[jboss-cvs] Picketlink SVN: r985 - in social/trunk/openid: src and 15 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jun 13 14:25:32 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-06-13 14:25:32 -0400 (Mon, 13 Jun 2011)
New Revision: 985
Added:
social/trunk/openid/src/
social/trunk/openid/src/main/
social/trunk/openid/src/main/java/
social/trunk/openid/src/main/java/org/
social/trunk/openid/src/main/java/org/picketlink/
social/trunk/openid/src/main/java/org/picketlink/social/
social/trunk/openid/src/main/java/org/picketlink/social/openid/
social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/
social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java
social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java
social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/
social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java
social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java
social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java
social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java
social/trunk/openid/src/main/java/org/picketlink/social/openid/web/
social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java
social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java
social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java
social/trunk/openid/src/main/resources/
social/trunk/openid/src/test/
social/trunk/openid/src/test/java/
social/trunk/openid/src/test/java/org/
social/trunk/openid/src/test/java/org/picketlink/
social/trunk/openid/src/test/java/org/picketlink/test/
social/trunk/openid/src/test/java/org/picketlink/test/social/
social/trunk/openid/src/test/java/org/picketlink/test/social/openid/
social/trunk/openid/src/test/resources/
Modified:
social/trunk/openid/pom.xml
Log:
openid code moved from fed trunk
Modified: social/trunk/openid/pom.xml
===================================================================
--- social/trunk/openid/pom.xml 2011-06-08 04:17:28 UTC (rev 984)
+++ social/trunk/openid/pom.xml 2011-06-13 18:25:32 UTC (rev 985)
@@ -85,28 +85,14 @@
</dependency>
<dependency>
<groupId>org.picketlink</groupId>
- <artifactId>picketlink-fed-core</artifactId>
+ <artifactId>picketlink-web</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-xmlsec-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-fed-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
<groupId>org.openid4java</groupId>
<artifactId>openid4java-nodeps</artifactId>
</dependency>
<dependency>
- <groupId>org.apache</groupId>
- <artifactId>xmlsec</artifactId>
- </dependency>
- <dependency>
<groupId>apache-log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,195 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.providers;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDTokenRegistryStore;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDTokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider
+{
+ public final static String OPENID_1_0_NS = "urn:openid:1:0";
+ public final static String OPENID_1_1_NS = "urn:openid:1:1";
+ public final static String OPENID_2_0_NS = "urn:openid:2:0";
+
+ protected static OpenIDProviderManager serverManager = null; //Will be initialized the first time of access
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+ */
+ public boolean supports(String namespace)
+ {
+ return OPENID_1_0_NS.equals( namespace );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return OPENID_1_0_NS;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName()
+ */
+ public QName getSupportedQName()
+ {
+ return new QName( OPENID_1_0_NS );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family()
+ */
+ public String family()
+ {
+ return SecurityTokenProvider.FAMILY_TYPE.OPENID.name();
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void issueToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+
+ OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context;
+ if( serverManager.getEndPoint() == null )
+ {
+ serverManager.setEndPoint( openIDProtoCtx.getEndpoint() );
+ }
+
+ OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList();
+ OpenIDMessage responsem = null;
+
+ if( openIDProtoCtx.getIssueError() )
+ {
+ String errorText = openIDProtoCtx.getErrorText() == null ? "Unknown request" : openIDProtoCtx.getErrorText();
+
+ responsem = serverManager.getDirectError( errorText );
+ }
+ else
+ {
+ MODE mode = openIDProtoCtx.getMode();
+ switch (mode )
+ {
+ case ASSOCIATE :
+ responsem = serverManager.processAssociationRequest( requestp );
+ break;
+
+ case CHECK_AUTHENTICATION:
+ validateToken(openIDProtoCtx);
+ return;
+
+ case CHECK_ID_SETUP:
+ case CHECK_ID_IMMEDIATE:
+ AUTH_HOLDER authHolder = openIDProtoCtx.getAuthenticationHolder();
+ if( authHolder == null )
+ throw new ProcessingException( "Authentication Holder is null" );
+
+ responsem = serverManager.processAuthenticationRequest(requestp,
+ authHolder.getUserSelectedId(),
