use of org.openid4java.message.MessageException in project spring-security by spring-projects.
the class OpenID4JavaConsumer method endConsumption.
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList openidResp = new ParameterList(request.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
if (discovered == null) {
throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
}
List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = request.getRequestURL();
String queryString = request.getQueryString();
if (StringUtils.hasLength(queryString)) {
receivingURL.append("?").append(request.getQueryString());
}
// verify the response
VerificationResult verification;
try {
verification = consumerManager.verify(receivingURL.toString(), openidResp, discovered);
} catch (MessageException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (DiscoveryException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (AssociationException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
}
// examine the verification result and extract the verified identifier
Identifier verified = verification.getVerifiedId();
if (verified == null) {
Identifier id = discovered.getClaimedIdentifier();
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, id == null ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList());
}
List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes);
}
use of org.openid4java.message.MessageException in project hale by halestudio.
the class ProxyOpenIDConsumer method endConsumption.
@Override
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
ParameterList openidResp = new ParameterList(request.getParameterMap());
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
if (discovered == null) {
throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
}
@SuppressWarnings("unchecked") List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
request.getSession().removeAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
StringBuffer receivingURL = request.getRequestURL();
// XXX Proxy handling start
String forwardedFor = request.getHeader("X-Forwarded-For");
if (forwardedFor != null) {
String proxyReceiving = ProxyOpenIDAuthenticationFilter.buildReturnToForProxy(receivingURL.toString(), forwardedFor);
if (proxyReceiving != null) {
receivingURL = new StringBuffer(proxyReceiving);
} else {
log.error("Could not determine proxy receiving URL");
}
}
// XXX Proxy handling end
String queryString = request.getQueryString();
if (StringUtils.hasLength(queryString)) {
receivingURL.append("?").append(request.getQueryString());
}
VerificationResult verification;
try {
verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
} catch (MessageException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (DiscoveryException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (AssociationException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
}
Identifier verified = verification.getVerifiedId();
if (verified == null) {
Identifier id = discovered.getClaimedIdentifier();
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, (id == null) ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList());
}
List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes);
}
use of org.openid4java.message.MessageException in project hale by halestudio.
the class ProxyOpenIDConsumer method beginConsumption.
@Override
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm) throws OpenIDConsumerException {
List<?> discoveries;
try {
discoveries = this.consumerManager.discover(identityUrl);
} catch (DiscoveryException e) {
throw new OpenIDConsumerException("Error during discovery", e);
}
DiscoveryInformation information = this.consumerManager.associate(discoveries);
req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
AuthRequest authReq;
try {
authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
log.debug("Looking up attribute fetch list for identifier: " + identityUrl);
List<OpenIDAttribute> attributesToFetch = this.attributesToFetchFactory.createAttributeList(identityUrl);
if (!(attributesToFetch.isEmpty())) {
req.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", attributesToFetch);
FetchRequest fetchRequest = FetchRequest.createFetchRequest();
for (OpenIDAttribute attr : attributesToFetch) {
if (log.isDebugEnabled()) {
log.debug("Adding attribute " + attr.getType() + " to fetch request");
}
fetchRequest.addAttribute(attr.getName(), attr.getType(), attr.isRequired(), attr.getCount());
}
authReq.addExtension(fetchRequest);
}
} catch (MessageException e) {
throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
} catch (ConsumerException e) {
throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
}
return authReq.getDestinationUrl(true);
}
use of org.openid4java.message.MessageException in project hale by halestudio.
the class ProxyOpenIDConsumer method fetchAxAttributes.
private List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch) throws OpenIDConsumerException {
if ((attributesToFetch == null) || (!(authSuccess.hasExtension("http://openid.net/srv/ax/1.0")))) {
return Collections.emptyList();
}
log.debug("Extracting attributes retrieved by attribute exchange");
List<OpenIDAttribute> attributes = Collections.emptyList();
FetchResponse fetchResp;
try {
MessageExtension ext = authSuccess.getExtension("http://openid.net/srv/ax/1.0");
if (ext instanceof FetchResponse) {
fetchResp = (FetchResponse) ext;
attributes = new ArrayList<OpenIDAttribute>(attributesToFetch.size());
for (OpenIDAttribute attr : attributesToFetch) {
@SuppressWarnings("unchecked") List<String> values = fetchResp.getAttributeValues(attr.getName());
if (!(values.isEmpty())) {
OpenIDAttribute fetched = new OpenIDAttribute(attr.getName(), attr.getType(), values);
fetched.setRequired(attr.isRequired());
attributes.add(fetched);
}
}
}
} catch (MessageException e) {
throw new OpenIDConsumerException("Attribute retrieval failed", e);
}
if (log.isDebugEnabled()) {
log.debug("Retrieved attributes" + attributes);
}
return attributes;
}
use of org.openid4java.message.MessageException in project gerrit by GerritCodeReview.
the class OpenIdServiceImpl method discover.
@SuppressWarnings("unchecked")
DiscoveryResult discover(HttpServletRequest req, String openidIdentifier, SignInMode mode, boolean remember, String returnToken) {
final State state;
state = init(req, openidIdentifier, mode, remember, returnToken);
if (state == null) {
return new DiscoveryResult(DiscoveryResult.Status.NO_PROVIDER);
}
final AuthRequest aReq;
try {
aReq = manager.authenticate(state.discovered, state.retTo.toString());
logger.atFine().log("OpenID: openid-realm=%s", state.contextUrl);
aReq.setRealm(state.contextUrl);
if (requestRegistration(aReq)) {
final SRegRequest sregReq = SRegRequest.createFetchRequest();
sregReq.addAttribute("fullname", true);
sregReq.addAttribute("email", true);
aReq.addExtension(sregReq);
final FetchRequest fetch = FetchRequest.createFetchRequest();
fetch.addAttribute("FirstName", SCHEMA_FIRSTNAME, true);
fetch.addAttribute("LastName", SCHEMA_LASTNAME, true);
fetch.addAttribute("Email", SCHEMA_EMAIL, true);
aReq.addExtension(fetch);
}
if (0 <= papeMaxAuthAge) {
final PapeRequest pape = PapeRequest.createPapeRequest();
pape.setMaxAuthAge(papeMaxAuthAge);
aReq.addExtension(pape);
}
} catch (MessageException | ConsumerException e) {
logger.atSevere().withCause(e).log("Cannot create OpenID redirect for %s", openidIdentifier);
return new DiscoveryResult(DiscoveryResult.Status.ERROR);
}
return new DiscoveryResult(aReq.getDestinationUrl(false), aReq.getParameterMap());
}
Aggregations