Search in sources :

Example 1 with MessageException

use of org.openid4java.message.MessageException in project spring-security by spring-projects.

the class OpenID4JavaConsumer method endConsumption.

public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
    // extract the parameters from the authentication response
    // (which comes in as a HTTP request from the OpenID provider)
    ParameterList openidResp = new ParameterList(request.getParameterMap());
    // retrieve the previously stored discovery information
    DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
    if (discovered == null) {
        throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
    }
    List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
    request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
    request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
    // extract the receiving URL from the HTTP request
    StringBuffer receivingURL = request.getRequestURL();
    String queryString = request.getQueryString();
    if (StringUtils.hasLength(queryString)) {
        receivingURL.append("?").append(request.getQueryString());
    }
    // verify the response
    VerificationResult verification;
    try {
        verification = consumerManager.verify(receivingURL.toString(), openidResp, discovered);
    } catch (MessageException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    } catch (DiscoveryException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    } catch (AssociationException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    }
    // examine the verification result and extract the verified identifier
    Identifier verified = verification.getVerifiedId();
    if (verified == null) {
        Identifier id = discovered.getClaimedIdentifier();
        return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, id == null ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList());
    }
    List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
    return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes);
}
Also used : Identifier(org.openid4java.discovery.Identifier) VerificationResult(org.openid4java.consumer.VerificationResult) MessageException(org.openid4java.message.MessageException) DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation) ParameterList(org.openid4java.message.ParameterList) AssociationException(org.openid4java.association.AssociationException) ParameterList(org.openid4java.message.ParameterList) ArrayList(java.util.ArrayList) List(java.util.List) DiscoveryException(org.openid4java.discovery.DiscoveryException)

Example 2 with MessageException

use of org.openid4java.message.MessageException in project hale by halestudio.

the class ProxyOpenIDConsumer method endConsumption.

@Override
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
    ParameterList openidResp = new ParameterList(request.getParameterMap());
    DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
    if (discovered == null) {
        throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
    }
    @SuppressWarnings("unchecked") List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
    request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
    request.getSession().removeAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
    StringBuffer receivingURL = request.getRequestURL();
    // XXX Proxy handling start
    String forwardedFor = request.getHeader("X-Forwarded-For");
    if (forwardedFor != null) {
        String proxyReceiving = ProxyOpenIDAuthenticationFilter.buildReturnToForProxy(receivingURL.toString(), forwardedFor);
        if (proxyReceiving != null) {
            receivingURL = new StringBuffer(proxyReceiving);
        } else {
            log.error("Could not determine proxy receiving URL");
        }
    }
    // XXX Proxy handling end
    String queryString = request.getQueryString();
    if (StringUtils.hasLength(queryString)) {
        receivingURL.append("?").append(request.getQueryString());
    }
    VerificationResult verification;
    try {
        verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
    } catch (MessageException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    } catch (DiscoveryException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    } catch (AssociationException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    }
    Identifier verified = verification.getVerifiedId();
    if (verified == null) {
        Identifier id = discovered.getClaimedIdentifier();
        return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, (id == null) ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList());
    }
    List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
    return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes);
}
Also used : OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute) OpenIDAuthenticationToken(org.springframework.security.openid.OpenIDAuthenticationToken) OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException) Identifier(org.openid4java.discovery.Identifier) VerificationResult(org.openid4java.consumer.VerificationResult) MessageException(org.openid4java.message.MessageException) DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation) ParameterList(org.openid4java.message.ParameterList) AssociationException(org.openid4java.association.AssociationException) ParameterList(org.openid4java.message.ParameterList) ArrayList(java.util.ArrayList) List(java.util.List) DiscoveryException(org.openid4java.discovery.DiscoveryException)

Example 3 with MessageException

use of org.openid4java.message.MessageException in project hale by halestudio.

the class ProxyOpenIDConsumer method beginConsumption.

@Override
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm) throws OpenIDConsumerException {
    List<?> discoveries;
    try {
        discoveries = this.consumerManager.discover(identityUrl);
    } catch (DiscoveryException e) {
        throw new OpenIDConsumerException("Error during discovery", e);
    }
    DiscoveryInformation information = this.consumerManager.associate(discoveries);
    req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
    AuthRequest authReq;
    try {
        authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
        log.debug("Looking up attribute fetch list for identifier: " + identityUrl);
        List<OpenIDAttribute> attributesToFetch = this.attributesToFetchFactory.createAttributeList(identityUrl);
        if (!(attributesToFetch.isEmpty())) {
            req.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", attributesToFetch);
            FetchRequest fetchRequest = FetchRequest.createFetchRequest();
            for (OpenIDAttribute attr : attributesToFetch) {
                if (log.isDebugEnabled()) {
                    log.debug("Adding attribute " + attr.getType() + " to fetch request");
                }
                fetchRequest.addAttribute(attr.getName(), attr.getType(), attr.isRequired(), attr.getCount());
            }
            authReq.addExtension(fetchRequest);
        }
    } catch (MessageException e) {
        throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
    } catch (ConsumerException e) {
        throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
    }
    return authReq.getDestinationUrl(true);
}
Also used : OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute) AuthRequest(org.openid4java.message.AuthRequest) MessageException(org.openid4java.message.MessageException) DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation) OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException) FetchRequest(org.openid4java.message.ax.FetchRequest) ConsumerException(org.openid4java.consumer.ConsumerException) OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException) DiscoveryException(org.openid4java.discovery.DiscoveryException)

