com.dyuproject.openid
Class RelyingParty

java.lang.Object
  extended by com.dyuproject.openid.RelyingParty

public final class RelyingParty
extends Object

Relying party which discovers, associates and verifies the authentication of a user. An implementation of RelyingParty.Listener will enable you to listen to events during a user's authentication lifecycle.

   OpenIdUser user = _relyingParty.discover(request);
   if(user==null)
   {                
       if(RelyingParty.isAuthResponse(request))
       {
           // authentication timeout                    
           response.sendRedirect(request.getRequestURI());
       }
       else
       {
           // set error msg if the openid_identifier is not resolved.
           if(request.getParameter(_relyingParty.getIdentifierParameter())!=null)
               request.setAttribute(OpenIdServletFilter.ERROR_MSG_ATTR, errorMsg);
           
           // new user
           request.getRequestDispatcher("/login.jsp").forward(request, response);
       }
       return;
   }
   
   if(user.isAuthenticated())
   {
       // user already authenticated
       request.getRequestDispatcher("/home.jsp").forward(request, response);
       return;
   }
   
   if(user.isAssociated() && RelyingParty.isAuthResponse(request))
   {
       // verify authentication
       if(_relyingParty.verifyAuth(user, request, response))
       {
           // authenticated                    
          // redirect to home to remove the query params instead of doing:
           // request.setAttribute("user", user); request.getRequestDispatcher("/home.jsp").forward(request, response);
           response.sendRedirect(request.getContextPath() + "/home/");
       }
       else
       {
           // failed verification
           request.getRequestDispatcher("/login.jsp").forward(request, response);
       }
       return;
   }
   
   StringBuffer url = request.getRequestURL();
   String trustRoot = url.substring(0, url.indexOf("/", 9));
   String realm = url.substring(0, url.lastIndexOf("/"));
   String returnTo = url.toString();            
   if(_relyingParty.associateAndAuthenticate(user, request, response, trustRoot, realm, returnTo))
   {
       // successful association
       return;
   } 
 

Author:
David Yu
Date created:
Sep 21, 2008

Nested Class Summary
static interface RelyingParty.Listener
          Enables users to get notified on certain points of the openid authentication lifecycle.
static class RelyingParty.ListenerCollection
          A collection of listeners that wraps an array to delegate the methods from the relying party listener.
 
Field Summary
static String DEFAULT_IDENTIFIER_PARAMETER
          "openid_identifier"
static String DEFAULT_RESOURCE_PATH
          The default resource path ("openid.properties" from classpath).
 
Constructor Summary
RelyingParty()
           
RelyingParty(boolean automaticRedirect)
           
RelyingParty(OpenIdContext context, OpenIdUserManager manager)
           
RelyingParty(OpenIdContext context, OpenIdUserManager manager, boolean automaticRedirect)
           
RelyingParty(OpenIdContext context, OpenIdUserManager manager, Discovery.UserCache userCache, boolean automaticRedirect)
           
RelyingParty(OpenIdContext context, OpenIdUserManager manager, Discovery.UserCache userCache, boolean automaticRedirect, boolean identifierAsServer, AuthRedirection authRedirection, String identifierParameter)
           
RelyingParty(OpenIdUserManager manager, Discovery.UserCache userCache)
           
 
Method Summary
 RelyingParty addListener(RelyingParty.Listener listener)
          Adds a custom listener.
 RelyingParty addResolver(Identifier.Resolver resolver)
          Adds a custom resolver.
 boolean associate(OpenIdUser user, HttpServletRequest request, HttpServletResponse response)
          Returns true if the user is successfully associated with his openid provider; The OpenIdUser is persisted if successful.
 boolean associateAndAuthenticate(OpenIdUser user, HttpServletRequest request, HttpServletResponse response, String trustRoot, String realm, String returnTo)
          Returns true if the user is successfully associated and redirected to his openid provider for authentication; The OpenIdUser is persisted if successful.
 boolean authenticate(OpenIdUser user, HttpServletRequest request, HttpServletResponse response, String trustRoot, String realm, String returnTo)
           
