Author: prabath
Date: Tue Mar 4 22:31:10 2008
New Revision: 14510
Log:
adding PAPE support + PAPE demo
Modified:
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDExtensionFactory.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDUtil.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/index.html
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidaxsubmit.jsp
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidloggedin.jsp
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidsubmit.jsp
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDAuthenticationRequest.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDExtensionFactory.java
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDPape.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDSubmitAction.java
Modified:
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
==============================================================================
---
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
(original)
+++
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
Tue Mar 4 22:31:10 2008
@@ -159,6 +159,13 @@
public static final String AUTHENTICATED_AND_APPROVED =
"authenticatedAndApproved";
public final static String CANCEL = "cancel";
public final static String PARAM_LIST = "parameterlist";
+
+ public static class PapeAttributes
+ {
+ public final static String AUTH_POLICIES =
"auth_policies";
+ public final static String NIST_AUTH_LEVEL =
"nist_auth_level";
+ public final static String AUTH_AGE = "auth_age";
+ }
public static class SimpleRegAttributes {
@@ -206,7 +213,5 @@
public final static String TIMEZONE_NS = NS +
"/pref/timezone";
}
-
}
-
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDExtensionFactory.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDExtensionFactory.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDExtensionFactory.java
Tue Mar 4 22:31:10 2008
@@ -31,24 +31,22 @@
/**
* Create an instance of the OpenIDExtension based on the OpenID extension
* type
+ * @param alias Extension alias
* @param auth AuthRequest instance
* @return Appropriate OpenIDExtension instance
*/
- public OpenIDExtension getExtension(AuthRequest auth) {
+ public OpenIDExtension getExtension(String alias, AuthRequest auth) {
- if (auth
- .hasExtension(AxMessage.OPENID_NS_AX)) {
+ if (alias.equals(AxMessage.OPENID_NS_AX)) {
return new OpenIDAttributeExchange(auth);
- } else if (auth
-
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)
- || auth.hasExtension(SRegMessage.OPENID_NS_SREG)) {
+ } else if (alias
+ .equals(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)
+ || alias.equals(SRegMessage.OPENID_NS_SREG)) {
return new OpenIDSimpleReg(auth);
- }else if (auth
- .hasExtension(PapeMessage.OPENID_NS_PAPE)) {
+ } else if (alias.equals(PapeMessage.OPENID_NS_PAPE)) {
return new OpenIDPape(auth);
}
return null;
}
-
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
Tue Mar 4 22:31:10 2008
@@ -22,6 +22,7 @@
import org.wso2.solutions.identity.openid.extensions.OpenIDExtension;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.OpenIDUserRPDO;
+import org.wso2.solutions.identity.openid.OpenIDExtensionFactory;
import org.wso2.utils.ServerConfiguration;
public class OpenIDProvider {
@@ -235,11 +236,15 @@
return message.getDestinationUrl(true);
else {
OpenIDExtension extension = null;
- extension = OpenIDExtensionFactory.getInstance().getExtension(
- authReq);
- if (extension != null)
- message.addExtension(extension.getMessageExtension(userId,
- profileName));
+
+ for (Object alias : authReq.getExtensions()) {
+ extension =
OpenIDExtensionFactory.getInstance().getExtension((String)alias,
+ authReq);
+ if (extension != null)
+ message.addExtension(extension.getMessageExtension(userId,
+ profileName));
+ }
+
return message.getDestinationUrl(true);
}
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDUtil.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDUtil.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDUtil.java
Tue Mar 4 22:31:10 2008
@@ -163,5 +163,4 @@
}
return normalized.toString();
}
-
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
Tue Mar 4 22:31:10 2008
@@ -51,6 +51,7 @@
papeResponse = PapeResponse.createPapeResponse();
papeResponse.setNistAuthLevel(1);
papeResponse.setAuthAge(-1);
+
papeResponse.setAuthPolicies(PapeMessage.PAPE_POLICY_PHISHING_RESISTANT);
