geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r709897 - in /geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src: main/java/org/apache/geronimo/components/jaspi/modules/openid/ test/java/org/apache/geronimo/components/jaspi/modules/openid/
Date Sun, 02 Nov 2008 18:06:41 GMT
Author: djencks
Date: Sun Nov  2 10:06:41 2008
New Revision: 709897

URL: http://svn.apache.org/viewvc?rev=709897&view=rev
Log:
add login page options

Modified:
    geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
    geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java

Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java?rev=709897&r1=709896&r2=709897&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
(original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/main/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModule.java
Sun Nov  2 10:06:41 2008
@@ -20,36 +20,36 @@
 
 package org.apache.geronimo.components.jaspi.modules.openid;
 
-import java.util.Map;
-import java.util.List;
 import java.io.IOException;
 import java.net.URL;
+import java.util.List;
+import java.util.Map;
 
-import javax.security.auth.message.module.ServerAuthModule;
-import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.message.AuthException;
-import javax.security.auth.message.MessageInfo;
 import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
 import javax.security.auth.message.callback.CallerPrincipalCallback;
 import javax.security.auth.message.callback.GroupPrincipalCallback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.Subject;
+import javax.security.auth.message.module.ServerAuthModule;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.openid4java.consumer.ConsumerManager;
 import org.openid4java.consumer.ConsumerException;
+import org.openid4java.consumer.ConsumerManager;
 import org.openid4java.consumer.InMemoryConsumerAssociationStore;
 import org.openid4java.consumer.InMemoryNonceVerifier;
 import org.openid4java.consumer.VerificationResult;
 import org.openid4java.discovery.DiscoveryException;
 import org.openid4java.discovery.DiscoveryInformation;
 import org.openid4java.discovery.Identifier;
-import org.openid4java.message.MessageException;
 import org.openid4java.message.AuthRequest;
+import org.openid4java.message.MessageException;
 import org.openid4java.message.ParameterList;
 
 /**
@@ -57,7 +57,7 @@
  */
 public class OpenIDServerAuthModule implements ServerAuthModule {
 
-    private static final Class[] SUPPORTED_MESSAGE_TYPES = new Class[] {HttpServletRequest.class,
HttpServletResponse.class};
+    private static final Class[] SUPPORTED_MESSAGE_TYPES = new Class[]{HttpServletRequest.class,
HttpServletResponse.class};
     public static final String MANDATORY_KEY = "javax.security.auth.message.MessagePolicy.isMandatory";
     public static final String AUTH_METHOD_KEY = "javax.servlet.http.authType";
     private static final String OPENID_IDENTIFIER = "openid_identifier";
@@ -66,6 +66,14 @@
     private static final String ORIGINAL_URI_KEY = "org.apache.geronimo.components.jaspi.openid.URI";
     private static final String RETURN_ADDRESS_KEY = "org.apache.geronimo.components.jaspi.openid.return.address";
 
+    public static final String LOGIN_PAGE_KEY = "org.apache.geronimo.security.jaspi.openid.LoginPage";
+    public static final String ERROR_PAGE_KEY = "org.apache.geronimo.security.jaspi.openid.ErrorPage";
+
+    private String errorPage;
+    private String errorPath;
+    private String loginPage;
+    private String loginPath;
+
     private CallbackHandler callbackHandler;
     private ConsumerManager consumerManager;
     private static final String ID_KEY = "org.apache.geronimo.components.jaspi.openid.ID";
@@ -75,17 +83,56 @@
     }
 
     public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler
handler, Map options) throws AuthException {
+        if (options == null) {
+            throw new AuthException("No options supplied");
+        }
         this.callbackHandler = handler;
         try {
             consumerManager = new ConsumerManager();
         } catch (ConsumerException e) {
-            throw (AuthException)new AuthException("Unable to create ConsumerManager").initCause(e);
+            throw (AuthException) new AuthException("Unable to create ConsumerManager").initCause(e);
         }
         consumerManager.setAssociations(new InMemoryConsumerAssociationStore());
         consumerManager.setNonceVerifier(new InMemoryNonceVerifier(5000));
 