+ authHolder.getUserSelectedClaimedId(),
+ authHolder.isAuthenticatedAndApproved() );
+ break;
+ default:
+ throw new ProcessingException("Unknown mode");
+ }
+ }
+ openIDProtoCtx.setResponseMessage( responsem );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void renewToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+ }
+
+ /*
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void cancelToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void validateToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+
+ OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context;
+ if( serverManager.getEndPoint() == null )
+ {
+ serverManager.setEndPoint( openIDProtoCtx.getEndpoint() );
+ }
+
+ OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList();
+ OpenIDMessage responsem = serverManager.verify( requestp );
+ openIDProtoCtx.setResponseMessage( responsem );
+ }
+
+ protected void check()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ if( serverManager == null )
+ {
+
+ serverManager = new OpenIDProviderManager();
+ serverManager.initialize( new OpenIDTokenRegistryStore(), new OpenIDTokenRegistryStore());
+ }
+ }
+}
\ No newline at end of file
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.providers;
+
+import javax.xml.namespace.QName;
+
+/**
+ * A {@code SecurityTokenProvider} implementation for Open ID v2
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDVersion2TokenProvider extends OpenIDTokenProvider
+{
+ @Override
+ public boolean supports(String namespace)
+ {
+ return OPENID_2_0_NS.equals( namespace );
+ }
+
+ @Override
+ public String tokenType()
+ {
+ return OPENID_2_0_NS;
+ }
+
+ @Override
+ public QName getSupportedQName()
+ {
+ return new QName( OPENID_2_0_NS );
+ }
+}
\ No newline at end of file
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.providers.helpers;
+
+import java.util.Map;
+
+import org.openid4java.message.ParameterList;
+
+/**
+ * Parameter List passed in the messages
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 15, 2009
+ */
+public class OpenIDParameterList extends ParameterList
+{
+ private static final long serialVersionUID = 1L;
+
+ public OpenIDParameterList()
+ {
+ super();
+ }
+
+ @SuppressWarnings({ "rawtypes"})
+ public OpenIDParameterList(Map parameterMap)
+ {
+ super(parameterMap);
+ }
+}
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,273 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.providers.helpers;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+
+/**
+ * {@code ProtocolContext} for the OpenID Layer
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDProtocolContext implements ProtocolContext
+{
+ /**
+ * The response message generated by the STS
+ */
+ protected OpenIDMessage responseMessage;
+
+ /**
+ * The list of request parameters for use by the STS
+ */
+ protected OpenIDParameterList requestParameterList;
+
+ /**
+ * The Server Manager needs an endpoint
+ */
+ protected String endpoint;
+
+ /**
+ * Should the STS issue an error?
+ */
+ protected Boolean issueError = Boolean.FALSE;
+
+ /**
+ * What is the text the STS should use for the error?
+ */
+ protected String errorText = null;
+
+ /**
+ * The OpenID mode
+ */
+ protected MODE mode;
+
+ /**
+ * STS uses the AUTH_HOLDER information for processing authentication requests
+ */
+ protected AUTH_HOLDER authenticationHolder;
+
+ /**
+ * An Enum indicating the OpenID mode
+ */
+ public enum MODE { ASSOCIATE, CHECK_ID_SETUP, CHECK_ID_IMMEDIATE, CHECK_AUTHENTICATION };
+
+ /**
+ * Class to hold the information for authentication requests
+ */
+ public static class AUTH_HOLDER
+ {
+ private String userSelectedId, userSelectedClaimedId;
+ private boolean authenticatedAndApproved;
+
+ public AUTH_HOLDER(String userSelectedId, String userSelectedClaimedId, boolean authenticatedAndApproved)
+ {
+ this.userSelectedId = userSelectedId;
+ this.userSelectedClaimedId = userSelectedClaimedId;
+ this.authenticatedAndApproved = authenticatedAndApproved;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "AUTH_HOLDER [userSelectedId=" + userSelectedId + ", userSelectedClaimedId=" + userSelectedClaimedId
+ + ", authenticatedAndApproved=" + authenticatedAndApproved + "]";
+ }
+
+ public String getUserSelectedId()
+ {
+ return userSelectedId;
+ }
+
+ public String getUserSelectedClaimedId()
+ {
+ return userSelectedClaimedId;
+ }
+
+ public boolean isAuthenticatedAndApproved()
+ {
+ return authenticatedAndApproved;
+ }
+ }
+
+ /**
+ * Get the holder of authentication information
+ * @return
+ */
+ public AUTH_HOLDER getAuthenticationHolder()
+ {
+ return authenticationHolder;
+ }
+
+ /**
+ * Set an authentication holder
+ * @param authenticationHolder
+ */
+ public void setAuthenticationHolder(AUTH_HOLDER authenticationHolder)
+ {
+ this.authenticationHolder = authenticationHolder;
+ }
+
+ /**
+ * Get the Open ID mode
+ * @return
+ */
+ public MODE getMode()
+ {
+ return this.mode;
+ }
+
+ /**
+ * Set the OpenID mode