}
//TODO:
Modified:
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/index.html
==============================================================================
---
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/index.html
(original)
+++
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/index.html
Tue Mar 4 22:31:10 2008
@@ -95,6 +95,23 @@
<br/>
+<h2>OpenID PAPE Demo</h2>
+
+<form name="frm" id="frm" method="post" action="openidpolicyrequest.jsp">
+ OpenID Url: <input class='openid-url' id='openIdUrl'
name="openIdUrl" size='30' /><br/><br/>
+
+ <input type="submit" name="submit" value="Login" />
+</form>
+
+Specification: <a
href="http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html";>OpenID
Provider Authentication Policy Extension 1.0, draft 1</a><br/>
+
+<br/>
+
+
+<hr/>
+
+<br/>
+
<h2>OpenID Information Cards Demo</h2>
<a href="openidinfocardloggedin.jsp"><img src="images/openid_infocard.png"
/></a>
Modified:
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidaxsubmit.jsp
==============================================================================
---
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidaxsubmit.jsp
(original)
+++
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidaxsubmit.jsp
Tue Mar 4 22:31:10 2008
@@ -35,7 +35,7 @@
openIDAuthRequest
- .setRequestType(OpenIDRequestType.ATTRIBUTE_EXCHANGE);
+ .addRequestType(OpenIDRequestType.ATTRIBUTE_EXCHANGE);
if (useOpenIDSchema != null && useOpenIDSchema
.equalsIgnoreCase("true"))
{
Modified:
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidloggedin.jsp
==============================================================================
---
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidloggedin.jsp
(original)
+++
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidloggedin.jsp
Tue Mar 4 22:31:10 2008
@@ -27,6 +27,28 @@
<strong>Logged in
Successfully...!</strong><br />
</td>
</tr>
+
+ <% if (request.getAttribute("auth_policies") != null) { %>
+ <tr>
+ <td>Authentication Policies:</td>
+
<td><%=request.getAttribute("auth_policies")%></td>
+ </tr>
+ <%}%>
+ <% if (request.getAttribute("nist_auth_level") != null) { %>
+ <tr>
+ <td>NIST Auth Level:</td>
+
<td><%=request.getAttribute("nist_auth_level")%></td>
+ </tr>
+ <%}%>
+ <% if (request.getAttribute("auth_age") != null) { %>
+ <tr>
+ <td>Auth Age:</td>
+ <td><%=request.getAttribute("auth_age")%></td>
+ <hr/>
+ </tr>
+ <%}%>
+
+
<% if (request.getAttribute("openid_identifier") != null) {
%>
<tr>
<td>Your OpenID:</td>
Modified:
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidsubmit.jsp
==============================================================================
---
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidsubmit.jsp
(original)
+++
trunk/solutions/identity/modules/samples/servlet-filter/src/main/webapp/openidsubmit.jsp
Tue Mar 4 22:31:10 2008
@@ -30,7 +30,7 @@
host = serverConfig.getFirstProperty("HostName");
httpsPort = serverConfig.getFirstProperty("Ports.HTTPS");
-
openIDAuthRequest.setRequestType(OpenIDRequestType.SIMPLE_REGISTRATION);
+
openIDAuthRequest.addRequestType(OpenIDRequestType.SIMPLE_REGISTRATION);
// Set the required claims - I need these claims from
the OpenID
// Provider.
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDAuthenticationRequest.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDAuthenticationRequest.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDAuthenticationRequest.java
Tue Mar 4 22:31:10 2008
@@ -16,11 +16,13 @@
private String openIDUrl;
private ArrayList requiredClaims = new ArrayList();
-
- private OpenIDRequestType requestType;
+
+ private ArrayList<OpenIDRequestType> requestTypes = new
ArrayList<OpenIDRequestType>();
private ArrayList<AuthPolicyType> authTypes = new
ArrayList<AuthPolicyType>();
+ private int maxAuthAge;
+
public OpenIDAuthenticationRequest(HttpServletRequest request,
HttpServletResponse reponse) {
super();
@@ -36,12 +38,12 @@
this.openIDUrl = openIDUrl;
}
- public OpenIDRequestType getRequestType() {
- return requestType;
+ public ArrayList<OpenIDRequestType> getRequestTypes() {
+ return requestTypes;
}
- public void setRequestType(OpenIDRequestType requestType) {
- this.requestType = requestType;
+ public void addRequestType(OpenIDRequestType requestType) {
+ requestTypes.add(requestType);
}
public HttpServletResponse getReponse() {
