/**
* Copyright 2010 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package com.google.code.samples.appsmarketplace;
import com.google.code.openid.AuthorizationHeaderBuilder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Set;
/**
* Sample OpenID Relying Party servlet, using
* <a href="http://code.google.com/p/openid-filter">openid-filter</a>. Openid-filter is a
* thin layer built on <a href="http://code.google.com/p/openid4java">OpenID4Java</a>
* and <a href="http://code.google.com/p/step2">Step2</a> that makes it easy to
* implement relying party functionality using the standard java servlet API.
*/
public class LoginServlet extends HttpServlet {
/**
* IDPs that we trust to assert verified email addresses
*/
Set<String> trustedProviders = com.google.common.collect.Sets.newHashSet(
"www.google.com",
"www.yahoo.com"
);
/**
* Initiates an OpenID login request to the provider specified in the
* <code>op</code> query parameter.
*
* @param req HTTP request
* @param resp HTTP response
* @throws ServletException
* @throws IOException
*/
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
if (req.getParameter("op") != null) {
resp.setHeader("WWW-Authenticate", new AuthorizationHeaderBuilder()
.forIdentifier(req.getParameter("op"))
.includeStandardAttributes()
.buildHeader());
resp.sendError(401, "Authentication required");
} else {
req.getRequestDispatcher("/index.jsp").forward(req, resp);
}
}
/**
* Handles the OpenID response from the provider. If a valid assertion is available,
* openid-filter makes the parsed data available in the request.
*
* @param req HTTP request
* @param resp HTTP response
* @throws ServletException
* @throws IOException
*/
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String identifier = (String) req.getAttribute("openid.identifier");
if (identifier != null) {
// Have a valid assertion, log in the user.
User user = new User();
user.setClaimedId(identifier);
user.setFirstName((String) req.getAttribute("openid.ax.firstName"));
user.setLastName((String) req.getAttribute("openid.ax.lastName"));
if (isTrustedEndpoint((String) req.getAttribute("openid.endpoint"))) {
// Trust email is valid for these providers.
user.setEmail((String) req.getAttribute("openid.ax.email"));
}
req.getSession().setAttribute("user", user);
resp.sendRedirect("hello");
} else {
resp.sendRedirect("login");
}
}
/**
* Checks to see if this is a known OpenID provider that asserts verified
* emails.
*
* @param endpointUrl Provider's endpoint
* @return True if we consider it trusted
*/
private boolean isTrustedEndpoint(String endpointUrl) {
try {
URL url = new URL(endpointUrl);
return trustedProviders.contains(url.getHost());
} catch (MalformedURLException e) {
return false;
}
}
}