+ * @param theMode
+ */
+ public void setMode( MODE theMode )
+ {
+ this.mode = theMode;
+ }
+
+ /**
+ * Get the error text (Null by default)
+ * @return
+ */
+ public String getErrorText()
+ {
+ return errorText;
+ }
+
+ /**
+ * Set the error text
+ * @param errorText
+ */
+ public void setErrorText(String errorText)
+ {
+ this.errorText = errorText;
+ }
+
+ /**
+ * Should the STS issue an error response token
+ * @return
+ */
+ public Boolean getIssueError()
+ {
+ return issueError;
+ }
+
+ /**
+ * Set the error response token for the STS
+ * @param issueError
+ */
+ public void setIssueError(Boolean issueError)
+ {
+ this.issueError = issueError;
+ }
+
+ /**
+ * Get the endpoint address
+ * @return
+ */
+ public String getEndpoint()
+ {
+ return endpoint;
+ }
+
+ /**
+ * Set the endpoint address
+ * @param endpoint
+ */
+ public void setEndpoint(String endpoint)
+ {
+ this.endpoint = endpoint;
+ }
+
+ /**
+ * Get the request parameter list
+ * @return an instanceof {@code OpenIDParameterList}
+ */
+ public OpenIDParameterList getRequestParameterList()
+ {
+ return requestParameterList;
+ }
+
+ /**
+ * Set the request parameter list
+ * @param requestParameterList an instanceof {@code OpenIDParameterList}
+ */
+ public void setRequestParameterList(OpenIDParameterList requestParameterList)
+ {
+ this.requestParameterList = requestParameterList;
+ }
+
+ /**
+ * Get the {@code OpenIDMessage} response message that the STS has generated
+ * @return
+ */
+ public OpenIDMessage getResponseMessage()
+ {
+ return responseMessage;
+ }
+
+ /**
+ * Set the {@code OpenIDMessage} response message
+ * @param responseMessage
+ */
+ public void setResponseMessage(OpenIDMessage responseMessage)
+ {
+ this.responseMessage = responseMessage;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#serviceName()
+ */
+ public String serviceName()
+ {
+ return null;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#tokenType()
+ */
+ public String tokenType()
+ {
+ return OpenIDTokenProvider.OPENID_1_0_NS;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#getQName()
+ */
+ public QName getQName()
+ {
+ return new QName( OpenIDTokenProvider.OPENID_1_0_NS );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#family()
+ */
+ public String family()
+ {
+ return SecurityTokenProvider.FAMILY_TYPE.OPENID.name();
+ }
+}
\ No newline at end of file
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,168 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.providers.helpers;
+
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.DirectError;
+import org.openid4java.message.Message;
+import org.openid4java.message.ParameterList;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerAssociationStore;
+import org.openid4java.server.ServerManager;
+
+/**
+ * Manages a OpenID Provider
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 15, 2009
+ */
+public class OpenIDProviderManager
+{
+ /**
+ * Internal server manager for processing
+ */
+ private ServerManager serverManager = new ServerManager();
+
+ /**
+ * Initialize internal data structures
+ */
+ public void initialize()
+ {
+ serverManager.setSharedAssociations(new InMemoryServerAssociationStore());
+ serverManager.setPrivateAssociations(new InMemoryServerAssociationStore());
+ }
+
+ /**
+ * Initialize the Shared Association and Private Association stores
+ * @param sharedAssociationStore a set of 2 association stores {@code ServerAssociationStore}
+ * @throws {@code IllegalArgumentException} if the number of stores is not 2
+ */
+ public void initialize( ServerAssociationStore... sharedAssociationStore )
+ {
+ if( sharedAssociationStore == null || sharedAssociationStore.length == 0 )
+ {
+ initialize();
+ return;
+ }
+
+ if( sharedAssociationStore.length != 2 )
+ throw new IllegalArgumentException( "Number of association stores not equal to 2" );
+ serverManager.setSharedAssociations( sharedAssociationStore[0] );
+ serverManager.setPrivateAssociations( sharedAssociationStore[1] );
+ }
+
+ /**
+ * Get the end point where the provider is active
+ * @return string an url
+ */
+ public String getEndPoint()
+ {
+ return serverManager.getOPEndpointUrl();
+ }
+
+ /**
+ * Set the end point where the provider is active
+ * @param url
+ */
+ public void setEndPoint(String url)
+ {
+ serverManager.setOPEndpointUrl(url);
+ }
+
+ /**
+ * Process a request from the RP/Relying Party (or OpenID Consumer)
+ * for authenticating an user
+ * @param requestParams
+ * @param userSelId
+ * @param userSelClaimed
+ * @param authenticatedAndApproved
+ * @return
+ */
+ public OpenIDMessage processAuthenticationRequest(ParameterList requestParams,
+ String userSelId,
+ String userSelClaimed,
+ boolean authenticatedAndApproved)
+ {
+ Message authMessage = serverManager.authResponse(requestParams,
+ userSelId, userSelClaimed, authenticatedAndApproved);
+
+ return new OpenIDMessage(authMessage);
+ }
+
+ /**
