v7cr.OpenIDServlet.java Source code

Java tutorial

Introduction

Here is the source code for v7cr.OpenIDServlet.java

Source

/**
 * Copyright (c) 2011, Thilo Planz. All rights reserved.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

package v7cr;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.expressme.openid.Association;
import org.expressme.openid.Authentication;
import org.expressme.openid.Endpoint;
import org.expressme.openid.OpenIdManager;

import com.mongodb.BasicDBObject;
import com.mongodb.DBCollection;
import com.mongodb.DBObject;

@SuppressWarnings("serial")
public class OpenIDServlet extends HttpServlet {

    static final String OPENID_AUTHENTICATION = "jopenid.authentication";

    private static final String ATTR_MAC = "jopenid.mac";

    private static final String ATTR_ALIAS = "jopenid.alias";

    @Override
    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws IOException, ServletException {

        HttpSession session = request.getSession();
        if (session.getAttribute(OPENID_AUTHENTICATION) == null) {
            OpenIdManager manager = new OpenIdManager();
            String realm = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort();
            manager.setRealm(realm);
            manager.setReturnTo(realm + request.getContextPath() + request.getServletPath());
            System.out.println(realm);
            System.out.println(request.getContextPath() + request.getServletPath());
            String op = request.getParameter("op");
            if (op == null) {
                String nonce = request.getParameter("openid.response_nonce");
                // check nonce:
                checkNonce(nonce);
                // get authentication:
                byte[] mac_key = (byte[]) session.getAttribute(ATTR_MAC);
                if (mac_key == null) {
                    throw new SecurityException("session expired, please try again");
                }
                String alias = (String) session.getAttribute(ATTR_ALIAS);
                Authentication authentication = manager.getAuthentication(request, mac_key, alias);
                String email = authentication.getEmail();

                if (email == null || email.isEmpty())
                    throw new SecurityException("email address is required");

                session.setAttribute(OPENID_AUTHENTICATION, authentication);

                response.sendRedirect(request.getContextPath() + "/v/");
                return;
            }
            // redirect to sign on page:
            Endpoint endpoint = manager.lookupEndpoint(op);
            Association association = manager.lookupAssociation(endpoint);
            session.setAttribute(ATTR_MAC, association.getRawMacKey());
            session.setAttribute(ATTR_ALIAS, endpoint.getAlias());
            String url = manager.getAuthenticationUrl(endpoint, association);
            response.sendRedirect(url);
            return;

        }

    }

    private void checkNonce(String nonce) {
        if (nonce == null)
            throw new SecurityException("openid.nonce is missing");

        DBCollection nonces = InitDB.getDB(getServletContext()).getCollection("openid.nonce");
        DBObject c = nonces.findOne(nonce);
        if (c != null)
            throw new SecurityException("openid.nonce " + nonce + " has been used before");
        nonces.save(new BasicDBObject("_id", nonce));
    }

}