geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r709716 - in /geronimo/components/jaspi/trunk: geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/ geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/
Date Sat, 01 Nov 2008 16:03:01 GMT
Author: djencks
Date: Sat Nov  1 09:03:00 2008
New Revision: 709716

URL: http://svn.apache.org/viewvc?rev=709716&view=rev
Log:
GERONIMO-3417 Error message fix in AuthModule code, make the openid auth modules work

Modified:
    geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java
    geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java
    geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java
    geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
    geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java

Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java
(original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/AuthenticatedPrincipal.java
Sat Nov  1 09:03:00 2008
@@ -21,12 +21,33 @@
 package org.apache.geronimo.components.jaspi.modules.openid;
 
 import java.security.Principal;
+import java.io.Serializable;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
-public class AuthenticatedPrincipal implements Principal {
+public class AuthenticatedPrincipal implements Principal, Serializable {
+    private static final String AUTHENTICATED = "authenticated";
+
+    public AuthenticatedPrincipal() {
+    }
+
+    public AuthenticatedPrincipal(String ignoredName) {
+    }
+
     public String getName() {
-        return "authenticated";
+        return AUTHENTICATED;
     }
+
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        return true;
+    }
+
+    public int hashCode() {
+        return (AUTHENTICATED.hashCode());
+    }
+
 }

Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java
(original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/IdentifierPrincipal.java
Sat Nov  1 09:03:00 2008
@@ -21,11 +21,12 @@
 package org.apache.geronimo.components.jaspi.modules.openid;
 
 import java.security.Principal;
+import java.io.Serializable;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
-public class IdentifierPrincipal implements Principal {
+public class IdentifierPrincipal implements Principal, Serializable {
 
     private final String name;
     public IdentifierPrincipal(String identifier) {
@@ -35,4 +36,19 @@
     public String getName() {
         return name;
     }
+
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        IdentifierPrincipal principal = (IdentifierPrincipal) o;
+
+        if (name != null ? !name.equals(principal.name) : principal.name != null) return
false;
+
+        return true;
+    }
+
+    public int hashCode() {
+        return (name != null ? name.hashCode() : 0);
+    }
 }

Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java
(original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDProviderPrincipal.java
Sat Nov  1 09:03:00 2008
@@ -21,11 +21,12 @@
 package org.apache.geronimo.components.jaspi.modules.openid;
 
 import java.security.Principal;
+import java.io.Serializable;
 
 /**
  * @version $Rev$ $Date$
  */
-public class OpenIDProviderPrincipal implements Principal {
+public class OpenIDProviderPrincipal implements Principal, Serializable {
 
     private final String name;
     public OpenIDProviderPrincipal(String identifier) {
@@ -35,4 +36,19 @@
     public String getName() {
         return name;
     }
+
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        OpenIDProviderPrincipal that = (OpenIDProviderPrincipal) o;
+
+        if (name != null ? !name.equals(that.name) : that.name != null) return false;
+
+        return true;
+    }
+
+    public int hashCode() {
+        return (name != null ? name.hashCode() : 0);
+    }
 }
\ No newline at end of file

Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
(original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
Sat Nov  1 09:03:00 2008
@@ -64,6 +64,7 @@
     private static final String DISCOVERY_SESSION_KEY = "openid-disc";
     private static final String RETURN_ADDRESS = "/_openid_security_check";
     private static final String ORIGINAL_URI_KEY = "org.apache.geronimo.components.jaspi.openid.URI";
+    private static final String RETURN_ADDRESS_KEY = "org.apache.geronimo.components.jaspi.openid.return.address";
 
     private CallbackHandler callbackHandler;
     private ConsumerManager consumerManager;
@@ -74,7 +75,7 @@
     }
 
