}
callbackUrl += "?cbid="+java.net.URLEncoder.encode(cbid,"UTF-8");
LOGGER.finer("cbinfo based callback: "+cbinfo);
LOGGER.finer("Determining user attributes for: "+op);
OpenIdManager manager = new OpenIdManager();
manager.setRealm(realm);
manager.setReturnTo(callbackUrl);
checkNonce(request.getParameter("openid.response_nonce"));
byte[] mac_key = (byte[])session.getAttribute(ATTR_MAC);
String alias = (String)session.getAttribute(ATTR_ALIAS);
Authentication authentication = manager.getAuthentication(request,mac_key,alias);
identity = authentication.getIdentity();
email = authentication.getEmail();
username = email;
} catch (Exception e) {
err = "Openid authentication suceeded, creating local user reference failed.";
LOGGER.log(Level.WARNING,err,e);
}
}
// check the parameters
identity = Val.chkStr(identity);
username = Val.chkStr(username);
email = Val.chkStr(email);
LOGGER.finer("User attributes: identity="+identity+", username="+username+", email="+email);
if (identity.length() == 0) {
err = "Your openid idenitfier was not determined.";
} else if (username.length() == 0) {
if (isTwitter) {
err = "Your opennid screen name was not determined.";
} else {
err = "Your opennid email address was not determined.";
}
} else {
// establish the user
identity = "urn:openid:"+identity;
User user = context.getUser();
user.reset();
user.setKey(identity);
user.setDistinguishedName(identity);
user.setName(username);
user.getProfile().setUsername(username);
if (email.length() > 0) {
user.getProfile().setEmailAddress(email);
}
user.getAuthenticationStatus().setWasAuthenticated(true);
// ensure a local reference for the user
try {
LocalDao localDao = new LocalDao(context);
localDao.ensureReferenceToRemoteUser(user);
} catch (Exception e) {
user.reset();
err = "Openid authentication suceeded, creating local user reference failed.";
LOGGER.log(Level.SEVERE,err,e);
}
}
// redirect to the originating page
String url = fwd;
err = Val.chkStr(err);
if (err.length() > 0) {
if (url.indexOf("?") == -1) fwd += "?";
else url += "&";
url += "err="+URLEncoder.encode(err,"UTF-8");
}
response.sendRedirect(url);
// process a request to enter Openid credentials
} else if (op.length() > 0) {
session.setAttribute(ATTR_CBINFO,null);
// determine the provider
OpenProvider provider = providers.get(op);
if (provider == null) {
throw new ServletException("Invalid openid op parameter: "+op);
}
boolean isTwitter = provider.getName().equalsIgnoreCase("Twitter");
// determine the active Geoportal page (forward URL)
String fwd = Val.chkStr(request.getParameter("fwd"));
if (fwd.length() == 0) {
throw new ServletException("Empty openid fwd parameter.");
}
// store the callback info
String cbid = UUID.randomUUID().toString();
long millis = System.currentTimeMillis();
String cbinfo = millis+","+cbid+","+op+","+fwd;
session.setAttribute(ATTR_CBINFO,cbinfo);
// determine the Openid Authentication URL
String url = null;
if (useFacade) {
PrintWriter pw = response.getWriter();
pw.println("<html><head><title>Openid Facade</title></head><body><h1>Openid Facade</h1>");
pw.println("<a href=\""+callbackUrl+"\">Supply credentials step</a>");
pw.println("</body></html>");
pw.flush();
return;
// Twitter
} else if (isTwitter) {
try {
LOGGER.fine("Initiating oAuth request for: "+op+", callback="+callbackUrl);
Twitter twitter = new Twitter();
twitter.setOAuthConsumer(provider.getConsumerKey(),provider.getConsumerSecret());
RequestToken requestToken = twitter.getOAuthRequestToken();
String token = requestToken.getToken();
String tokenSecret = requestToken.getTokenSecret();
session.setAttribute(ATTR_TOKEN,token);
session.setAttribute(ATTR_TOKEN_SECRET,tokenSecret);
url = requestToken.getAuthorizationURL();
} catch (TwitterException e) {
err = "Unable to determine endpoint for: "+op;
LOGGER.log(Level.SEVERE,err,e);
}
// Openid
} else {
try {
callbackUrl += "?cbid="+java.net.URLEncoder.encode(cbid,"UTF-8");
LOGGER.finer("Initiating openid request for: "+op+", callback="+callbackUrl);
OpenIdManager manager = new OpenIdManager();
manager.setRealm(realm);
manager.setReturnTo(callbackUrl);
// There is an issue here. It seems that the only way to set the endpoint
// alias is through the jopenid-1.07.jar openid-providers.properties,
// but we would to to configure the provider properties through gpt.xml
//Endpoint endpoint = manager.lookupEndpoint(provider.getAuthenticationUrl());
Endpoint endpoint = manager.lookupEndpoint(op);
Association association = manager.lookupAssociation(endpoint);
request.getSession().setAttribute(ATTR_MAC,association.getRawMacKey());
request.getSession().setAttribute(ATTR_ALIAS,endpoint.getAlias());
url = manager.getAuthenticationUrl(endpoint,association);
} catch (Exception e) {
err = "Unable to determine Openid endpoint for: "+op;
LOGGER.log(Level.SEVERE,err,e);
}