
+
+ /**
+ *
+ * @param request
+ */
+ private void setDefaultRequestParams(SRegRequest request) {
+ request.addAttribute(
+ IdentityConstants.OpenId.SimpleRegAttributes.NICK_NAME, true);
+ request.addAttribute(
+ IdentityConstants.OpenId.SimpleRegAttributes.FULL_NAME, true);
+ request.addAttribute(
+ IdentityConstants.OpenId.SimpleRegAttributes.EMAIL, true);
+ request.addAttribute(IdentityConstants.OpenId.SimpleRegAttributes.DOB,
+ true);
+ request.addAttribute(
+ IdentityConstants.OpenId.SimpleRegAttributes.GENDER, true);
+ request.addAttribute(
+ IdentityConstants.OpenId.SimpleRegAttributes.POSTAL_CODE,
true);
+ request.addAttribute(
+ IdentityConstants.OpenId.SimpleRegAttributes.COUNTRY, true);
+ request.addAttribute(
+ IdentityConstants.OpenId.SimpleRegAttributes.LANGUAGE, true);
+ request.addAttribute(
+ IdentityConstants.OpenId.SimpleRegAttributes.TIMEZONE, true);
+ }
+
+ /**
+ *
+ * @param response
+ * @param request
+ */
+ private void setRequestAttributes(FetchResponse response,
+ HttpServletRequest request) {
+
+ List aliases = null;
+ List values = null;
+
+ aliases = response.getAttributeAliases();
+
+ for (Object alias : aliases) {
+ values = response.getAttributeValues((String) alias);
+ request.setAttribute(((String) alias).toLowerCase(),
+ (String) values.get(0));
+ }
+
+ }
+
+ /**
+ *
+ * @param response
+ * @param request
+ */
+ private void setRequestAttributes(SRegResponse response,
+ HttpServletRequest request) {
+
+ Iterator iterator = null;
+ Map attributes = null;
+ String key = null;
+
+ attributes = response.getAttributes();
+ iterator = attributes.keySet().iterator();
+
+ while (iterator.hasNext()) {
+ key = (String) iterator.next();
+ request.setAttribute(key.toLowerCase(), attributes.get(key));
}
}
}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
