openidauthverificationaction.java

开源的OpenId的一个java实现

            policies = OpenIDUtil
                    .getRequestedAuthenticationPolicies(requestParam);

            if (policies != null) {
                for (String policy : policies) {
                    if (policy
                            .equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.MULTI_FACTOR)) {
                        session
                                .setAttribute(
                                        "multiFactorAuthenticationWithUsernamePassword",
                                        "true");
                        session.setAttribute("multifactorlogin", "true");
                        isRedirected = true;
                        response.sendRedirect("OpenIDAuthentication.action");
                        break;
                    }
                }
            }

            populateUserProfiles(user, rpUrl);

            // Okay - user used InfoCards to login - next when tries
            // login we'll let him use his InfoCard directly, by passing the
            // authentication page.

            // Encode the password
            Cookie infocardCookie = new Cookie("infocardCookie", openID);
            infocardCookie.setMaxAge(60 * 60 * 24 * 14);
            infocardCookie.setSecure(true);
            response.addCookie(infocardCookie);

            // OpenID Provider needs to know which authentication
            // mechanism the user went through while authenticating to the
            // OP.
            session.setAttribute("phishingResistanceAuthentication", "true");
            if (!isRedirected) {

                String message = getText("successful_for",
                        new String[] { user });
                ReportAdmin.record(user,
                        ActionDO.ACTION_USER_LOG_IN_SELF_ISSUED_CARD, message);

                if (!isRequiredUserApproval(request)) {
                    String authMessage = getText("successful_for",
                            new String[] { user });
                    ReportAdmin.record(user,
                            ActionDO.ACTION_USER_APPROVED_OPENID_RP_ALWAYS,
                            authMessage);

                    // User has already agreed to accept request from this
                    // RP always.
                    response
                            .sendRedirect("server?_action=complete&authenticatedAndApproved=true");
                }
            }
            return SUCCESS;
        } else {

            Cookie[] cookies = request.getCookies();
            Cookie curCookie = null;
            String useInfoCard = null;

            for (int x = 0; x < cookies.length; x++) {
                curCookie = cookies[x];
                if (curCookie.getName().equalsIgnoreCase("infocardCookie")) {
                    useInfoCard = curCookie.getValue();

                    if (useInfoCard != null && useInfoCard.equals(openID)) {
                        curCookie.setMaxAge(0);
                        response.addCookie(curCookie);
                    }
                }
            }

            String message = getText("invalid_user_password");
            ReportAdmin.record(user, ActionDO.ACTION_USER_FAILURE, message);

            this.addErrorMessage(getText("invalid_card_login"));
            return ERROR;
        }
    }

    /**
     * Populates user profiles with all his profile names.
     * @param userName Unique user name
     * @throws RelyingPartyException
     */
    protected void populateUserProfiles(String userName, String rpUrl)
            throws RelyingPartyException {

        IdentityDefaultRealm realm = null;
        IdentityUserStoreReader reader = null;
        IPPersistenceManager db = null;

        try {
            profile = new ArrayList<String>();
            realm = (IdentityDefaultRealm) UserStore.getInstance().getRealm();
            reader = realm.getIdentityUserStoreReader();
            profile = reader.getUserProfileNames(userName);

            db = IPPersistenceManager.getPersistanceManager();

            defaultUserProfileName = db.getOpenIDDefaultUserProfile(userName,
                    rpUrl);

            if (defaultUserProfileName == null) {
                defaultUserProfileName = reader
                        .getDefaultUserProfileName(userName);
            }

            profile.remove(defaultUserProfileName);

            profile.add(0, defaultUserProfileName);

            readDefaultProfileValues(userName, defaultUserProfileName);

        } catch (IdentityProviderException e) {
            throw new RelyingPartyException(
                    IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE, e);
        } catch (UserManagerException e) {
            throw new RelyingPartyException(
                    IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE, e);
        }
    }

    /**
     * @param userName
     * @param profileName
     * @throws RelyingPartyException
     */
    protected void readDefaultProfileValues(String userName, String profileName)
            throws RelyingPartyException {

        IdentityDefaultRealm realm = null;
        IdentityUserStoreReader reader = null;
        Map<String, String> userProperties = null;
        ClaimsAdmin claimsAdmin = null;
        ClaimValue calimValue = null;

        try {
            userProperties = new HashMap<String, String>();
            realm = (IdentityDefaultRealm) UserStore.getInstance().getRealm();
            reader = realm.getIdentityUserStoreReader();
            userProperties = reader.getUserProperties(userName, profileName);

            claimsAdmin = new ClaimsAdmin();
            claimValues = new ArrayList<ClaimValue>();

            Iterator<Entry<String, String>> iterator = null;
            OpenIDClaim claim = null;
            Entry<String, String> entry = null;

            iterator = userProperties.entrySet().iterator();

            while (iterator.hasNext()) {
                entry = iterator.next();
                calimValue = new ClaimValue();
                calimValue.setClaimValue(entry.getValue());
                if (requiredAttributes.contains(entry.getKey())) {
                    calimValue.setClaim(claimsAdmin.findClaimByURI(entry
                            .getKey()));
                    claimValues.add(calimValue);
                }
            }

        } catch (IdentityProviderException e) {
            throw new RelyingPartyException(
                    IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE, e);
        } catch (UserManagerException e) {
            throw new RelyingPartyException(
                    IdentityConstants.ErrorCodes.PROFILE_RETRIEVAL_FAILURE, e);
        }

    }

    /**
     * Check whether user has already agreed to accept request from this RP
     * always
     * @param request HttpServletRequest
     * @return true if required user approval, else false
     * @throws RelyingPartyException
     */
    private boolean isRequiredUserApproval(HttpServletRequest request)
            throws RelyingPartyException {

        ParameterList requestParam = null;
        IPPersistenceManager db = null;

        requestParam = (ParameterList) request.getSession().getAttribute(
                IdentityConstants.OpenId.PARAM_LIST);
        String openID = requestParam.getParameter(
                IdentityConstants.OpenId.ATTR_IDENTITY).getValue();
        String rpUrl = requestParam
                .getParameterValue(IdentityConstants.OpenId.ATTR_RETURN_TO);

        rpUrl = UserUtil.getRelyingPartyUrl(rpUrl);

        OpenIDUserRPDO[] rpdos = null;
        OpenIDUserRPDO rpdo = null;

        try {
            db = IPPersistenceManager.getPersistanceManager();
        } catch (IdentityProviderException e) {
            throw new RelyingPartyException("dbConnectionFailure");
        }

        // Get matching data, related to the requested RP.
        rpdos = db.getOpenIDUserRP(UserUtil.getUserName(openID), rpUrl);

        if (rpdos != null && rpdos.length > 0) {
            // User has already logged into this RP.
            rpdo = rpdos[0];
            if (rpdo.getIsTrustedAlways()) {
                // User trusts this RP.
                rpdo.setVisitCount(rpdo.getVisitCount() + 1);
                rpdo.setLastVisit(new Date());
                db.update(rpdo);
                return false;
            }
        }
        return true;
    }

    public List<ClaimValue> getClaimValues() {
        return claimValues;
    }

    public List<String> getProfile() {
        return profile;
    }

    public void setProfile(List<String> profile) {
        this.profile = profile;
    }

    public String getDefaultUserProfileName() {
        return defaultUserProfileName;
    }

    public void setDefaultUserProfileName(String defaultUserProfileName) {
        this.defaultUserProfileName = defaultUserProfileName;
    }

}