Example 1 with DiscoveryException
use of org.openid4java.discovery.DiscoveryException in project spring-security by spring-projects.
the class OpenID4JavaConsumer method endConsumption.
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList openidResp = new ParameterList(request.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
if (discovered == null) {
throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
}
List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = request.getRequestURL();
String queryString = request.getQueryString();
if (StringUtils.hasLength(queryString)) {
receivingURL.append("?").append(request.getQueryString());
}
// verify the response
VerificationResult verification;
try {
verification = consumerManager.verify(receivingURL.toString(), openidResp, discovered);
} catch (MessageException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (DiscoveryException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (AssociationException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
}
// examine the verification result and extract the verified identifier
Identifier verified = verification.getVerifiedId();
if (verified == null) {
Identifier id = discovered.getClaimedIdentifier();
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, id == null ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList());
}
List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes);
}
Also used :
Identifier(org.openid4java.discovery.Identifier)
VerificationResult(org.openid4java.consumer.VerificationResult)
MessageException(org.openid4java.message.MessageException)
DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation)
ParameterList(org.openid4java.message.ParameterList)
AssociationException(org.openid4java.association.AssociationException)
ParameterList(org.openid4java.message.ParameterList)
ArrayList(java.util.ArrayList)
List(java.util.List)
DiscoveryException(org.openid4java.discovery.DiscoveryException)
Example 2 with DiscoveryException
use of org.openid4java.discovery.DiscoveryException in project spring-security by spring-projects.
the class OpenID4JavaConsumerTests method discoveryExceptionRaisesOpenIDException.
@Test(expected = OpenIDConsumerException.class)
public void discoveryExceptionRaisesOpenIDException() throws Exception {
ConsumerManager mgr = mock(ConsumerManager.class);
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
when(mgr.discover(anyString())).thenThrow(new DiscoveryException("msg"));
consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
}
Also used :
ConsumerManager(org.openid4java.consumer.ConsumerManager)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
DiscoveryException(org.openid4java.discovery.DiscoveryException)
Example 3 with DiscoveryException
use of org.openid4java.discovery.DiscoveryException in project oxTrust by GluuFederation.
the class OxChooserWebService method clientIdentification.
@POST
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response clientIdentification(InitialID id) throws DiscoveryException, Exception {
try {
if (personService.authenticate(id.getUserID(), id.getPassWord())) {
GluuCustomPerson user = personService.getPersonByUid(id.getUserID());
postLogin(user);
return Response.ok().build();
} else {
return Response.status(401).entity("Not Authorized").build();
}
} catch (Exception ex) {
log.error("an error occured", ex);
return Response.status(401).entity("Not Authorized").build();
}
}
Also used :
GluuCustomPerson(org.gluu.oxtrust.model.GluuCustomPerson)
MessageException(org.openid4java.message.MessageException)
ConsumerException(org.openid4java.consumer.ConsumerException)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
DiscoveryException(org.openid4java.discovery.DiscoveryException)
AssociationException(org.openid4java.association.AssociationException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Example 4 with DiscoveryException
use of org.openid4java.discovery.DiscoveryException in project spring-security by spring-projects.
the class OpenID4JavaConsumerTests method verificationExceptionsRaiseOpenIDException.
@Test
public void verificationExceptionsRaiseOpenIDException() throws Exception {
ConsumerManager mgr = mock(ConsumerManager.class);
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
when(mgr.verify(anyString(), any(ParameterList.class), any(DiscoveryInformation.class))).thenThrow(new MessageException("")).thenThrow(new AssociationException("")).thenThrow(new DiscoveryException(""));
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("x=5");
try {
consumer.endConsumption(request);
fail("OpenIDConsumerException was not thrown");
} catch (OpenIDConsumerException expected) {
}
try {
consumer.endConsumption(request);
fail("OpenIDConsumerException was not thrown");
} catch (OpenIDConsumerException expected) {
}
try {
consumer.endConsumption(request);
fail("OpenIDConsumerException was not thrown");
} catch (OpenIDConsumerException expected) {
}
}
Also used :
ConsumerManager(org.openid4java.consumer.ConsumerManager)
MessageException(org.openid4java.message.MessageException)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation)
ParameterList(org.openid4java.message.ParameterList)
AssociationException(org.openid4java.association.AssociationException)
DiscoveryException(org.openid4java.discovery.DiscoveryException)
Example 5 with DiscoveryException
use of org.openid4java.discovery.DiscoveryException in project spring-security by spring-projects.
the class OpenID4JavaConsumer method beginConsumption.
// ~ Methods
// ========================================================================================================
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm) throws OpenIDConsumerException {
List<DiscoveryInformation> discoveries;
try {
discoveries = consumerManager.discover(identityUrl);
} catch (DiscoveryException e) {
throw new OpenIDConsumerException("Error during discovery", e);
}
DiscoveryInformation information = consumerManager.associate(discoveries);
req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
AuthRequest authReq;
try {
authReq = consumerManager.authenticate(information, returnToUrl, realm);
logger.debug("Looking up attribute fetch list for identifier: " + identityUrl);
List<OpenIDAttribute> attributesToFetch = attributesToFetchFactory.createAttributeList(identityUrl);
if (!attributesToFetch.isEmpty()) {
req.getSession().setAttribute(ATTRIBUTE_LIST_KEY, attributesToFetch);
FetchRequest fetchRequest = FetchRequest.createFetchRequest();
for (OpenIDAttribute attr : attributesToFetch) {
if (logger.isDebugEnabled()) {
logger.debug("Adding attribute " + attr.getType() + " to fetch request");
}
fetchRequest.addAttribute(attr.getName(), attr.getType(), attr.isRequired(), attr.getCount());
}
authReq.addExtension(fetchRequest);
}
} catch (MessageException e) {
throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
} catch (ConsumerException e) {
throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
}
return authReq.getDestinationUrl(true);
}
Also used :
AuthRequest(org.openid4java.message.AuthRequest)
MessageException(org.openid4java.message.MessageException)
DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation)
FetchRequest(org.openid4java.message.ax.FetchRequest)
ConsumerException(org.openid4java.consumer.ConsumerException)
DiscoveryException(org.openid4java.discovery.DiscoveryException)
Aggregations
DiscoveryException (org.openid4java.discovery.DiscoveryException)7
DiscoveryInformation (org.openid4java.discovery.DiscoveryInformation)5
MessageException (org.openid4java.message.MessageException)5
AssociationException (org.openid4java.association.AssociationException)4
ParameterList (org.openid4java.message.ParameterList)3
List (java.util.List)2
Consumes (javax.ws.rs.Consumes)2
POST (javax.ws.rs.POST)2
Produces (javax.ws.rs.Produces)2
ConsumerException (org.openid4java.consumer.ConsumerException)2
ConsumerManager (org.openid4java.consumer.ConsumerManager)2
VerificationResult (org.openid4java.consumer.VerificationResult)2
Identifier (org.openid4java.discovery.Identifier)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
UrlEncoded (com.google.gerrit.server.UrlEncoded)1
ArrayList (java.util.ArrayList)1
GET (javax.ws.rs.GET)1
Path (javax.ws.rs.Path)1
GluuCustomPerson (org.gluu.oxtrust.model.GluuCustomPerson)1
IdentityResponse (org.gluu.oxtrust.model.oxchooser.IdentityResponse)1