+ * Process a request for association from the RP
+ * @param requestParams
+ * @return
+ */
+ public OpenIDMessage processAssociationRequest(ParameterList requestParams)
+ {
+ return new OpenIDMessage(serverManager.associationResponse(requestParams));
+ }
+
+ /**
+ * Process a verification request from RP for an already
+ * authenticated user
+ * @param requestParams
+ * @return
+ */
+ public OpenIDMessage verify(ParameterList requestParams)
+ {
+ return new OpenIDMessage(serverManager.verify(requestParams));
+ }
+
+ /**
+ * Create an error message that needs to be passed to the RP
+ * @param msg
+ * @return
+ */
+ public OpenIDMessage getDirectError(String msg)
+ {
+ return new OpenIDMessage(DirectError.createDirectError(msg));
+ }
+
+ /**
+ * Class to hold the open id message
+ */
+ public static class OpenIDMessage
+ {
+ private Message message;
+
+ OpenIDMessage(Message message)
+ {
+ this.message = message;
+ }
+
+ public boolean isSuccessful()
+ {
+ return message instanceof AuthSuccess;
+ }
+
+ public String getDestinationURL(boolean httpget)
+ {
+ return ((AuthSuccess) message).getDestinationUrl(httpget);
+ }
+
+ public String getResponseText()
+ {
+ return message.keyValueFormEncoding();
+ }
+ }
+}
\ No newline at end of file
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.providers.helpers;
+
+import java.io.IOException;
+
+import org.openid4java.association.Association;
+import org.openid4java.association.AssociationException;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerAssociationStore;
+import org.picketlink.identity.federation.core.sts.registry.DefaultTokenRegistry;
+import org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry;
+
+/**
+ * A {@code SecurityTokenRegistry} for OpenID that uses in memory registry
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDTokenRegistryStore extends DefaultTokenRegistry implements ServerAssociationStore, SecurityTokenRegistry
+{
+ protected InMemoryServerAssociationStore store = new InMemoryServerAssociationStore();
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#generate(java.lang.String, int)
+ */
+ public Association generate(String type, int expiryIn) throws AssociationException
+ {
+ Association association = store.generate(type, expiryIn);
+ try
+ {
+ addToken( association.getHandle(), association );
+ }
+ catch (IOException e)
+ {
+ throw new AssociationException( e );
+ }
+ return association;
+ }
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#load(java.lang.String)
+ */
+ public Association load(String handle)
+ {
+ return (Association) getToken( handle );
+ }
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#remove(java.lang.String)
+ */
+ public void remove(String handle)
+ {
+ try
+ {
+ removeToken( handle );
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException( e );
+ }
+ }
+}
\ No newline at end of file
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.web;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.picketlink.identity.federation.web.core.HTTPContext;
+
+/**
+ * HTTP Context for OpenID
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 6, 2009
+ */
+public class HTTPOpenIDContext extends HTTPContext
+{
+ private String returnURL;
+
+ public HTTPOpenIDContext(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ ServletContext sctx)
+ {
+ super(httpReq, httpResp, sctx);
+ }
+
+ public String getReturnURL()
+ {
+ return returnURL;
+ }
+
+ //Setters
+
+ public HTTPOpenIDContext setReturnURL(String url)
+ {
+ this.returnURL = url;
+ return this;
+ }
+}
\ No newline at end of file
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,142 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.web;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.DirectError;
+import org.openid4java.message.Message;
+import org.openid4java.message.ParameterList;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerManager;
+
+/**
+ * Common code at an OpenID Provider
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 7, 2009
+ */
+public class HTTPOpenIDProvider
+{
+ public String process(HttpServletRequest request, HttpServletResponse response)
+ throws IOException
+ {
+ HttpSession session = request.getSession();
+
+ ServerManager manager=new ServerManager();
+ manager.setSharedAssociations(new InMemoryServerAssociationStore());
+ manager.setPrivateAssociations(new InMemoryServerAssociationStore());
+ manager.setOPEndpointUrl(request.getScheme() + "://"
+ + request.getServerName() + ":"
+ + request.getServerPort() + "/simple-openid/provider.jsp");
+
+ ParameterList requestp;
+
+ if ("complete".equals(request.getParameter("_action"))) // Completing the authz and authn process by redirecting here
+ {
+ requestp=(ParameterList) session.getAttribute("parameterlist"); // On a redirect from the OP authn & authz sequence
+ }
+ else
+ {
+ requestp = new ParameterList(request.getParameterMap());
+ }
+
+ String mode = requestp.hasParameter("openid.mode") ?
