geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r680532 - in /geronimo/plugins/openid-provider/trunk: geronimo-openid-provider/src/main/java/org/apache/geronimo/plugins/openid/provider/ geronimo-openid-provider/src/main/webapp/ geronimo-openid-provider/src/main/webapp/WEB-INF/ openid-pro...
Date Mon, 28 Jul 2008 22:11:18 GMT
Author: djencks
Date: Mon Jul 28 15:11:17 2008
New Revision: 680532

URL: http://svn.apache.org/viewvc?rev=680532&view=rev
Log:
add provider security backed with a test-only security realm

Added:
    geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/login.jsp
  (with props)
    geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/
    geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/groups.properties
  (with props)
    geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/users.properties
  (with props)
Removed:
    geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/index.jsp
Modified:
    geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/java/org/apache/geronimo/plugins/openid/provider/ProviderServlet.java
    geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/WEB-INF/web.xml
    geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/authorize.jsp
    geronimo/plugins/openid-provider/trunk/openid-provider-jetty/pom.xml
    geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/plan/plan.xml

Modified: geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/java/org/apache/geronimo/plugins/openid/provider/ProviderServlet.java
URL: http://svn.apache.org/viewvc/geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/java/org/apache/geronimo/plugins/openid/provider/ProviderServlet.java?rev=680532&r1=680531&r2=680532&view=diff
==============================================================================
--- geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/java/org/apache/geronimo/plugins/openid/provider/ProviderServlet.java
(original)
+++ geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/java/org/apache/geronimo/plugins/openid/provider/ProviderServlet.java
Mon Jul 28 15:11:17 2008
@@ -40,7 +40,7 @@
 /**
  * We assume that this servlet is protected by security constraints so the user has already
logged in.
  *
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class ProviderServlet extends HttpServlet {
 
@@ -50,17 +50,18 @@
     private static final String OPENID_IDENTITY = "openid.identity";
     private static final String OPENID_CLAIMED_ID = "openid.claimed_id";
     private RequestDispatcher requestDispatcher;
+    private String opEndpointUrl;
 
     @Override
     public void init(ServletConfig config) throws ServletException {
         super.init(config);
-        String opEndpointUrl = config.getInitParameter("OPEndpointUrl");
+        opEndpointUrl = config.getInitParameter("OPEndpointUrl");
         serverManager.setOPEndpointUrl(opEndpointUrl);
         String enforceRpIdStr = config.getInitParameter("EnforceRpId");
         boolean enforceRpId = (enforceRpIdStr == null) ? false : Boolean.valueOf(enforceRpIdStr);
         serverManager.setEnforceRpId(enforceRpId);
 
-        requestDispatcher = config.getServletContext().getRequestDispatcher("/authorize.jsp");
+        requestDispatcher = config.getServletContext().getRequestDispatcher("/provider/authorize");
     }
 
     @Override
@@ -107,8 +108,12 @@
 
     private void startCheckId(HttpSession session, ParameterList parameterList, HttpServletRequest
req, HttpServletResponse resp) throws IOException, ServletException {
         session.setAttribute(OPENID_PARAMETERLIST_SESSION_KEY, parameterList);
-        //TODO does this need to be a redirect?
-        requestDispatcher.forward(req, resp);
+        //TODO does this need to be a redirect?  No, but that allows authentication at a
different, protected, url
+        if (req.getUserPrincipal() != null) {
+            requestDispatcher.forward(req, resp);
+        } else {
+            resp.sendRedirect(opEndpointUrl + "/authorize?" + req.getQueryString());
+        }
     }
 
     private Message completeCheckId(HttpSession session, HttpServletRequest req, HttpServletResponse
resp) {

Modified: geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/WEB-INF/web.xml?rev=680532&r1=680531&r2=680532&view=diff
==============================================================================
--- geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/WEB-INF/web.xml
(original)
+++ geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/WEB-INF/web.xml
Mon Jul 28 15:11:17 2008
@@ -19,4 +19,39 @@
         <url-pattern>/provider/*</url-pattern>
     </servlet-mapping>
 
