Ray Krueger
18 years ago
1 changed files with 0 additions and 180 deletions
@ -1,180 +0,0 @@
@@ -1,180 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.springframework.security.ui.openid; |
||||
|
||||
import org.apache.commons.logging.Log; |
||||
import org.apache.commons.logging.LogFactory; |
||||
import org.springframework.util.StringUtils; |
||||
import org.springframework.web.context.WebApplicationContext; |
||||
import org.springframework.web.context.support.WebApplicationContextUtils; |
||||
|
||||
import javax.servlet.ServletException; |
||||
import javax.servlet.http.HttpServlet; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.io.IOException; |
||||
|
||||
|
||||
/** |
||||
* This servlet starts the OpenID authentication process. |
||||
* <br/> |
||||
* <br/>Sample web.xml configuration: |
||||
* <br/> |
||||
* <br/> <servlet> |
||||
* <br/> <servlet-name>openid</servlet-name> |
||||
* <br/> <servlet-class>org.springframework.security.ui.openid.OpenIDLoginInitiationServlet</servlet-class> |
||||
* <br/> <load-on-startup>1</load-on-startup> |
||||
* <br/> <init-param> |
||||
* <br/> <description>The error page - will receive error "message"</description> |
||||
* <br/> <param-name>errorPage</param-name> |
||||
* <br/> <param-value>index.jsp</param-value> |
||||
* <br/> </init-param> |
||||
* <br/> </servlet> |
||||
* <br/> <servlet-mapping> |
||||
* <br/> <servlet-name>openid</servlet-name> |
||||
* <br/> <url-pattern>/j_spring_security_openid_start</url-pattern> |
||||
* <br/> </servlet-mapping> |
||||
* <br/> |
||||
* <br/>Sample login form: |
||||
* <br/><form method="POST" action="j_spring_security_openid_start"> |
||||
* <br/> <input type="text" name="j_username" /> |
||||
* <br/> <input type="password" name="j_password" /> |
||||
* <br/> <input type="submit" value="Verify" /> |
||||
* <br/></form> |
||||
* <br/> |
||||
* <br/>Usage notes: |
||||
* <li>Requires an <code>openIDConsumer</code> Spring bean implementing the {@link OpenIDConsumer} interface</li> |
||||
* <li>It will pass off to standard form-based authentication if appropriate</li> |
||||
* (note that <code>AuthenticationProcessingFilter</code> requires j_username, j_password) |
||||
* <br/> |
||||
* <br/>Outstanding items: |
||||
* TODO: config flag for whether OpenID only or dual mode? |
||||
* TODO: username matching logic |
||||
* |
||||
* @author Robin Bramley, Opsera Ltd |
||||
* @version $Id:$ |
||||
*/ |
||||
public class OpenIDLoginInitiationServlet extends HttpServlet { |
||||
final static long serialVersionUID = -997766L; |
||||
private static final Log logger = LogFactory.getLog(OpenIDLoginInitiationServlet.class); |
||||
private static final String passwordField = "j_password"; |
||||
|
||||
/** |
||||
* Servlet config key for looking up the the HttpServletRequest parameter name |
||||
* containing the OpenID Identity URL from the Servlet config. |
||||
* <br/><b>Only set the identityField servlet init-param if you are not using</b> <code>j_username</code> |
||||
* <br/> |
||||
* <br/> <init-param> |
||||
* <br/> <description>The identity form field parameter</description> |
||||
* <br/> <param-name>identityField</param-name> |
||||
* <br/> <param-value>/openid_url</param-value> |
||||
* <br/> </init-param> |
||||
*/ |
||||
public static final String IDENTITY_FIELD_KEY = "identityField"; |
||||
|
||||
/** |
||||
* Servlet config key for the return to URL |
||||
*/ |
||||
public static final String ERROR_PAGE_KEY = "errorPage"; |
||||
|
||||
/** |
||||
* Servlet config key for looking up the form login URL from the Servlet config. |
||||
* <br/><b>Only set the formLogin servlet init-param if you are not using</b> <code>/j_spring_security_check</code> |
||||
* <br/> |
||||
* <br/> <init-param> |
||||
* <br/> <description>The form login URL - for standard authentication</description> |
||||
* <br/> <param-name>formLogin</param-name> |
||||
* <br/> <param-value>/custom_acegi_security_check</param-value> |
||||
* <br/> </init-param> |
||||
*/ |
||||
public static final String FORM_LOGIN_URL_KEY = "formLogin"; |
||||
|
||||
/** |
||||
* Spring context key for the OpenID consumer bean |
||||
*/ |
||||
public static final String CONSUMER_KEY = "openIDConsumer"; |
||||
private String errorPage = "index.jsp"; |
||||
private String identityField = "j_username"; |
||||
private String formLoginUrl = "/j_spring_security_check"; |
||||
|
||||
/** |
||||
* Check for init-params |
||||
* |
||||
* @Override |
||||
*/ |
||||
public void init() throws ServletException { |
||||
super.init(); |
||||
|
||||
String configErrorPage = getServletConfig() |
||||
.getInitParameter(ERROR_PAGE_KEY); |
||||
|
||||
if (StringUtils.hasText(configErrorPage)) { |
||||
errorPage = configErrorPage; |
||||
} |
||||
|
||||
String configIdentityField = getServletConfig() |
||||
.getInitParameter(IDENTITY_FIELD_KEY); |
||||
|
||||
if (StringUtils.hasText(configIdentityField)) { |
||||
identityField = configIdentityField; |
||||
} |
||||
|
||||
String configFormLoginUrl = getServletConfig() |
||||
.getInitParameter(FORM_LOGIN_URL_KEY); |
||||
|
||||
if (StringUtils.hasText(configFormLoginUrl)) { |
||||
formLoginUrl = configFormLoginUrl; |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Process the form post - all the work is done by the OpenIDConsumer.beginConsumption method |
||||
* |
||||
* @Override |
||||
*/ |
||||
protected void doPost(HttpServletRequest req, HttpServletResponse res) |
||||
throws ServletException, IOException { |
||||
WebApplicationContext webApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()); |
||||
OpenIDConsumer consumer = (OpenIDConsumer) webApplicationContext.getBean(CONSUMER_KEY); |
||||
|
||||
// get the submitted id field
|
||||
String id = req.getParameter(identityField); |
||||
|
||||
// assume page will validate?
|
||||
//TODO: null checking!
|
||||
|
||||
//TODO: pattern matching
|
||||
String password = req.getParameter(passwordField); |
||||
|
||||
if ((password != null) && (password.length() > 0)) { |
||||
logger.debug("Attempting to authenticate using username/password"); |
||||
|
||||
// forward to authenticationProcessingFilter (/j_spring_security_check - depends on param names)
|
||||
req.getRequestDispatcher(formLoginUrl).forward(req, res); |
||||
|
||||
} else { |
||||
// send the user the redirect url to proceed with OpenID authentication
|
||||
try { |
||||
String redirect = consumer.beginConsumption(req, id, req.getRequestURL().toString()); |
||||
logger.debug("Redirecting to: " + redirect); |
||||
res.sendRedirect(redirect); |
||||
} catch (OpenIDConsumerException oice) { |
||||
logger.error("Consumer error!", oice); |
||||
req.setAttribute("message", oice.getMessage()); |
||||
req.getRequestDispatcher(errorPage).forward(req, res); |
||||
} |
||||
} |
||||
} |
||||
} |
||||
Loading…
Reference in new issue