+ requestp.getParameterValue("openid.mode") : null;
+
+ Message responsem;
+ String responseText;
+
+ if ("associate".equals(mode))
+ {
+ // --- process an association request ---
+ responsem = manager.associationResponse(requestp);
+ responseText = responsem.keyValueFormEncoding();
+ }
+ else if ("checkid_setup".equals(mode)
+ || "checkid_immediate".equals(mode))
+ {
+ // interact with the user and obtain data needed to continue
+ //List userData = userInteraction(requestp);
+ String userSelectedId = null;
+ String userSelectedClaimedId = null;
+ Boolean authenticatedAndApproved = Boolean.FALSE;
+
+ if ((session.getAttribute("authenticatedAndApproved") == null) ||
+ (((Boolean)session.getAttribute("authenticatedAndApproved")) == Boolean.FALSE) )
+ {
+ session.setAttribute("parameterlist", requestp);
+ response.sendRedirect("provider_authorization.jsp");
+ }
+ else
+ {
+ userSelectedId = (String) session.getAttribute("openid.claimed_id");
+ userSelectedClaimedId = (String) session.getAttribute("openid.identity");
+ authenticatedAndApproved = (Boolean) session.getAttribute("authenticatedAndApproved");
+ // Remove the parameterlist so this provider can accept requests from elsewhere
+ session.removeAttribute("parameterlist");
+ session.setAttribute("authenticatedAndApproved", Boolean.FALSE); // Makes you authorize each and every time
+ }
+
+ // --- process an authentication request ---
+ responsem = manager.authResponse(requestp,
+ userSelectedId,
+ userSelectedClaimedId,
+ authenticatedAndApproved.booleanValue());
+
+ // caller will need to decide which of the following to use:
+ // - GET HTTP-redirect to the return_to URL
+ // - HTML FORM Redirection
+ //responseText = response.wwwFormEncoding();
+ if (responsem instanceof AuthSuccess)
+ {
+ response.sendRedirect(((AuthSuccess) responsem).getDestinationUrl(true));
+ return "";
+ }
+ else
+ {
+ responseText="<pre>"+responsem.keyValueFormEncoding()+"</pre>";
+ }
+ }
+ else if ("check_authentication".equals(mode))
+ {
+ // --- processing a verification request ---
+ responsem = manager.verify(requestp);
+ responseText = responsem.keyValueFormEncoding();
+ }
+ else
+ {
+ // --- error response ---
+ responsem = DirectError.createDirectError("Unknown request");
+ responseText = responsem.keyValueFormEncoding();
+ }
+
+
+
+ return responseText != null ? responseText.trim() : null;
+ }
+
+}
\ No newline at end of file
Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java
===================================================================
--- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java (rev 0)
+++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java 2011-06-13 18:25:32 UTC (rev 985)
@@ -0,0 +1,211 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.social.openid.web;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.api.openid.OpenIDAttributeMap;
+import org.picketlink.identity.federation.api.openid.OpenIDLifecycle;
+import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent;
+import org.picketlink.identity.federation.api.openid.OpenIDProtocolAdapter;
+import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent.OP;
+import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent.TYPE;
+import org.picketlink.identity.federation.api.openid.exceptions.OpenIDLifeCycleException;
+import org.picketlink.identity.federation.api.openid.exceptions.OpenIDProtocolException;
+
+/**
+ * Protocol adapter for HTTP
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 6, 2009
+ */
+public class HTTPProtocolAdaptor implements OpenIDProtocolAdapter, OpenIDLifecycle
+{
