/* * Copyright 2006-2008 Sxip Identity Corporation */ package org.openid4java.server; import org.openid4java.message.AuthRequest; import org.openid4java.message.AuthSuccess; import org.openid4java.message.MessageExtension; import org.openid4java.message.ParameterList; import org.openid4java.message.Message; import org.openid4java.message.DirectError; import org.openid4java.message.ax.AxMessage; import org.openid4java.message.ax.FetchRequest; import org.openid4java.message.ax.FetchResponse; import org.openid4java.message.sreg.SRegMessage; import org.openid4java.message.sreg.SRegRequest; import org.openid4java.message.sreg.SRegResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.ServletOutputStream; import java.util.HashMap; import java.util.List; import java.util.Map; import java.io.IOException; /** * Sample Server (OpenID Provider) implementation. */ public class SampleServer { // instantiate a ServerManager object public ServerManager manager = new ServerManager(); public SampleServer() { this("http://my.openidprovider.com/server"); } public SampleServer(String endPointUrl) { manager.setOPEndpointUrl(endPointUrl); // for a working demo, not enforcing RP realm discovery // since this new feature is not deployed manager.getRealmVerifier().setEnforceRpId(false); } public String processRequest(HttpServletRequest httpReq, HttpServletResponse httpResp) throws Exception { // extract the parameters from the request ParameterList request = new ParameterList(httpReq.getParameterMap()); String mode = request.hasParameter("openid.mode") ? request.getParameterValue("openid.mode") : null; Message response; String responseText; if ("associate".equals(mode)) { // --- process an association request --- response = manager.associationResponse(request); responseText = response.keyValueFormEncoding(); } else if ("checkid_setup".equals(mode) || "checkid_immediate".equals(mode)) { // interact with the user and obtain data needed to continue List userData = userInteraction(request); String userSelectedClaimedId = (String) userData.get(0); Boolean authenticatedAndApproved = (Boolean) userData.get(1); String email = (String) userData.get(2); // --- process an authentication request --- AuthRequest authReq = AuthRequest.createAuthRequest(request, manager.getRealmVerifier()); String opLocalId = null; // if the user chose a different claimed_id than the one in request if (userSelectedClaimedId != null && userSelectedClaimedId.equals(authReq.getClaimed())) { //opLocalId = lookupLocalId(userSelectedClaimedId); } response = manager.authResponse(request, opLocalId, userSelectedClaimedId, authenticatedAndApproved.booleanValue(), false); // Sign after we added extensions. if (response instanceof DirectError) return directResponse(httpResp, response.keyValueFormEncoding()); else { if (authReq.hasExtension(AxMessage.OPENID_NS_AX)) { MessageExtension ext = authReq.getExtension(AxMessage.OPENID_NS_AX); if (ext instanceof FetchRequest) { FetchRequest fetchReq = (FetchRequest) ext; Map required = fetchReq.getAttributes(true); //Map optional = fetchReq.getAttributes(false); if (required.containsKey("email")) { Map userDataExt = new HashMap(); //userDataExt.put("email", userData.get(3)); FetchResponse fetchResp = FetchResponse.createFetchResponse(fetchReq, userDataExt); // (alternatively) manually add attribute values fetchResp.addAttribute("email", "http://schema.openid.net/contact/email", email); response.addExtension(fetchResp); } } else //if (ext instanceof StoreRequest) { throw new UnsupportedOperationException("TODO"); } } if (authReq.hasExtension(SRegMessage.OPENID_NS_SREG)) { MessageExtension ext = authReq.getExtension(SRegMessage.OPENID_NS_SREG); if (ext instanceof SRegRequest) { SRegRequest sregReq = (SRegRequest) ext; List required = sregReq.getAttributes(true); //List optional = sregReq.getAttributes(false); if (required.contains("email")) { // data released by the user Map userDataSReg = new HashMap(); //userData.put("email", "user@example.com"); SRegResponse sregResp = SRegResponse.createSRegResponse(sregReq, userDataSReg); // (alternatively) manually add attribute values sregResp.addAttribute("email", email); response.addExtension(sregResp); } } else { throw new UnsupportedOperationException("TODO"); } } // Sign the auth success message. // This is required as AuthSuccess.buildSignedList has a `todo' tag now. manager.sign((AuthSuccess) response); // caller will need to decide which of the following to use: // option1: GET HTTP-redirect to the return_to URL return response.getDestinationUrl(true); // option2: HTML FORM Redirection //RequestDispatcher dispatcher = // getServletContext().getRequestDispatcher("formredirection.jsp"); //httpReq.setAttribute("prameterMap", response.getParameterMap()); //httpReq.setAttribute("destinationUrl", response.getDestinationUrl(false)); //dispatcher.forward(request, response); //return null; } } else if ("check_authentication".equals(mode)) { // --- processing a verification request --- response = manager.verify(request); responseText = response.keyValueFormEncoding(); } else { // --- error response --- response = DirectError.createDirectError("Unknown request"); responseText = response.keyValueFormEncoding(); } // return the result to the user return responseText; } protected List userInteraction(ParameterList request) throws ServerException { throw new ServerException("User-interaction not implemented."); } private String directResponse(HttpServletResponse httpResp, String response) throws IOException { ServletOutputStream os = httpResp.getOutputStream(); os.write(response.getBytes()); os.close(); return null; } }