@@ -82,6 +84,14 @@
requiredClaims.add(axAttributes);
}
+ public int getMaxAuthAge() {
+ return maxAuthAge;
+ }
+
+ public void setMaxAuthAge(int maxAuthAge) {
+ this.maxAuthAge = maxAuthAge;
+ }
+
public void addAuthPolicy(AuthPolicyType policyType) {
authTypes.add(policyType);
}
@@ -89,5 +99,4 @@
public ArrayList<AuthPolicyType> getAuthTypes() {
return authTypes;
}
-
}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java
Tue Mar 4 22:31:10 2008
@@ -111,11 +111,12 @@
request.setAttribute(IdentityConstants.OpenId.OPENID_IDENTIFIER,
authSuccess.getIdentity());
- extension = OpenIDExtensionFactory.getInstance().getExtension(
- authSuccess);
-
- if (extension != null)
- extension.setSessionAttributes(request);
+ for (Object alias : authSuccess.getExtensions()) {
+ extension = OpenIDExtensionFactory.getInstance().getExtension(
+ (String)alias,authSuccess);
+ if (extension != null)
+ extension.setSessionAttributes(request);
+ }
request.setAttribute(TokenVerifierConstants.SERVLET_ATTR_STATE,
TokenVerifierConstants.STATE_SUCCESS);
@@ -195,7 +196,6 @@
DiscoveryInformation discovered = null;
try {
-
// Perform discovery on the user-supplied identifier
discoveries = manager.discover(request.getOpenIDUrl());
@@ -211,9 +211,10 @@
AuthRequest authReq = manager.authenticate(discovered, request
.getReturnUrl());
- authReq.addExtension(OpenIDExtensionFactory.getInstance()
- .getExtension(request.getRequestType())
- .getMessageExtension(request));
+ for (OpenIDRequestType type : request.getRequestTypes()) {
+ authReq.addExtension(OpenIDExtensionFactory.getInstance()
+ .getExtension(type).getMessageExtension(request));
+ }
// Redirect to the OpenID provider server for authentication.
try {
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDExtensionFactory.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDExtensionFactory.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDExtensionFactory.java
Tue Mar 4 22:31:10 2008
@@ -50,20 +50,19 @@
/**
* Create an instance of the OpenIDExtension based on the OpenID extension
* type
+ * @param alias Extension alias
* @param auth AuthSuccess instance
* @return Appropriate OpenIDExtension instance
*/
- public OpenIDExtension getExtension(AuthSuccess auth) {
+ public OpenIDExtension getExtension(String alias, AuthSuccess auth) {
- if (auth
- .hasExtension(AxMessage.OPENID_NS_AX)) {
+ if (alias.equals(AxMessage.OPENID_NS_AX)) {
return new OpenIDAttributeExchange(auth);
- } else if (auth
-
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)
- || auth.hasExtension(SRegMessage.OPENID_NS_SREG)) {
+ } else if (alias
+ .equals(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)
+ || alias.equals(SRegMessage.OPENID_NS_SREG)) {
return new OpenIDSimpleReg(auth);
- }else if (auth
- .hasExtension(PapeMessage.OPENID_NS_PAPE)) {
+ } else if (alias.equals(PapeMessage.OPENID_NS_PAPE)) {
return new OpenIDPape(auth);
}
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDPape.java
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDPape.java
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDPape.java
Tue Mar 4 22:31:10 2008
@@ -82,10 +82,20 @@
if (authSuccess.hasExtension(PapeResponse.OPENID_NS_PAPE)) {
papeResponse = (PapeResponse) authSuccess
.getExtension(PapeResponse.OPENID_NS_PAPE);
+ if (papeResponse != null) {
+ request
+ .setAttribute(
+
IdentityConstants.OpenId.PapeAttributes.AUTH_POLICIES,
+ papeResponse.getAuthPolicies());
+ request.setAttribute(
+ IdentityConstants.OpenId.PapeAttributes.AUTH_AGE,
+ papeResponse.getAuthAge());
+ request
+ .setAttribute(
+
IdentityConstants.OpenId.PapeAttributes.NIST_AUTH_LEVEL,
+ papeResponse.getNistAuthLevel());
+ }
}
-
- //TODO:
-
} catch (MessageException e) {
throw new RelyingPartyException(
IdentityConstants.ErrorCodes.OPENID_AUTHENTICATION_FAILED,
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDSubmitAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDSubmitAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDSubmitAction.java
Tue Mar 4 22:31:10 2008
@@ -44,7 +44,7 @@
openIDAuthRequest.setOpenIDUrl(getOpenIdUrl());
openIDAuthRequest
- .setRequestType(OpenIDRequestType.SIMPLE_REGISTRATION);
+ .addRequestType(OpenIDRequestType.SIMPLE_REGISTRATION);
// Set the required claims - I need these claims from the OpenID
// Provider.
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