+ private static Logger log = Logger.getLogger(HTTPProtocolAdaptor.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private HttpServletRequest request;
+ private HttpServletResponse response;
+ private ServletContext servletContext;
+ private String returnURL;
+
+ public HTTPProtocolAdaptor(HTTPOpenIDContext octx)
+ {
+ if(octx == null)
+ throw new IllegalArgumentException("http openid context is null");
+
+ this.request = octx.getRequest();
+ this.response = octx.getResponse();
+ this.returnURL = octx.getReturnURL();
+ this.servletContext = octx.getServletContext();
+ }
+
+ public OpenIDAttributeMap getAttributeMap()
+ {
+ OpenIDAttributeMap map = new OpenIDAttributeMap();
+ if ("1".equals(request.getParameter("nickname")))
+ {
+ map.put("nickname", "1");
+ }
+ if ("1".equals(request.getParameter("email")))
+ {
+ map.put("email", "1");
+ }
+ if ("1".equals(request.getParameter("fullname")))
+ {
+ map.put("fullname", "1");
+ }
+ if ("1".equals(request.getParameter("dob")))
+ {
+ map.put("dob", "1");
+ }
+ if ("1".equals(request.getParameter("gender")))
+ {
+ map.put("gender", "1");
+ }
+ if ("1".equals(request.getParameter("postcode")))
+ {
+ map.put("postcode", "1");
+ }
+ if ("1".equals(request.getParameter("country")))
+ {
+ map.put("country", "1");
+ }
+ if ("1".equals(request.getParameter("language")))
+ {
+ map.put("language", "1");
+ }
+ if ("1".equals(request.getParameter("timezone")))
+ {
+ map.put("timezone", "1");
+ }
+
+ return map;
+ }
+
+ public String getReturnURL()
+ {
+ return this.returnURL;
+ }
+
+ /**
+ * @throws OpenIDLifeCycleException
+ * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent)
+ */
+ public void handle(OpenIDLifecycleEvent event) throws OpenIDLifeCycleException
+ {
+ if(event == null)
+ throw new IllegalArgumentException("event is null");
+
+ if(event.getEventType() == TYPE.SESSION)
+ {
+ String attr = event.getAttributeName();
+ Object attrVal = event.getAttributeValue();
+
+ if(event.getOperation() == OP.ADD)
+ {
+ request.getSession().setAttribute(attr, attrVal);
+ }
+ else if(event.getOperation() == OP.REMOVE)
+ {
+ request.getSession().removeAttribute(attr);
+ }
+ }
+
+ if(event.getEventType() == TYPE.SUCCESS)
+ try
+ {
+ response.sendRedirect(".");
+ }
+ catch (IOException e)
+ {
+ throw new OpenIDLifeCycleException(e);
+ }
+ }
+
+ /**
+ * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent[])
+ */
+ public void handle(OpenIDLifecycleEvent[] eventArr) throws OpenIDLifeCycleException
+ {
+ for(OpenIDLifecycleEvent ev: eventArr)
+ {
+ this.handle(ev);
+ }
+ }
+
+ public void sendToProvider(int version, String destinationURL,
+ Map<String, String> paramMap) throws OpenIDProtocolException
+ {
+ if(trace)
+ log.trace("send to provider=" + version + "::destinationURL=" + destinationURL);
+
+ if(version == 1)
+ {
+ try
+ {
+ response.sendRedirect(destinationURL);
+ return;
+ }
+ catch (IOException e)
+ {
+ throw new OpenIDProtocolException(e);
+ }
+ }
+
+ //Version != 1
+
+ // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)
+
+ RequestDispatcher dispatcher =
+ this.servletContext.getRequestDispatcher("/formredirection.jsp");
+ request.setAttribute("parameterMap", paramMap);
+ request.setAttribute("destinationUrl", destinationURL);
+ try
+ {
+ dispatcher.forward(request, response);
+ }
+ catch(IOException io)
+ {
+ throw new OpenIDProtocolException(io);
+ }
+ catch (ServletException e)
+ {
+ throw new OpenIDProtocolException(e);
+ }
+ }
+
+ /**
+ * @see OpenIDLifecycle#getAttributeValue(String)
+ */
+ public Object getAttributeValue(String name)
+ {
+ return this.request.getSession().getAttribute(name);
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list