I apologize for the insufficient data. The goal is to foward the user to google.com to login and on successful authentication, reveal the original page desired. The original author used a .jsp that simply produces itself. But that's a separate issue--I think. I've not been able to capture an exception when attempting to forward(). Tomcat seems to go into a loop of some kind.--mj
OS: Windows 7 Enterprise (6.1.7600) Tomcat: 7.0.12 IE: 8.0.7600.16385 The initial servlet . . . // source file HRSurveyLogin.java package edu.ufl.uflib.hr.web; // external libraries import java.io.*; import java.lang.*; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; import org.openid4java.*; import org.openid4java.association.*; import org.openid4java.discovery.*; import org.openid4java.consumer.*; import org.openid4java.message.*; import org.openid4java.message.ax.*; public class HRSurveyLogin extends HttpServlet { // attributes String discoveryTargetURL; // userSuppliedString (discovery endpoint) String verifierServlet; // openid.return_to (our verification servlet) String assocHandle; // openid.assoc_handle AuthRequest authentication; // object with auth data ConsumerManager manager; // directing openid4java object DiscoveryInformation discoveryData; // after "association" List discoveryDoc; // xrds response doc (xml--why a list?) FetchRequest fetcher; // attribute getter PrintWriter outstream; // not used RequestDispatcher home; // control transfer mechanism RequestDispatcher debug; RequestDispatcher test; ServletContext context; // this app's memory area /***************************************************************** * * * populate the openid4java tools here and prepare the * * authentication request here during intit() * * * *****************************************************************/ public void init() throws ServletException { // prepare openid4java objects // TODO: use real ip address // verifierServlet = "http://128.227.254.84:8080/hrsurvey/verify"; discoveryTargetURL = "https://www.google.com/accounts/o8/id"; verifierServlet = "http://localhost:8080/hrsurvey/verify"; manager = new ConsumerManager(); context = this.getServletContext(); try { // prepare control transfer mechanism debug = context.getRequestDispatcher("/error"); home = context.getRequestDispatcher("/hrsurvey.htm"); } catch(Exception error) { System.out.println("problem initializing dispatchers: " + error.getMessage()); } try { // perform discovery discoveryDoc = manager.discover(discoveryTargetURL); } catch(Exception error) { System.out.println("problem during discovery"); System.out.println(error.getMessage()); } // handshake and get "real" endpoint address // TODO: catch errors here--see documentation discoveryData = manager.associate(discoveryDoc); try { // build authentication request and obtain shared secret authentication = manager.authenticate(discoveryData, verifierServlet); assocHandle = authentication.getHandle(); } catch (Exception error) { System.out.println(" problem with authentication!!!" + error.getMessage()); } try { // add e-mail request to url fetcher = FetchRequest.createFetchRequest(); fetcher.addAttribute("email", "http://axschema.org/contact/email", true ); authentication.addExtension(fetcher); } catch (Exception error) { System.out.println("problem with adding extensions to request"); System.out.println(error.getMessage()); } } // method init() ends /***************************************************************** * * * save association handle for later verification and send * * the user to openID provider here in doGet() * * * *****************************************************************/ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // prevent response from being committed before forward() is called response.setContentType("text/plain"); response.setBufferSize(4096); outstream = response.getWriter(); if ( request.getSession().getAttribute("visited") == null ) { // disable authentication on accidental visits here during session // TODO: find better way to do this like event listeners request.getSession().setAttribute("visited", "visited"); try { // store association handle for verification context.setAttribute("handle", assocHandle); } catch(Exception error) { request.getSession().setAttribute("error_message", "problem saving association hanlde to session: " + error.getMessage()); debug.forward(request, response); } // send user to openID provider for sign-in response.sendRedirect(authentication.getDestinationUrl(true)); } else { if ( context.getAttribute("verified") == null ) { request.getSession().setAttribute("error_message", "unverfied attempt to access homepage: "); debug.forward(request, response); } else { request.getSession().setAttribute("error_message", "success--the user has been verified"); debug.forward(request, response); } <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< reveal the protected resource here upon login success (hrsurvey.htm) using --RequestDispatcher home;-- } // close writer outstream.close(); } // method doGet() ends public void destroy() { debug = null; home = null; fetcher = null; manager = null; } } // class HRSurveyLogin ends // source file HRSurveyLogin.java ends The deployment descriptor . . . . <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" > <!-- servlet declarations --> <!-- use this one for single-servlet approach <servlet> <servlet-name>HRSurveyAuth</servlet-name> <servlet-class>edu.ufl.uflib.hr.web.HRSurveyAuth</servlet-class> </servlet> --> <servlet> <servlet-name>HRSurveyError</servlet-name> <servlet-class>edu.ufl.uflib.hr.web.HRSurveyError</servlet-class> <load-on-startup>3</load-on-startup> </servlet> <servlet> <servlet-name>HRSurveyInclude</servlet-name> <servlet-class>edu.ufl.uflib.hr.web.HRSurveyInclude</servlet-class> <load-on-startup>4</load-on-startup> </servlet> <servlet> <servlet-name>HRSurveyLogin</servlet-name> <servlet-class>edu.ufl.uflib.hr.web.HRSurveyLogin</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet> <servlet-name>HRSurveyVerify</servlet-name> <servlet-class>edu.ufl.uflib.hr.web.HRSurveyVerify</servlet-class> <load-on-startup>2</load-on-startup> </servlet> <servlet> <servlet-name>ReportServlet</servlet-name> <servlet-class>edu.ufl.uflib.hr.web.ReportServlet</servlet-class> </servlet> <!-- servlet mapping --> <!-- <servlet-mapping> <servlet-name>HRSurveyAuth</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> --> <servlet-mapping> <servlet-name>HRSurveyError</servlet-name> <url-pattern>/error</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>HRSurveyInclude</servlet-name> <url-pattern>/include</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>HRSurveyLogin</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>HRSurveyVerify</servlet-name> <url-pattern>/verify</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ReportServlet</servlet-name> <url-pattern>/report</url-pattern> </servlet-mapping> <session-config> <session-timeout>5</session-timeout> </session-config> <!-- this nullifies the default context and let's use use index.htm if we wish but only when we wish --> <welcome-file-list> <welcome-file>foo.xml</welcome-file> </welcome-file-list> <resource-ref> <res-ref-name>jdbc/pooledDB</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> </web-app> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org