     public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler
handler, Map options) throws AuthException {
-        this.callbackHandler = callbackHandler;
+        this.callbackHandler = handler;
         try {
             consumerManager = new ConsumerManager();
         } catch (ConsumerException e) {
@@ -93,7 +94,8 @@
     public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject
serviceSubject) throws AuthException {
         HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
         HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
-        HttpSession session = request.getSession(isMandatory(messageInfo));
+        boolean isMandatory = isMandatory(messageInfo);
+        HttpSession session = request.getSession(isMandatory);
         //auth not mandatory and not logged in.
         if (session == null) {
             return AuthStatus.SUCCESS;
@@ -104,18 +106,23 @@
         if (uri.endsWith(RETURN_ADDRESS)) {
             ParameterList parameterList = new ParameterList(request.getParameterMap());
             DiscoveryInformation discovered = (DiscoveryInformation) session.getAttribute(DISCOVERY_SESSION_KEY);
-            //TODO what if its missing?
-            String originalURI = (String) session.getAttribute(ORIGINAL_URI_KEY);
+            String returnAddress = (String) session.getAttribute(RETURN_ADDRESS_KEY);
+            session.removeAttribute(RETURN_ADDRESS_KEY);
             try {
-                //TODO is originalURI correct for verify call???
-                VerificationResult verification = consumerManager.verify(originalURI, parameterList,
discovered);
+                VerificationResult verification = consumerManager.verify(returnAddress, parameterList,
discovered);
                 Identifier identifier = verification.getVerifiedId();
-                session.setAttribute(ID_KEY, identifier);
-                //redirect back to original page
-                session.removeAttribute(ORIGINAL_URI_KEY);
-                response.setContentLength(0);
-                response.sendRedirect(response.encodeRedirectURL(originalURI));
-                return AuthStatus.SEND_CONTINUE;
+
+                if (identifier != null) {
+                    session.setAttribute(ID_KEY, identifier);
+                    //redirect back to original page
+                    response.setContentLength(0);
+                    String originalURI = (String) session.getAttribute(ORIGINAL_URI_KEY);
+                    session.removeAttribute(ORIGINAL_URI_KEY);
+                    response.sendRedirect(response.encodeRedirectURL(originalURI));
+                    return AuthStatus.SEND_CONTINUE;
+                }
+                response.sendError(HttpServletResponse.SC_FORBIDDEN, "Response verification
failed: " + verification.getStatusMsg());
+
 //            } catch (MessageException e) {
 //
 //            } catch (DiscoveryException e) {
@@ -156,9 +163,17 @@
             return AuthStatus.SUCCESS;
         }
 
+        //if request is not mandatory, we don't authenticate.
+        if (!isMandatory) {
+            return AuthStatus.SUCCESS;
+        }
         //assume not...
 
         String openidIdentifier = request.getParameter(OPENID_IDENTIFIER);
+        //redirect to login page here...
+        if (openidIdentifier == null) {
+            
+        }
         try {
             List<DiscoveryInformation> discoveries = consumerManager.discover(openidIdentifier);
             //associate with one OP
@@ -166,8 +181,10 @@
             //save association info in session
             session.setAttribute(DISCOVERY_SESSION_KEY, discovered);
 
-            AuthRequest authRequest = consumerManager.authenticate(discovered, RETURN_ADDRESS);
-
+            String returnAddress = request.getRequestURL().append(RETURN_ADDRESS).toString();
+            AuthRequest authRequest = consumerManager.authenticate(discovered, returnAddress);
+            session.setAttribute(RETURN_ADDRESS_KEY, authRequest.getReturnTo());
+            
             //save original uri in response, to be retrieved after redirect returns
             session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
 
@@ -212,7 +229,7 @@
     }
 
     public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws
AuthException {
-        return AuthStatus.SUCCESS;
+        return AuthStatus.SEND_SUCCESS;
     }
 
 }

Modified: geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java?rev=709716&r1=709715&r2=709716&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java
(original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi/src/main/java/sxc/org/apache/geronimo/components/jaspi/model/AuthModuleTypeJAXB.java
Sat Nov  1 09:03:00 2008
@@ -150,7 +150,7 @@
 
                 authModuleTypeOptions.setObject(reader, context, authModuleType, options);
             } else {
-                context.unexpectedElement(elementReader, new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi",
"className"), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "requestPolicy"),
new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "responsePolicy"), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi",
"options"));
+                context.unexpectedElement(elementReader, new QName(elementReader.getNamespaceURI(),
elementReader.getLocalName()), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi",
"requestPolicy"), new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "responsePolicy"),
new QName("http://geronimo.apache.org/xml/ns/geronimo-jaspi", "options"));
             }
         }
 



Mime
View raw message