         //??
         consumerManager.getRealmVerifier().setEnforceRpId(false);
+        setLoginPage((String) options.get(LOGIN_PAGE_KEY));
+        setErrorPage((String) options.get(ERROR_PAGE_KEY));
+    }
+
+    private void setLoginPage(String path) throws AuthException {
+        if (path == null) {
+            throw new AuthException("No login page specified with key " + LOGIN_PAGE_KEY);
+        }
+        if (!path.startsWith("/")) {
+            path = "/" + path;
+        }
+        loginPage = path;
+        loginPath = path;
+        if (loginPath.indexOf('?') > 0) {
+            loginPath = loginPath.substring(0, loginPath.indexOf('?'));
+        }
+    }
+
+    private void setErrorPage(String path) throws AuthException {
+        if (path == null) {
+            throw new AuthException("No error page specified with key " + ERROR_PAGE_KEY);
+        }
+        if (path == null || path.trim().length() == 0) {
+            errorPath = null;
+            errorPage = null;
+        } else {
+            if (!path.startsWith("/")) {
+                path = "/" + path;
+            }
+            errorPage = path;
+            errorPath = path;
+
+            if (errorPath.indexOf('?') > 0) {
+                errorPath = errorPath.substring(0, errorPath.indexOf('?'));
+            }
+        }
     }
 
     public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
{
@@ -96,11 +143,11 @@
         HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
         boolean isMandatory = isMandatory(messageInfo);
         HttpSession session = request.getSession(isMandatory);
-        //auth not mandatory and not logged in.
-        if (session == null) {
+        String uri = request.getPathInfo();
+        if (session == null || isLoginOrErrorPage(uri)) {
+            //auth not mandatory and not logged in.
             return AuthStatus.SUCCESS;
         }
-        String uri = request.getPathInfo();
 
         //are we returning from the OP redirect?
         if (uri.endsWith(RETURN_ADDRESS)) {
@@ -118,6 +165,12 @@
                     response.setContentLength(0);
                     String originalURI = (String) session.getAttribute(ORIGINAL_URI_KEY);
                     session.removeAttribute(ORIGINAL_URI_KEY);
+                    if (originalURI == null || originalURI.length() == 0) {
+                        originalURI = request.getContextPath();
+                        if (originalURI.length() == 0) {
+                            originalURI = "/";
+                        }
+                    }
                     response.sendRedirect(response.encodeRedirectURL(originalURI));
                     return AuthStatus.SEND_CONTINUE;
                 }
@@ -152,9 +205,9 @@
             URL opEndpoint = discovered.getOPEndpoint();
             clientSubject.getPrincipals().add(new OpenIDProviderPrincipal(opEndpoint.toString()));
             CallerPrincipalCallback cpCallback = new CallerPrincipalCallback(clientSubject,
principal);
-            GroupPrincipalCallback gpCallback = new GroupPrincipalCallback(clientSubject,
new String[] {"authenticated"});
+            GroupPrincipalCallback gpCallback = new GroupPrincipalCallback(clientSubject,
new String[]{"authenticated"});
             try {
-                callbackHandler.handle(new Callback[] {cpCallback, gpCallback});
+                callbackHandler.handle(new Callback[]{cpCallback, gpCallback});
             } catch (IOException e) {
 
             } catch (UnsupportedCallbackException e) {
@@ -170,11 +223,16 @@
         //assume not...
 
