Java tutorial
/** * Copyright (c) 2011, Thilo Planz. All rights reserved. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package v7cr; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.expressme.openid.Association; import org.expressme.openid.Authentication; import org.expressme.openid.Endpoint; import org.expressme.openid.OpenIdManager; import com.mongodb.BasicDBObject; import com.mongodb.DBCollection; import com.mongodb.DBObject; @SuppressWarnings("serial") public class OpenIDServlet extends HttpServlet { static final String OPENID_AUTHENTICATION = "jopenid.authentication"; private static final String ATTR_MAC = "jopenid.mac"; private static final String ATTR_ALIAS = "jopenid.alias"; @Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { HttpSession session = request.getSession(); if (session.getAttribute(OPENID_AUTHENTICATION) == null) { OpenIdManager manager = new OpenIdManager(); String realm = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort(); manager.setRealm(realm); manager.setReturnTo(realm + request.getContextPath() + request.getServletPath()); System.out.println(realm); System.out.println(request.getContextPath() + request.getServletPath()); String op = request.getParameter("op"); if (op == null) { String nonce = request.getParameter("openid.response_nonce"); // check nonce: checkNonce(nonce); // get authentication: byte[] mac_key = (byte[]) session.getAttribute(ATTR_MAC); if (mac_key == null) { throw new SecurityException("session expired, please try again"); } String alias = (String) session.getAttribute(ATTR_ALIAS); Authentication authentication = manager.getAuthentication(request, mac_key, alias); String email = authentication.getEmail(); if (email == null || email.isEmpty()) throw new SecurityException("email address is required"); session.setAttribute(OPENID_AUTHENTICATION, authentication); response.sendRedirect(request.getContextPath() + "/v/"); return; } // redirect to sign on page: Endpoint endpoint = manager.lookupEndpoint(op); Association association = manager.lookupAssociation(endpoint); session.setAttribute(ATTR_MAC, association.getRawMacKey()); session.setAttribute(ATTR_ALIAS, endpoint.getAlias()); String url = manager.getAuthenticationUrl(endpoint, association); response.sendRedirect(url); return; } } private void checkNonce(String nonce) { if (nonce == null) throw new SecurityException("openid.nonce is missing"); DBCollection nonces = InitDB.getDB(getServletContext()).getCollection("openid.nonce"); DBObject c = nonces.findOne(nonce); if (c != null) throw new SecurityException("openid.nonce " + nonce + " has been used before"); nonces.save(new BasicDBObject("_id", nonce)); } }