Java Code Examples for org.openid4java.association.Association#hasExpired()
The following examples show how to use
org.openid4java.association.Association#hasExpired() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PrivateAssociationReplicationStore.java From carbon-identity with Apache License 2.0 | 6 votes |
public Association load(String handle) { // get association using map Association association = OpenIDAssociationReplicationManager.getPersistenceManager().getAssociation(handle); // no association found for the given handle if (association == null) { log.warn("Association " + handle + " not found in the map."); return null; } // if the association is expired if (association.hasExpired()) { log.warn("Association is expired for handle " + handle); remove(handle); // remove from map return null; } return association; }
Example 2
Source File: OpenIDServerAssociationStore.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * First try to load from the memory, in case of failure look in the db. * * @param handle * @return <code>Association<code> */ @Override public Association load(String handle) { boolean chacheMiss = false; // looking in the cache Association association = cache.getFromCache(handle); // if failed, look in the database if (association == null) { if(log.isDebugEnabled()) { log.debug("Association " + handle + " not found in cache. Loading from the database."); } association = dao.loadAssociation(handle); chacheMiss = true; } // no association found for the given handle if (association == null) { if(log.isDebugEnabled()) { log.debug("Association " + handle + " not found in the database."); } return null; } // if the association is expired if (association.hasExpired()) { log.warn("Association is expired for handle " + handle); remove(handle); // remove only from db return null; } else if (chacheMiss) { // add the missing entry to the cache cache.addToCache(association); } return association; }
Example 3
Source File: OpenIdService.java From springboot-shiro-cas-mybatis with MIT License | 4 votes |
/** * Generates an Openid response. * If no ticketId is found, response is negative. * If we have a ticket id, then we check if we have an association. * If so, we ask OpenId server manager to generate the answer according with the existing association. * If not, we send back an answer with the ticket id as association handle. * This will force the consumer to ask a verification, which will validate the service ticket. * @param ticketId the service ticket to provide to the service. * @return the generated authentication answer */ @Override public Response getResponse(final String ticketId) { final Map<String, String> parameters = new HashMap<>(); if (ticketId != null) { final ServerManager manager = (ServerManager) ApplicationContextProvider.getApplicationContext().getBean("serverManager"); final CentralAuthenticationService cas = ApplicationContextProvider.getApplicationContext() .getBean("centralAuthenticationService", CentralAuthenticationService.class); boolean associated = false; boolean associationValid = true; try { final AuthRequest authReq = AuthRequest.createAuthRequest(requestParameters, manager.getRealmVerifier()); final Map parameterMap = authReq.getParameterMap(); if (parameterMap != null && parameterMap.size() > 0) { final String assocHandle = (String) parameterMap.get(OpenIdConstants.OPENID_ASSOCHANDLE); if (assocHandle != null) { final Association association = manager.getSharedAssociations().load(assocHandle); if (association != null) { associated = true; if (association.hasExpired()) { associationValid = false; } } } } } catch (final MessageException me) { LOGGER.error("Message exception : {}", me.getMessage(), me); } boolean successFullAuthentication = true; Assertion assertion = null; try { if (associated) { if (associationValid) { assertion = cas.validateServiceTicket(ticketId, this); LOGGER.info("Validated openid ticket"); } else { successFullAuthentication = false; } } } catch (final TicketException te) { LOGGER.error("Could not validate ticket : {}", te.getMessage(), te); successFullAuthentication = false; } final String id; if (assertion != null && OpenIdConstants.OPENID_IDENTIFIERSELECT.equals(this.identity)) { id = this.openIdPrefixUrl + '/' + assertion.getPrimaryAuthentication().getPrincipal().getId(); } else { id = this.identity; } // We sign directly (final 'true') because we don't add extensions // response message can be either a DirectError or an AuthSuccess here. // Anyway, handling is the same : send the response message final Message response = manager.authResponse(requestParameters, id, id, successFullAuthentication, true); parameters.putAll(response.getParameterMap()); if (!associated) { parameters.put(OpenIdConstants.OPENID_ASSOCHANDLE, ticketId); } } else { parameters.put(OpenIdConstants.OPENID_MODE, OpenIdConstants.CANCEL); } return DefaultResponse.getRedirectResponse(getOriginalUrl(), parameters); }
Example 4
Source File: OpenIdService.java From cas4.0.x-server-wechat with Apache License 2.0 | 4 votes |
/** * Generates an Openid response. * If no ticketId is found, response is negative. * If we have a ticket id, then we check if we have an association. * If so, we ask OpenId server manager to generate the answer according with the existing association. * If not, we send back an answer with the ticket id as association handle. * This will force the consumer to ask a verification, which will validate the service ticket. * @param ticketId the service ticket to provide to the service. * @return the generated authentication answer */ @Override public Response getResponse(final String ticketId) { final Map<String, String> parameters = new HashMap<String, String>(); if (ticketId != null) { ServerManager manager = (ServerManager) ApplicationContextProvider.getApplicationContext().getBean("serverManager"); CentralAuthenticationService cas = (CentralAuthenticationService) ApplicationContextProvider.getApplicationContext() .getBean("centralAuthenticationService"); boolean associated = false; boolean associationValid = true; try { AuthRequest authReq = AuthRequest.createAuthRequest(requestParameters, manager.getRealmVerifier()); Map parameterMap = authReq.getParameterMap(); if (parameterMap != null && parameterMap.size() > 0) { String assocHandle = (String) parameterMap.get("openid.assoc_handle"); if (assocHandle != null) { Association association = manager.getSharedAssociations().load(assocHandle); if (association != null) { associated = true; if (association.hasExpired()) { associationValid = false; } } } } } catch (final MessageException me) { LOGGER.error("Message exception : {}", me.getMessage(), me); } boolean successFullAuthentication = true; try { if (associated) { if (associationValid) { cas.validateServiceTicket(ticketId, this); LOGGER.info("Validated openid ticket"); } else { successFullAuthentication = false; } } } catch (final TicketException te) { LOGGER.error("Could not validate ticket : {}", te.getMessage(), te); successFullAuthentication = false; } // We sign directly (final 'true') because we don't add extensions // response message can be either a DirectError or an AuthSuccess here. // Anyway, handling is the same : send the response message Message response = manager.authResponse(requestParameters, this.identity, this.identity, successFullAuthentication, true); parameters.putAll(response.getParameterMap()); if (!associated) { parameters.put("openid.assoc_handle", ticketId); } } else { parameters.put("openid.mode", "cancel"); } return Response.getRedirectResponse(getOriginalUrl(), parameters); }