+    <servlet>
+      <servlet-name>authorize</servlet-name>
+      <jsp-file>/authorize.jsp</jsp-file>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>authorize</servlet-name>
+        <url-pattern>/provider/authorize</url-pattern>
+    </servlet-mapping>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>console</web-resource-name>
+        <!--<url-pattern>/provider</url-pattern>-->
+        <url-pattern>/provider/authorize</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>openid-user</role-name>
+      </auth-constraint>
+    </security-constraint>
+
+    <login-config>
+      <auth-method>FORM</auth-method>
+      <realm-name>geronimo-admin</realm-name>
+      <form-login-config>
+        <form-login-page>/login.jsp</form-login-page>
+        <form-error-page>/loginerror.jsp</form-error-page>
+      </form-login-config>
+    </login-config>
+
+    <security-role>
+      <role-name>openid-user</role-name>
+    </security-role>
+
+
 </web-app>

Modified: geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/authorize.jsp
URL: http://svn.apache.org/viewvc/geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/authorize.jsp?rev=680532&r1=680531&r2=680532&view=diff
==============================================================================
--- geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/authorize.jsp
(original)
+++ geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/authorize.jsp
Mon Jul 28 15:11:17 2008
@@ -1,10 +1,10 @@
 <html>
 <body>
 <h2>Authorize Authentication</h2>
-<p>UserID: ${openid.identity}</p>
-<p>User Claimed ID: ${openid.claimed_id}</p>
-<p>OpenID Realm: ${openid.realm}</p>
-<p>OpenID Return-to: ${openid.return_to}</p>
-<a href="?_action=complete.authentication" id="login">login</a>
+<p>UserID: <%=request.getParameter("openid.identity")%></p>
+<p>User Claimed ID: <%=request.getParameter("openid.claimed_id")%></p>
+<p>OpenID Realm: <%=request.getParameter("openid.realm")%></p>
+<p>OpenID Return-to: <%=request.getParameter("openid.return_to")%></p>
+<a href="provider/?_action=complete.authentication" id="login">login</a>
 </body>
 </html>

Added: geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/login.jsp
URL: http://svn.apache.org/viewvc/geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/login.jsp?rev=680532&view=auto
==============================================================================
--- geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/login.jsp
(added)
+++ geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/login.jsp
Mon Jul 28 15:11:17 2008
@@ -0,0 +1,36 @@
+<%@ page language="java"
+         contentType="text/html; charset=UTF-8" %>
+<%--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+--%>
+
+<%-- $Rev$ $Date$ --%>
+
+<html>
+<head>
+<title>OpenID Login</title>
+</head>
+
+<body onload="document.login.j_username.focus()">
+
+<form name="login" action="j_security_check" method="POST">
+
+<p>OpenID identity: <input name="j_username" id="j_username" type="text" value="<%=((org.openid4java.message.ParameterList)session.getAttribute("openid.parameterlist")).getParameterValue("openid.identity")%>"/></p>
+<p>password<input name="j_password" id="j_password" type="password"/></p>
+<p><input name="submit" type="submit" value="Login"/></p>
+</form>
+</body>
+</html>

Propchange: geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/login.jsp
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/login.jsp
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/plugins/openid-provider/trunk/geronimo-openid-provider/src/main/webapp/login.jsp
------------------------------------------------------------------------------
    svn:mime-type = text/html

Modified: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/plugins/openid-provider/trunk/openid-provider-jetty/pom.xml?rev=680532&r1=680531&r2=680532&view=diff
==============================================================================
--- geronimo/plugins/openid-provider/trunk/openid-provider-jetty/pom.xml (original)
+++ geronimo/plugins/openid-provider/trunk/openid-provider-jetty/pom.xml Mon Jul 28 15:11:17
2008
@@ -86,9 +86,11 @@
                         <value>true</value>
                         <includeVersion>true</includeVersion>
                     </useMavenDependencies>
-                    <!--<instance>-->
-                        <!--<plugin-artifact></plugin-artifact>-->
-                    <!--</instance>-->
+                    <instance>
+                        <plugin-artifact>
+                            <copy-file relative-to="server" dest-dir="var">openid</copy-file>
+                        </plugin-artifact>
+                    </instance>
                 </configuration>
             </plugin>
         </plugins>