         String openidIdentifier = request.getParameter(OPENID_IDENTIFIER);
-        //redirect to login page here...
-        if (openidIdentifier == null) {
-            
-        }
         try {
+            //redirect to login page here...
+            if (openidIdentifier == null) {
+                // redirect to login page
+                session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
+                response.setContentLength(0);
+                response.sendRedirect(response.encodeRedirectURL(addPaths(request.getContextPath(),
loginPage)));
+                return AuthStatus.SEND_CONTINUE;
+
+            }
             List<DiscoveryInformation> discoveries = consumerManager.discover(openidIdentifier);
             //associate with one OP
             DiscoveryInformation discovered = consumerManager.associate(discoveries);
@@ -184,14 +242,16 @@
             String returnAddress = request.getRequestURL().append(RETURN_ADDRESS).toString();
             AuthRequest authRequest = consumerManager.authenticate(discovered, returnAddress);
             session.setAttribute(RETURN_ADDRESS_KEY, authRequest.getReturnTo());
-            
+
             //save original uri in response, to be retrieved after redirect returns
-            session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
+            if (session.getAttribute(ORIGINAL_URI_KEY) == null) {
+                session.setAttribute(ORIGINAL_URI_KEY, getFullRequestURI(request).toString());
+            }
 
             //TODO openid 2.0 form redirect
             response.sendRedirect(authRequest.getDestinationUrl(true));
             return AuthStatus.SEND_CONTINUE;
-            
+
         } catch (DiscoveryException e) {
             throw (AuthException) new AuthException("Could not authenticate").initCause(e);
         } catch (ConsumerException e) {
@@ -202,10 +262,32 @@
             throw (AuthException) new AuthException("Could not authenticate").initCause(e);
         }
 
-
 //        return null;
     }
 
+    private boolean isLoginOrErrorPage(String uri) {
+        return (uri != null &&
+                (uri.equals(loginPage) || uri.equals(errorPage)));
+    }
+
+    private String addPaths(String p1, String p2) {
+        StringBuilder b = new StringBuilder(p1);
+        if (p1.endsWith("/")) {
+            if (p2.startsWith("/")) {
+                b.append(p2, 1, p2.length() - 1);
+            } else {
+                b.append(p2);
+            }
+        } else {
+            if (!p2.startsWith("/")) {
+                b.append("/");
+            }
+            b.append(p2);
+        }
+
+        return b.toString();
+    }
+
     private StringBuilder getFullRequestURI(HttpServletRequest request) {
         StringBuilder builder = new StringBuilder();
         builder.append(request.getScheme()).append("://");
@@ -222,7 +304,7 @@
 
     private boolean isMandatory(MessageInfo messageInfo) {
         String mandatory = (String) messageInfo.getMap().get(MANDATORY_KEY);
-        if (mandatory == null){
+        if (mandatory == null) {
             return false;
         }
         return Boolean.valueOf(mandatory);

Modified: geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java?rev=709897&r1=709896&r2=709897&view=diff
==============================================================================
--- geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java
(original)
+++ geronimo/components/jaspi/trunk/geronimo-jaspi-openid/src/test/java/org/apache/geronimo/components/jaspi/modules/openid/OpenIDServerAuthModuleTest.java
Sun Nov  2 10:06:41 2008
@@ -20,6 +20,9 @@
 
 package org.apache.geronimo.components.jaspi.modules.openid;
 
+import java.util.Map;
+import java.util.HashMap;
+
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.message.config.AuthConfigFactory;
 import javax.security.auth.message.config.AuthConfigProvider;
@@ -44,6 +47,10 @@
         AuthConfigFactory factory1 = AuthConfigFactory.getFactory();
         AuthModuleType<ServerAuthModule> authModuleType = new AuthModuleType<ServerAuthModule>();
         authModuleType.setClassName(OpenIDServerAuthModule.class.getName());
+        Map<String, String> options = new HashMap<String, String>();
+        options.put(OpenIDServerAuthModule.LOGIN_PAGE_KEY, "/login.jsp");
+        options.put(OpenIDServerAuthModule.ERROR_PAGE_KEY, "/error.jsp");
+        authModuleType.setOptions(options);
         AuthConfigProvider authConfigProvider = JaspiUtil.wrapServerAuthModule("Http", "testApp",
"id", authModuleType, true, new ConstantClassLoaderLookup(getClass().getClassLoader()));
         factory1.registerConfigProvider(authConfigProvider, "Http", "testApp", "description");
         AuthConfigProvider authConfigProvider2 = factory1.getConfigProvider("Http", "testApp",
null);



Mime
View raw message