Example 1 with OpenIDAttribute
use of org.springframework.security.openid.OpenIDAttribute in project hale by halestudio.
the class ProxyOpenIDConsumer method endConsumption.
@Override
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
ParameterList openidResp = new ParameterList(request.getParameterMap());
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
if (discovered == null) {
throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
}
@SuppressWarnings("unchecked") List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
request.getSession().removeAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
StringBuffer receivingURL = request.getRequestURL();
// XXX Proxy handling start
String forwardedFor = request.getHeader("X-Forwarded-For");
if (forwardedFor != null) {
String proxyReceiving = ProxyOpenIDAuthenticationFilter.buildReturnToForProxy(receivingURL.toString(), forwardedFor);
if (proxyReceiving != null) {
receivingURL = new StringBuffer(proxyReceiving);
} else {
log.error("Could not determine proxy receiving URL");
}
}
// XXX Proxy handling end
String queryString = request.getQueryString();
if (StringUtils.hasLength(queryString)) {
receivingURL.append("?").append(request.getQueryString());
}
VerificationResult verification;
try {
verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
} catch (MessageException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (DiscoveryException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (AssociationException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
}
Identifier verified = verification.getVerifiedId();
if (verified == null) {
Identifier id = discovered.getClaimedIdentifier();
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, (id == null) ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList());
}
List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes);
}
Also used :
OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute)
OpenIDAuthenticationToken(org.springframework.security.openid.OpenIDAuthenticationToken)
OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException)
Identifier(org.openid4java.discovery.Identifier)
VerificationResult(org.openid4java.consumer.VerificationResult)
MessageException(org.openid4java.message.MessageException)
DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation)
ParameterList(org.openid4java.message.ParameterList)
AssociationException(org.openid4java.association.AssociationException)
ParameterList(org.openid4java.message.ParameterList)
ArrayList(java.util.ArrayList)
List(java.util.List)
DiscoveryException(org.openid4java.discovery.DiscoveryException)
Example 2 with OpenIDAttribute
use of org.springframework.security.openid.OpenIDAttribute in project hale by halestudio.
the class ProxyOpenIDConsumer method beginConsumption.
@Override
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm) throws OpenIDConsumerException {
List<?> discoveries;
try {
discoveries = this.consumerManager.discover(identityUrl);
} catch (DiscoveryException e) {
throw new OpenIDConsumerException("Error during discovery", e);
}
DiscoveryInformation information = this.consumerManager.associate(discoveries);
req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
AuthRequest authReq;
try {
authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
log.debug("Looking up attribute fetch list for identifier: " + identityUrl);
List<OpenIDAttribute> attributesToFetch = this.attributesToFetchFactory.createAttributeList(identityUrl);
if (!(attributesToFetch.isEmpty())) {
req.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", attributesToFetch);
FetchRequest fetchRequest = FetchRequest.createFetchRequest();
for (OpenIDAttribute attr : attributesToFetch) {
if (log.isDebugEnabled()) {
log.debug("Adding attribute " + attr.getType() + " to fetch request");
}
fetchRequest.addAttribute(attr.getName(), attr.getType(), attr.isRequired(), attr.getCount());
}
authReq.addExtension(fetchRequest);
}
} catch (MessageException e) {
throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
} catch (ConsumerException e) {
throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
}
return authReq.getDestinationUrl(true);
}
Also used :
OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute)
AuthRequest(org.openid4java.message.AuthRequest)
MessageException(org.openid4java.message.MessageException)
DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation)
OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException)
FetchRequest(org.openid4java.message.ax.FetchRequest)
ConsumerException(org.openid4java.consumer.ConsumerException)
OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException)
DiscoveryException(org.openid4java.discovery.DiscoveryException)
Example 3 with OpenIDAttribute
use of org.springframework.security.openid.OpenIDAttribute in project hale by halestudio.
the class ProxyOpenIDConsumer method fetchAxAttributes.
private List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch) throws OpenIDConsumerException {
if ((attributesToFetch == null) || (!(authSuccess.hasExtension("http://openid.net/srv/ax/1.0")))) {
return Collections.emptyList();
}
log.debug("Extracting attributes retrieved by attribute exchange");
List<OpenIDAttribute> attributes = Collections.emptyList();
FetchResponse fetchResp;
try {
MessageExtension ext = authSuccess.getExtension("http://openid.net/srv/ax/1.0");
if (ext instanceof FetchResponse) {
fetchResp = (FetchResponse) ext;
attributes = new ArrayList<OpenIDAttribute>(attributesToFetch.size());
for (OpenIDAttribute attr : attributesToFetch) {
@SuppressWarnings("unchecked") List<String> values = fetchResp.getAttributeValues(attr.getName());
if (!(values.isEmpty())) {
OpenIDAttribute fetched = new OpenIDAttribute(attr.getName(), attr.getType(), values);
fetched.setRequired(attr.isRequired());
attributes.add(fetched);
}
}
}
} catch (MessageException e) {
throw new OpenIDConsumerException("Attribute retrieval failed", e);
}
if (log.isDebugEnabled()) {
log.debug("Retrieved attributes" + attributes);
}
return attributes;
}
Also used :
OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute)
MessageExtension(org.openid4java.message.MessageExtension)
MessageException(org.openid4java.message.MessageException)
OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException)
FetchResponse(org.openid4java.message.ax.FetchResponse)
Example 4 with OpenIDAttribute
use of org.springframework.security.openid.OpenIDAttribute in project hale by halestudio.
the class UserDetailsServiceImpl method loadUserDetails.
