Source Code of edu.stanford.bmir.protege.web.server.openid.OpenIdAuthenticationResponseServlet

/**
 *
 */
package edu.stanford.bmir.protege.web.server.openid;

import edu.stanford.bmir.protege.web.client.ui.login.constants.AuthenticationConstants;
import edu.stanford.bmir.protege.web.client.ui.openid.constants.OpenIdConstants;
import edu.stanford.bmir.protege.web.server.logging.WebProtegeLogger;
import edu.stanford.bmir.protege.web.server.logging.WebProtegeLoggerManager;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.Parameter;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.AxMessage;
import org.openid4java.message.ax.FetchResponse;
import org.openid4java.message.sreg.SRegMessage;
import org.openid4java.message.sreg.SRegResponse;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;

/**
 * @author z.Khan
 *
 */
public class OpenIdAuthenticationResponseServlet extends HttpServlet {

    private static final long serialVersionUID = 8089333325493540320L;
    private static final WebProtegeLogger log = WebProtegeLoggerManager.get(OpenIdAuthenticationResponseServlet.class);

    @Override
    public void service(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws ServletException,
            IOException {
        try {
            HttpSession httpSession = httpRequest.getSession(false);
            ConsumerManager manager = (ConsumerManager) httpSession.getAttribute("manager");

            ParameterList openidResp = new ParameterList(httpRequest.getParameterMap());
            List list = openidResp.getParameters();
            if (list != null){
                for (Object param : list) {
                    if (param != null && ((Parameter)param).getKey() != null && ((Parameter)param).getValue() != null){
                        log.info(((Parameter) param).getKey() + "=" + ((Parameter) param).getValue());
                    }
                }
            }

            String openIdIdentity = httpRequest.getParameter("openid.identity");
            DiscoveryInformation discovered = (DiscoveryInformation) httpSession.getAttribute("discovered");

            StringBuffer receivingURL = httpRequest.getRequestURL();
            String queryString = httpRequest.getQueryString();
            if (queryString != null && queryString.length() > 0) {
                receivingURL.append("?").append(httpRequest.getQueryString());
            }
            // verify the response
            VerificationResult verification = null;
            log.info("Receiving URL = " + receivingURL.toString());
            verification = manager.verify(receivingURL.toString(), openidResp, discovered);
            // examine the verification result and extract the verified identifier
            Identifier verified = verification.getVerifiedId();
            if (verified != null) {
                AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();

                HttpSession session = httpRequest.getSession(true);
                session.setAttribute("openid_identifier", authSuccess.getIdentity());
                String emailId = null;
                if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
                    FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
                    emailId = (String) fetchResp.getAttributeValues("email").get(0);

                    session.setAttribute("emailFromFetch", fetchResp.getAttributeValues("email").get(0));
                }
                if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) {
                    SRegResponse sregResp = (SRegResponse) authSuccess.getExtension(SRegMessage.OPENID_NS_SREG);
                    emailId = sregResp.getAttributeValue("email");
                }
                if (emailId != null) {
                    httpSession.setAttribute(OpenIdConstants.HTTPSESSION_OPENID_ID, emailId);
                } else {
                    httpSession.setAttribute(OpenIdConstants.HTTPSESSION_OPENID_ID, openIdIdentity);
                }
                httpSession.setAttribute(OpenIdConstants.HTTPSESSION_OPENID_URL, verified.getIdentifier());

            } else {
                httpSession.setAttribute(OpenIdConstants.HTTPSESSION_OPENID_ID, null);
                httpSession.setAttribute(OpenIdConstants.HTTPSESSION_OPENID_PROVIDER, null);
                httpSession.setAttribute(OpenIdConstants.HTTPSESSION_OPENID_URL, null);
            }
            httpSession.setAttribute(AuthenticationConstants.LOGIN_METHOD,
                    AuthenticationConstants.LOGIN_METHOD_OPEN_ID_ACCOUNT);
            httpResponse.setContentType("text/html");
            PrintWriter out = httpResponse.getWriter();
            out.println("<html>");
            out.println("<body onLoad='window.close();'>");
            out.println("</html>");
            out.close();

        } catch (Exception e) {
            log.severe(e);
        }
    }
}