Example 1 with OpenIDAuthenticationToken
use of org.springframework.security.openid.OpenIDAuthenticationToken in project hale by halestudio.
the class ProxyOpenIDConsumer method endConsumption.
@Override
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
ParameterList openidResp = new ParameterList(request.getParameterMap());
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
if (discovered == null) {
throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
}
@SuppressWarnings("unchecked") List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
request.getSession().removeAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST");
StringBuffer receivingURL = request.getRequestURL();
// XXX Proxy handling start
String forwardedFor = request.getHeader("X-Forwarded-For");
if (forwardedFor != null) {
String proxyReceiving = ProxyOpenIDAuthenticationFilter.buildReturnToForProxy(receivingURL.toString(), forwardedFor);
if (proxyReceiving != null) {
receivingURL = new StringBuffer(proxyReceiving);
} else {
log.error("Could not determine proxy receiving URL");
}
}
// XXX Proxy handling end
String queryString = request.getQueryString();
if (StringUtils.hasLength(queryString)) {
receivingURL.append("?").append(request.getQueryString());
}
VerificationResult verification;
try {
verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
} catch (MessageException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (DiscoveryException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
} catch (AssociationException e) {
throw new OpenIDConsumerException("Error verifying openid response", e);
}
Identifier verified = verification.getVerifiedId();
if (verified == null) {
Identifier id = discovered.getClaimedIdentifier();
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, (id == null) ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList());
}
List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes);
}
Also used :
OpenIDAttribute(org.springframework.security.openid.OpenIDAttribute)
OpenIDAuthenticationToken(org.springframework.security.openid.OpenIDAuthenticationToken)
OpenIDConsumerException(org.springframework.security.openid.OpenIDConsumerException)
Identifier(org.openid4java.discovery.Identifier)
VerificationResult(org.openid4java.consumer.VerificationResult)
MessageException(org.openid4java.message.MessageException)
DiscoveryInformation(org.openid4java.discovery.DiscoveryInformation)
ParameterList(org.openid4java.message.ParameterList)
AssociationException(org.openid4java.association.AssociationException)
ParameterList(org.openid4java.message.ParameterList)
ArrayList(java.util.ArrayList)
List(java.util.List)
DiscoveryException(org.openid4java.discovery.DiscoveryException)
Example 2 with OpenIDAuthenticationToken
use of org.springframework.security.openid.OpenIDAuthenticationToken in project motech by motech.
the class PasswordRecoveryServiceImpl method validateTokenAndLoginUser.
@Override
@Transactional
public void validateTokenAndLoginUser(String token, HttpServletRequest request, HttpServletResponse response) throws IOException {
PasswordRecovery recovery = findForToken(token);
if (validateRecovery(recovery)) {
MotechUser user = motechUsersDao.findUserByEmail(recovery.getEmail());
OpenIDAuthenticationToken openIDToken = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, user.getOpenId(), "one time login ", new ArrayList<>());
Authentication authentication = authenticationManager.authenticate(openIDToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
request.getSession(true).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
passwordRecoveriesDataService.delete(recovery);
redirectStrategy.sendRedirect(request, response, "/server/home");
} else {
redirectStrategy.sendRedirect(request, response, "/server/login");
}
}
Also used :
MotechUser(org.motechproject.security.domain.MotechUser)
Authentication(org.springframework.security.core.Authentication)
OpenIDAuthenticationToken(org.springframework.security.openid.OpenIDAuthenticationToken)
PasswordRecovery(org.motechproject.security.domain.PasswordRecovery)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 3 with OpenIDAuthenticationToken
use of org.springframework.security.openid.OpenIDAuthenticationToken in project motech by motech.
the class UserContextServiceImpl method getToken.
private AbstractAuthenticationToken getToken(Authentication authentication, MotechUser user) {
AbstractAuthenticationToken token = null;
if (authentication instanceof UsernamePasswordAuthenticationToken) {
UsernamePasswordAuthenticationToken oldToken = (UsernamePasswordAuthenticationToken) authentication;
token = new UsernamePasswordAuthenticationToken(oldToken.getPrincipal(), oldToken.getCredentials(), authoritiesService.authoritiesFor(user));
} else if (authentication instanceof OpenIDAuthenticationToken) {
OpenIDAuthenticationToken oldToken = (OpenIDAuthenticationToken) authentication;
token = new OpenIDAuthenticationToken(oldToken.getPrincipal(), authoritiesService.authoritiesFor(user), user.getOpenId(), oldToken.getAttributes());
}
return token;
}
Also used :
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
OpenIDAuthenticationToken(org.springframework.security.openid.OpenIDAuthenticationToken)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Aggregations
OpenIDAuthenticationToken (org.springframework.security.openid.OpenIDAuthenticationToken)3
ArrayList (java.util.ArrayList)1
List (java.util.List)1
MotechUser (org.motechproject.security.domain.MotechUser)1
PasswordRecovery (org.motechproject.security.domain.PasswordRecovery)1
AssociationException (org.openid4java.association.AssociationException)1
VerificationResult (org.openid4java.consumer.VerificationResult)1
DiscoveryException (org.openid4java.discovery.DiscoveryException)1
DiscoveryInformation (org.openid4java.discovery.DiscoveryInformation)1
Identifier (org.openid4java.discovery.Identifier)1
MessageException (org.openid4java.message.MessageException)1
ParameterList (org.openid4java.message.ParameterList)1
AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)1
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1
Authentication (org.springframework.security.core.Authentication)1
OpenIDAttribute (org.springframework.security.openid.OpenIDAttribute)1
OpenIDConsumerException (org.springframework.security.openid.OpenIDConsumerException)1
Transactional (org.springframework.transaction.annotation.Transactional)1
