List of usage examples for org.springframework.security.openid OpenIDAuthenticationStatus FAILURE
OpenIDAuthenticationStatus FAILURE
To view the source code for org.springframework.security.openid OpenIDAuthenticationStatus FAILURE.
Click Source Link
From source file:org.mitre.provenance.openid.OpenId4JavaProxyConsumer.java
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException { // extract the parameters from the authentication response // (which comes in as a HTTP request from the OpenID provider) ParameterList openidResp = new ParameterList(request.getParameterMap()); // retrieve the previously stored discovery information DiscoveryInformation discovered = (DiscoveryInformation) request.getSession() .getAttribute(DISCOVERY_INFO_KEY); if (discovered == null) { throw new OpenIDConsumerException( "DiscoveryInformation is not available. Possible causes are lost session or replay attack"); }//from ww w.ja v a2 s .c o m List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession() .getAttribute(ATTRIBUTE_LIST_KEY); request.getSession().removeAttribute(DISCOVERY_INFO_KEY); request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY); // extract the receiving URL from the HTTP request StringBuffer receivingURL = request.getRequestURL(); String queryString = request.getQueryString(); if (StringUtils.hasLength(queryString)) { receivingURL.append("?").append(request.getQueryString()); } // verify the response VerificationResult verification; try { verification = consumerManager.verify(receivingURL.toString(), openidResp, discovered); } catch (MessageException e) { throw new OpenIDConsumerException("Error verifying openid response", e); } catch (DiscoveryException e) { throw new OpenIDConsumerException("Error verifying openid response", e); } catch (AssociationException e) { throw new OpenIDConsumerException("Error verifying openid response", e); } // examine the verification result and extract the verified identifier Identifier verified = verification.getVerifiedId(); if (verified == null) { Identifier id = discovered.getClaimedIdentifier(); return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, id == null ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList()); } List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch); return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes); }