 OpenIdUser discover(HttpServletRequest request)
          Return the current user, either an already authenticated one, or the one just discovered from the openid.identifier.parameter (= "openid_identifier" by default).
Returns null if the Constants.OPENID_MODE associated with the request is set to Constants.Mode.CANCEL (in order to login under a different id), or if the authentification is timed out.
If returned user is null and isAuthResponse(HttpServletRequest) is true then we have an authentication timeout.
protected  OpenIdUser discover(Identifier identifier, HttpServletRequest request)
           
static Map<String,String> getAuthParameters(HttpServletRequest request)
          Copies all the request parameters into a Map object.
 AuthRedirection getAuthRedirection()
          Gets the auth redirection scheme.
static StringBuilder getAuthUrlBuffer(OpenIdUser user, String trustRoot, String realm, String returnTo)
          Gets the StringBuilder filled with the openid parameters that is used to redirect the user to his openid provider.
static UrlEncodedParameterMap getAuthUrlMap(OpenIdUser user, String trustRoot, String realm, String returnTo)
          Gets the UrlEncodedParameterMap filled with the openid parameters that is used to redirect the user to his openid provider.
static String getAuthUrlString(OpenIdUser user, String trustRoot, String realm, String returnTo)
          Gets the string url with the openid parameters that is used to redirect the user to his openid provider.
 String getIdentifierParameter()
          Gets the identifier parameter - default is "openid_identifier".
static RelyingParty getInstance()
          Gets the default instance configured from the properties file found in the default resource path.
 OpenIdContext getOpenIdContext()
          Gets the OpenIdContext.
 OpenIdUserManager getOpenIdUserManager()
          Gets the OpenIdUser manager.
 Discovery.UserCache getUserCache()
          Gets the user cache.
 boolean invalidate(HttpServletRequest request, HttpServletResponse response)
          Invalidates/terminates the openid session of the user associated with the given request; To logout an authenticated user, you invoke this method.
static boolean isAuthCancel(HttpServletRequest request)
          Returns true if the user has cancelled the authentication on his openid provider.
static boolean isAuthResponse(HttpServletRequest request)
          Returns true if we have a positive response from the OpenID provider.
 boolean isAutomaticRedirect()
          Checks whether the relying party should automatically redirect the user if he navigates back to the relying party's site.
static RelyingParty newInstance(InputStream in)
          Creates a new instance from the specified InputStream in, which will be parsed/loaded to a Properties.
static RelyingParty newInstance(Properties properties)
          Creates a new instance configured from the given properties.
static RelyingParty newInstance(String resourceLoc)
          Creates a new instance from the specified resourceLoc in the classpath, which will be parsed/loaded to a Properties.
static RelyingParty newInstance(URL resource)
          Creates a new instance from the specified URL resource, which will be parsed/loaded to a Properties.
 boolean verifyAuth(OpenIdUser user, HttpServletRequest request, HttpServletResponse response)
          Returns true if the user has succeeded authentication on his openid provider; The OpenIdUser is persisted if successful.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_RESOURCE_PATH

public static final String DEFAULT_RESOURCE_PATH
The default resource path ("openid.properties" from classpath).

See Also:
Constant Field Values

DEFAULT_IDENTIFIER_PARAMETER

public static final String DEFAULT_IDENTIFIER_PARAMETER
"openid_identifier"

See Also:
Constant Field Values
Constructor Detail

RelyingParty

public RelyingParty()

RelyingParty

public RelyingParty(boolean automaticRedirect)

RelyingParty

public RelyingParty(OpenIdContext context,
                    OpenIdUserManager manager)

RelyingParty

public RelyingParty(OpenIdUserManager manager,
                    Discovery.UserCache userCache)

RelyingParty

public RelyingParty(OpenIdContext context,
                    OpenIdUserManager manager,
                    boolean automaticRedirect)

RelyingParty

public RelyingParty(OpenIdContext context,
                    OpenIdUserManager manager,
                    Discovery.UserCache userCache,
                    boolean automaticRedirect)

RelyingParty

public RelyingParty(OpenIdContext context,
                    OpenIdUserManager manager,
                    Discovery.UserCache userCache,
                    boolean automaticRedirect,
                    boolean identifierAsServer,
                    AuthRedirection authRedirection,
                    String identifierParameter)
Method Detail

getInstance

public static RelyingParty getInstance()
Gets the default instance configured from the properties file found in the default resource path. If its not found, a new instance will be created (using the default constructor of the RelyingParty) and set as the default instance.


newInstance

public static RelyingParty newInstance(String resourceLoc)
Creates a new instance from the specified resourceLoc in the classpath, which will be parsed/loaded to a Properties.


newInstance

public static RelyingParty newInstance(URL resource)
                                throws IOException
Creates a new instance from the specified URL resource, which will be parsed/loaded to a Properties.

