Package uk.co.froot.demo.openid.model.security

Examples of uk.co.froot.demo.openid.model.security.User


  @GET
  @Path("/logout")
  public Response logout() {

    BaseModel model = modelBuilder.newBaseModel(httpHeaders);
    User user = model.getUser();
    if (user != null) {
      // Invalidate the session token
      user.setSessionToken(null);
      // (We'll delete the user but really this would just be an update)
      InMemoryUserCache.INSTANCE.hardDelete(user);
      model.setUser(null);
    }
View Full Code Here


      memento.setTypes(discovered.getTypes());
      memento.setVersion(discovered.getVersion());

      // Create a temporary User to preserve state between requests without
      // using a session (we could be in a cluster)
      User tempUser = new User(null, sessionToken);
      tempUser.setOpenIDDiscoveryInformationMemento(memento);
      tempUser.setSessionToken(sessionToken);

      // Persist the User
      InMemoryUserCache.INSTANCE.put(sessionToken, tempUser);

      // Build the AuthRequest message to be sent to the OpenID provider
View Full Code Here

    Optional<User> tempUserOptional = InMemoryUserCache.INSTANCE.getBySessionToken(sessionToken);
    if (!tempUserOptional.isPresent()) {
      log.debug("Authentication failed due to no temp User matching session token {}", rawToken);
      throw new WebApplicationException(Response.Status.UNAUTHORIZED);
    }
    User tempUser = tempUserOptional.get();

    // Retrieve the discovery information
    final DiscoveryInformationMemento memento = tempUser.getOpenIDDiscoveryInformationMemento();
    Identifier identifier = new Identifier() {
      @Override
      public String getIdentifier() {
        return memento.getClaimedIdentifier();
      }
    };

    DiscoveryInformation discovered;
    try {
      discovered = new DiscoveryInformation(
        URI.create(memento.getOpEndpoint()).toURL(),
        identifier,
        memento.getDelegate(),
        memento.getVersion(),
        memento.getTypes()
      );
    } catch (DiscoveryException e) {
      throw new WebApplicationException(e, Response.Status.UNAUTHORIZED);
    } catch (MalformedURLException e) {
      throw new WebApplicationException(e, Response.Status.UNAUTHORIZED);
    }

    // Extract the receiving URL from the HTTP request
    StringBuffer receivingURL = request.getRequestURL();
    String queryString = request.getQueryString();
    if (queryString != null && queryString.length() > 0) {
      receivingURL.append("?").append(request.getQueryString());
    }
    log.debug("Receiving URL = '{}", receivingURL.toString());

    // Extract the parameters from the authentication response
    // (which comes in as a HTTP request from the OpenID provider)
    ParameterList parameterList = new ParameterList(request.getParameterMap());

    try {

      // Verify the response
      // ConsumerManager needs to be the same (static) instance used
      // to place the authentication request
      // This could be tricky if this service is load-balanced
      VerificationResult verification = consumerManager.verify(
        receivingURL.toString(),
        parameterList,
        discovered);

      // Examine the verification result and extract the verified identifier
      Optional<Identifier> verified = Optional.fromNullable(verification.getVerifiedId());
      if (verified.isPresent()) {
        // Verified
        AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();

        // We have successfully authenticated so remove the temp user
        // and replace it with a potentially new one
        InMemoryUserCache.INSTANCE.hardDelete(tempUser);

        tempUser = new User(null, UUID.randomUUID());
        tempUser.setOpenIDIdentifier(verified.get().getIdentifier());

        // Provide a basic authority in light of successful authentication
        tempUser.getAuthorities().add(Authority.ROLE_PUBLIC);

        // Extract additional information
        if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
          tempUser.setEmailAddress(extractEmailAddress(authSuccess));
          tempUser.setFirstName(extractFirstName(authSuccess));
          tempUser.setLastName(extractLastName(authSuccess));
        }
        log.info("Extracted a temporary {}", tempUser);

        // Search for a pre-existing User matching the temp User
        Optional<User> userOptional = InMemoryUserCache.INSTANCE.getByOpenIDIdentifier(tempUser.getOpenIDIdentifier());
        User user;
        if (!userOptional.isPresent()) {
          // This is either a new registration or the OpenID identifier has changed
          if (tempUser.getEmailAddress() != null) {
            userOptional = InMemoryUserCache.INSTANCE.getByEmailAddress(tempUser.getEmailAddress());
            if (!userOptional.isPresent()) {
              // This is a new User
              log.debug("Registering new {}", tempUser);
              user = tempUser;
            } else {
              // The OpenID identifier has changed so update it
              log.debug("Updating OpenID identifier for {}", tempUser);
              user = userOptional.get();
              user.setOpenIDIdentifier(tempUser.getOpenIDIdentifier());
            }

          } else {
            // No email address to use as backup
            log.warn("Rejecting valid authentication. No email address for {}");
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
          }
        } else {
          // The User has been located by their OpenID identifier
          log.debug("Found an existing User using OpenID identifier {}", tempUser);
          user = userOptional.get();

        }

        // Persist the user with the current session token
        user.setSessionToken(sessionToken);
        InMemoryUserCache.INSTANCE.put(sessionToken, user);

        // Create a suitable view for the response
        // The session token has changed so we create the base model directly
        BaseModel model = new BaseModel();
View Full Code Here

TOP

Related Classes of uk.co.froot.demo.openid.model.security.User

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.