Example 4 with MessageException

use of org.openid4java.message.MessageException in project hale by halestudio.

the class ProxyOpenIDConsumer method fetchAxAttributes.

private List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch) throws OpenIDConsumerException {
    if ((attributesToFetch == null) || (!(authSuccess.hasExtension("http://openid.net/srv/ax/1.0")))) {
        return Collections.emptyList();
    }
    log.debug("Extracting attributes retrieved by attribute exchange");
    List<OpenIDAttribute> attributes = Collections.emptyList();
    FetchResponse fetchResp;
    try {
        MessageExtension ext = authSuccess.getExtension("http://openid.net/srv/ax/1.0");
        if (ext instanceof FetchResponse) {
            fetchResp = (FetchResponse) ext;
            attributes = new ArrayList<OpenIDAttribute>(attributesToFetch.size());
            for (OpenIDAttribute attr : attributesToFetch) {
                @SuppressWarnings("unchecked") List<String> values = fetchResp.getAttributeValues(attr.getName());
                if (!(values.isEmpty())) {
                    OpenIDAttribute fetched = new OpenIDAttribute(attr.getName(), attr.getType(), values);
                    fetched.setRequired(attr.isRequired());
                    attributes.add(fetched);
                }
            }
        }
    } catch (MessageException e) {
        throw new OpenIDConsumerException("Attribute retrieval failed", e);
    }
    if (log.isDebugEnabled()) {
        log.debug("Retrieved attributes" + attributes);
    }
    return attributes;
}
Also used : OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute) MessageExtension(org.openid4java.message.MessageExtension) MessageException(org.openid4java.message.MessageException) OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException) FetchResponse(org.openid4java.message.ax.FetchResponse)

Example 5 with MessageException

use of org.openid4java.message.MessageException in project gerrit by GerritCodeReview.

the class OpenIdServiceImpl method discover.

@SuppressWarnings("unchecked")
DiscoveryResult discover(HttpServletRequest req, String openidIdentifier, SignInMode mode, boolean remember, String returnToken) {
    final State state;
    state = init(req, openidIdentifier, mode, remember, returnToken);
    if (state == null) {
        return new DiscoveryResult(DiscoveryResult.Status.NO_PROVIDER);
    }
    final AuthRequest aReq;
    try {
        aReq = manager.authenticate(state.discovered, state.retTo.toString());
        logger.atFine().log("OpenID: openid-realm=%s", state.contextUrl);
        aReq.setRealm(state.contextUrl);
        if (requestRegistration(aReq)) {
            final SRegRequest sregReq = SRegRequest.createFetchRequest();
            sregReq.addAttribute("fullname", true);
            sregReq.addAttribute("email", true);
            aReq.addExtension(sregReq);
            final FetchRequest fetch = FetchRequest.createFetchRequest();
            fetch.addAttribute("FirstName", SCHEMA_FIRSTNAME, true);
            fetch.addAttribute("LastName", SCHEMA_LASTNAME, true);
            fetch.addAttribute("Email", SCHEMA_EMAIL, true);
            aReq.addExtension(fetch);
        }
        if (0 <= papeMaxAuthAge) {
            final PapeRequest pape = PapeRequest.createPapeRequest();
            pape.setMaxAuthAge(papeMaxAuthAge);
            aReq.addExtension(pape);
        }
    } catch (MessageException | ConsumerException e) {
        logger.atSevere().withCause(e).log("Cannot create OpenID redirect for %s", openidIdentifier);
        return new DiscoveryResult(DiscoveryResult.Status.ERROR);
    }
    return new DiscoveryResult(aReq.getDestinationUrl(false), aReq.getParameterMap());
}
Also used : AuthRequest(org.openid4java.message.AuthRequest) SRegRequest(org.openid4java.message.sreg.SRegRequest) PapeRequest(org.openid4java.message.pape.PapeRequest) MessageException(org.openid4java.message.MessageException) FetchRequest(org.openid4java.message.ax.FetchRequest) ConsumerException(org.openid4java.consumer.ConsumerException)

Aggregations

MessageException (org.openid4java.message.MessageException)13 DiscoveryInformation (org.openid4java.discovery.DiscoveryInformation)7 DiscoveryException (org.openid4java.discovery.DiscoveryException)6 ParameterList (org.openid4java.message.ParameterList)5 FetchResponse (org.openid4java.message.ax.FetchResponse)5 AssociationException (org.openid4java.association.AssociationException)4 ConsumerException (org.openid4java.consumer.ConsumerException)4 VerificationResult (org.openid4java.consumer.VerificationResult)4 AuthRequest (org.openid4java.message.AuthRequest)4 List (java.util.List)3 Identifier (org.openid4java.discovery.Identifier)3 MessageExtension (org.openid4java.message.MessageExtension)3 FetchRequest (org.openid4java.message.ax.FetchRequest)3 OpenIDAttribute (org.springframework.security.openid.OpenIDAttribute)3 OpenIDConsumerException (org.springframework.security.openid.OpenIDConsumerException)3 ArrayList (java.util.ArrayList)2 ConsumerManager (org.openid4java.consumer.ConsumerManager)2 Message (org.openid4java.message.Message)2 AxMessage (org.openid4java.message.ax.AxMessage)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2