Throws:
IOException

newInstance

public static RelyingParty newInstance(InputStream in)
                                throws IOException
Creates a new instance from the specified InputStream in, which will be parsed/loaded to a Properties.

Throws:
IOException

newInstance

public static RelyingParty newInstance(Properties properties)
Creates a new instance configured from the given properties.


getAuthParameters

public static Map<String,String> getAuthParameters(HttpServletRequest request)
Copies all the request parameters into a Map object.


isAuthResponse

public static boolean isAuthResponse(HttpServletRequest request)
Returns true if we have a positive response from the OpenID provider. If the user is associated and we have an auth response, then we can verify the user.


isAuthCancel

public static boolean isAuthCancel(HttpServletRequest request)
Returns true if the user has cancelled the authentication on his openid provider.


getAuthUrlMap

public static UrlEncodedParameterMap getAuthUrlMap(OpenIdUser user,
                                                   String trustRoot,
                                                   String realm,
                                                   String returnTo)
Gets the UrlEncodedParameterMap filled with the openid parameters that is used to redirect the user to his openid provider.


getAuthUrlBuffer

public static StringBuilder getAuthUrlBuffer(OpenIdUser user,
                                             String trustRoot,
                                             String realm,
                                             String returnTo)
Gets the StringBuilder filled with the openid parameters that is used to redirect the user to his openid provider.


getAuthUrlString

public static String getAuthUrlString(OpenIdUser user,
                                      String trustRoot,
                                      String realm,
                                      String returnTo)
Gets the string url with the openid parameters that is used to redirect the user to his openid provider.


getOpenIdUserManager

public OpenIdUserManager getOpenIdUserManager()
Gets the OpenIdUser manager.


getOpenIdContext

public OpenIdContext getOpenIdContext()
Gets the OpenIdContext.


getIdentifierParameter

public String getIdentifierParameter()
Gets the identifier parameter - default is "openid_identifier".


isAutomaticRedirect

public boolean isAutomaticRedirect()
Checks whether the relying party should automatically redirect the user if he navigates back to the relying party's site.


getAuthRedirection

public AuthRedirection getAuthRedirection()
Gets the auth redirection scheme.


getUserCache

public Discovery.UserCache getUserCache()
Gets the user cache.


discover

public OpenIdUser discover(HttpServletRequest request)
                    throws Exception
Return the current user, either an already authenticated one, or the one just discovered from the openid.identifier.parameter (= "openid_identifier" by default).
Returns null if the Constants.OPENID_MODE associated with the request is set to Constants.Mode.CANCEL (in order to login under a different id), or if the authentification is timed out.
If returned user is null and isAuthResponse(HttpServletRequest) is true then we have an authentication timeout.

Parameters:
request - HttpServletRequest
Returns:
user OpenIdUser
Throws:
Exception

discover

protected OpenIdUser discover(Identifier identifier,
                              HttpServletRequest request)
                       throws Exception
Throws:
Exception

verifyAuth

public boolean verifyAuth(OpenIdUser user,
                          HttpServletRequest request,
                          HttpServletResponse response)
                   throws Exception
Returns true if the user has succeeded authentication on his openid provider; The OpenIdUser is persisted if successful.

Throws:
Exception

associate

public boolean associate(OpenIdUser user,
                         HttpServletRequest request,
                         HttpServletResponse response)
                  throws Exception
Returns true if the user is successfully associated with his openid provider; The OpenIdUser is persisted if successful.

Throws:
Exception

associateAndAuthenticate

public boolean associateAndAuthenticate(OpenIdUser user,
                                        HttpServletRequest request,
                                        HttpServletResponse response,
                                        String trustRoot,
                                        String realm,
                                        String returnTo)
                                 throws Exception
Returns true if the user is successfully associated and redirected to his openid provider for authentication; The OpenIdUser is persisted if successful.

Throws:
Exception

authenticate

public boolean authenticate(OpenIdUser user,
                            HttpServletRequest request,
                            HttpServletResponse response,
                            String trustRoot,
                            String realm,
                            String returnTo)
                     throws IOException
Throws:
IOException

invalidate

public boolean invalidate(HttpServletRequest request,
                          HttpServletResponse response)
                   throws IOException
Invalidates/terminates the openid session of the user associated with the given request; To logout an authenticated user, you invoke this method.

Throws:
IOException

addListener

public RelyingParty addListener(RelyingParty.Listener listener)
Adds a custom listener.


addResolver

public RelyingParty addResolver(Identifier.Resolver resolver)
Adds a custom resolver.



Copyright © 2008-2013. All Rights Reserved.