@Override
public UserDetails loadUserDetails(OpenIDAuthenticationToken token) throws UsernameNotFoundException {
OrientGraph graph = DatabaseHelper.getGraph();
try {
User user;
try {
user = User.getByLogin(graph, token.getIdentityUrl());
} catch (NonUniqueResultException e) {
// multiple users w/ same login?!
log.error("Found multiple user with same identity URL: " + token.getIdentityUrl(), e);
throw new IllegalStateException("Multiple users found for login");
}
boolean newUser = false;
if (user == null) {
// if using OpenID every user is automatically registered
// create a default user
user = User.create(graph);
user.setLogin(token.getIdentityUrl());
user.setPassword("");
newUser = true;
// try to retrieve info from attribute exchange
for (OpenIDAttribute attribute : token.getAttributes()) {
if (attribute.getCount() >= 0) {
switch(attribute.getName()) {
// fall through
case "email":
case "emailAlt":
user.setEmail(attribute.getValues().get(0));
break;
case "firstName":
user.setName(attribute.getValues().get(0));
break;
case "lastName":
user.setSurname(attribute.getValues().get(0));
break;
}
}
}
log.info("Create default user for Open ID " + token.getIdentityUrl());
}
return createUserDetails(user, newUser);
} finally {
graph.shutdown();
}
}
Also used :
NonUniqueResultException(eu.esdihumboldt.util.blueprints.entities.NonUniqueResultException)
OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute)
ExtendedUser(eu.esdihumboldt.hale.server.security.util.impl.ExtendedUser)
User(eu.esdihumboldt.hale.server.model.User)
OrientGraph(com.tinkerpop.blueprints.impls.orient.OrientGraph)
Example 5 with OpenIDAttribute
use of org.springframework.security.openid.OpenIDAttribute in project spring-security by spring-projects.
the class CustomUserDetailsService method loadUserDetails.
/**
* Implementation of {@code AuthenticationUserDetailsService} which allows full access
* to the submitted {@code Authentication} object. Used by the
* OpenIDAuthenticationProvider.
*/
public UserDetails loadUserDetails(OpenIDAuthenticationToken token) {
String id = token.getIdentityUrl();
CustomUserDetails user = registeredUsers.get(id);
if (user != null) {
return user;
}
String email = null;
String firstName = null;
String lastName = null;
String fullName = null;
List<OpenIDAttribute> attributes = token.getAttributes();
for (OpenIDAttribute attribute : attributes) {
if (attribute.getName().equals("email")) {
email = attribute.getValues().get(0);
}
if (attribute.getName().equals("firstname")) {
firstName = attribute.getValues().get(0);
}
if (attribute.getName().equals("lastname")) {
lastName = attribute.getValues().get(0);
}
if (attribute.getName().equals("fullname")) {
fullName = attribute.getValues().get(0);
}
}
if (fullName == null) {
StringBuilder fullNameBldr = new StringBuilder();
if (firstName != null) {
fullNameBldr.append(firstName);
}
if (lastName != null) {
fullNameBldr.append(" ").append(lastName);
}
fullName = fullNameBldr.toString();
}
user = new CustomUserDetails(id, DEFAULT_AUTHORITIES);
user.setEmail(email);
user.setName(fullName);
registeredUsers.put(id, user);
user = new CustomUserDetails(id, DEFAULT_AUTHORITIES);
user.setEmail(email);
user.setName(fullName);
user.setNewUser(true);
return user;
}
Also used :
OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute)
Aggregations
OpenIDAttribute (org.springframework.security.openid.OpenIDAttribute)5
MessageException (org.openid4java.message.MessageException)3
OpenIDConsumerException (org.springframework.security.openid.OpenIDConsumerException)3
DiscoveryException (org.openid4java.discovery.DiscoveryException)2
DiscoveryInformation (org.openid4java.discovery.DiscoveryInformation)2
OrientGraph (com.tinkerpop.blueprints.impls.orient.OrientGraph)1
User (eu.esdihumboldt.hale.server.model.User)1
ExtendedUser (eu.esdihumboldt.hale.server.security.util.impl.ExtendedUser)1
NonUniqueResultException (eu.esdihumboldt.util.blueprints.entities.NonUniqueResultException)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
AssociationException (org.openid4java.association.AssociationException)1
ConsumerException (org.openid4java.consumer.ConsumerException)1
VerificationResult (org.openid4java.consumer.VerificationResult)1
Identifier (org.openid4java.discovery.Identifier)1
AuthRequest (org.openid4java.message.AuthRequest)1
MessageExtension (org.openid4java.message.MessageExtension)1
ParameterList (org.openid4java.message.ParameterList)1
FetchRequest (org.openid4java.message.ax.FetchRequest)1
FetchResponse (org.openid4java.message.ax.FetchResponse)1