Modified: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/plan/plan.xml?rev=680532&r1=680531&r2=680532&view=diff
==============================================================================
--- geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/plan/plan.xml (original)
+++ geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/plan/plan.xml Mon
Jul 28 15:11:17 2008
@@ -22,13 +22,38 @@
 
     <context-root>/OP</context-root>
 
-    <!--<security-realm-name>geronimo-admin</security-realm-name>-->
-    <!--<security xmlns="http://geronimo.apache.org/xml/ns/security-1.2">-->
-        <!--<role-mappings>-->
-            <!--<role role-name="admin">-->
-                <!--<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin" />-->
-            <!--</role>-->
-        <!--</role-mappings>-->
-    <!--</security>-->
+    <security-realm-name>openid-provider</security-realm-name>
+    <security xmlns="http://geronimo.apache.org/xml/ns/security-1.2">
+        <role-mappings>
+            <role role-name="openid-user">
+                <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="openid-user" />
+            </role>
+        </role-mappings>
+    </security>
 
+    <gbean name="openid-provider"
+        class="org.apache.geronimo.security.jaas.LoginModuleGBean">
+        <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
+        <attribute name="options">
+            usersURI=var/openid/users.properties
+            groupsURI=var/openid/groups.properties
+        </attribute>
+        <attribute name="loginDomainName">openid-provider</attribute>
+    </gbean>
+
+    <gbean name="openid-provider"
+        class="org.apache.geronimo.security.realm.GenericSecurityRealm">
+        <attribute name="realmName">openid-provider</attribute>
+        <reference name="LoginModuleConfiguration">
+            <name>openid-provider</name>
+        </reference>
+        <reference name="ServerInfo"><name>ServerInfo</name></reference>
+    </gbean>
+
+    <gbean name="openid-provider" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
+         <attribute name="controlFlag">REQUIRED</attribute>
+         <reference name="LoginModule">
+             <name>openid-provider</name>
+         </reference>
+     </gbean>
 </web-app>

Added: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/groups.properties
URL: http://svn.apache.org/viewvc/geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/groups.properties?rev=680532&view=auto
==============================================================================
--- geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/groups.properties
(added)
+++ geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/groups.properties
Mon Jul 28 15:11:17 2008
@@ -0,0 +1,17 @@
+#=====================================================================
+#  Licensed to the Apache Software Foundation (ASF) under one or more
+#  contributor license agreements.  See the NOTICE file distributed with
+#  this work for additional information regarding copyright ownership.
+#  The ASF licenses this file to You under the Apache License, Version 2.0
+#  (the "License"); you may not use this file except in compliance with
+#  the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#=====================================================================
+openid-user=http://localhost:8989/user

Propchange: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/groups.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/groups.properties
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/groups.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/users.properties
URL: http://svn.apache.org/viewvc/geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/users.properties?rev=680532&view=auto
==============================================================================
--- geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/users.properties
(added)
+++ geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/users.properties
Mon Jul 28 15:11:17 2008
@@ -0,0 +1,17 @@
+#=====================================================================
+#  Licensed to the Apache Software Foundation (ASF) under one or more
+#  contributor license agreements.  See the NOTICE file distributed with
+#  this work for additional information regarding copyright ownership.
+#  The ASF licenses this file to You under the Apache License, Version 2.0
+#  (the "License"); you may not use this file except in compliance with
+#  the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#=====================================================================
+http\://localhost\:8989/user=pw

Propchange: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/users.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/users.properties
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/plugins/openid-provider/trunk/openid-provider-jetty/src/main/resources/openid/users.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message