improve OpenID integration with security API

sbryzak · sbryzak · commit 0115522fe12c · 2011-01-14T21:58:18.000+10:00
diff --git a/api/src/main/java/org/jboss/seam/security/Identity.java b/api/src/main/java/org/jboss/seam/security/Identity.java
@@ -1,11 +1,8 @@
 package org.jboss.seam.security;
 
-import java.security.Principal;
 import java.util.Collection;
 import java.util.Set;
 
-import javax.security.auth.Subject;
-
 import org.picketlink.idm.api.Group;
 import org.picketlink.idm.api.Role;
 import org.picketlink.idm.api.User;
diff --git a/examples/openid-rp/pom.xml b/examples/openid-rp/pom.xml
@@ -29,20 +29,62 @@
                <artifactId>validation-api</artifactId>
                <groupId>javax.validation</groupId>
             </exclusion>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-api</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-impl</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.logging</groupId>
+               <artifactId>jboss-logging</artifactId>
+            </exclusion>
          </exclusions>
       </dependency>
       
       <dependency>
          <groupId>org.jboss.seam.security</groupId>
          <artifactId>seam-security-impl</artifactId>
          <version>${project.version}</version>
+         <exclusions>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-api</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-impl</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.logging</groupId>
+               <artifactId>jboss-logging</artifactId>
+            </exclusion>
+         </exclusions>
       </dependency>
 
       <dependency>
          <groupId>org.jboss.seam.servlet</groupId>
          <artifactId>seam-servlet</artifactId>
       </dependency>
 
+      <dependency>
+         <groupId>org.jboss.seam.config</groupId>
+         <artifactId>seam-config-xml</artifactId>
+         <version>3.0.0.Beta2</version>
+         <exclusions>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-api</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-impl</artifactId>
+            </exclusion>
+         </exclusions>
+      </dependency>
+
       <dependency>
          <groupId>javax.enterprise</groupId>
          <artifactId>cdi-api</artifactId>
diff --git a/examples/openid-rp/src/main/resources/META-INF/seam-beans.xml b/examples/openid-rp/src/main/resources/META-INF/seam-beans.xml
@@ -6,9 +6,9 @@
    xsi:schemaLocation="
       http://java.sun.com/xml/ns/javaee http://jboss.org/schema/cdi/beans_1_0.xsd">
 
-   <security:Identity>
-      <s:replaces/>
+   <security:IdentityImpl>
+      <s:modifies/>
       <security:authenticatorName>openIdAuthenticator</security:authenticatorName>
-   </security>
+   </security:IdentityImpl>
       
 </beans>
diff --git a/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdAuthenticator.java b/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdAuthenticator.java
@@ -3,11 +3,13 @@
 import java.util.LinkedList;
 import java.util.List;
 
-import javax.enterprise.inject.Model;
+import javax.enterprise.context.RequestScoped;
 import javax.faces.context.FacesContext;
 import javax.inject.Inject;
+import javax.inject.Named;
 import javax.servlet.http.HttpServletResponse;
 
+import org.jboss.logging.Logger;
 import org.jboss.seam.security.Authenticator;
 import org.jboss.seam.security.external.openid.api.OpenIdRelyingPartyApi;
 import org.jboss.seam.security.external.openid.api.OpenIdRequestedAttribute;
@@ -18,14 +20,16 @@
  * @author Shane Bryzak
  *
  */
-public @Model class OpenIdAuthenticator implements Authenticator
+public @Named("openIdAuthenticator") @RequestScoped class OpenIdAuthenticator implements Authenticator
 {
    private String openIdProviderUrl;
    
    @Inject private OpenIdRelyingPartyApi openIdApi;
    
    @Inject List<OpenIdProvider> providers;
    
+   @Inject Logger log;
+   
    private String providerCode;
    
    public String getProviderCode()
@@ -66,9 +70,12 @@ public AuthStatus authenticate()
       attributes.add(openIdApi.createOpenIdRequestedAttribute("email", "http://schema.openid.net/contact/email", false, null));
       
       OpenIdProvider selectedProvider = getSelectedProvider();
+      String url = selectedProvider != null ? selectedProvider.getUrl() : getOpenIdProviderUrl();
+      
+      if (log.isDebugEnabled()) log.debug("Logging in using OpenID url: " + url);
       
-      openIdApi.login(selectedProvider != null ? selectedProvider.getUrl() : getOpenIdProviderUrl(), 
-            attributes, (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse());      
+      openIdApi.login(url, attributes, 
+            (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse());      
       
       return AuthStatus.DEFERRED;
    }
diff --git a/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpAuthenticationService.java b/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpAuthenticationService.java
@@ -88,6 +88,10 @@ public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletRes
 
          // retrieve the previously stored discovery information
          DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
+         if (discovered == null)
+         {
+            throw new IllegalStateException("No discovery information found in OpenID request");
+         }         
 
          // extract the receiving URL from the HTTP request
          StringBuffer receivingURL = httpRequest.getRequestURL();
diff --git a/impl/pom.xml b/impl/pom.xml
@@ -59,12 +59,14 @@
          <groupId>org.drools</groupId>
          <artifactId>drools-core</artifactId>
          <version>${drools.version}</version>
+         <optional>true</optional>
       </dependency>
 
       <dependency>
          <groupId>org.drools</groupId>
          <artifactId>drools-compiler</artifactId>
          <version>${drools.version}</version>
+         <optional>true</optional>
       </dependency>
 
       <!--dependency>
@@ -144,7 +146,6 @@
       <dependency>
          <groupId>org.jboss.seam.persistence</groupId>
          <artifactId>seam-persistence</artifactId>
-         <optional>true</optional>
       </dependency>
 
       <dependency>
diff --git a/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java b/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
@@ -12,6 +12,7 @@
 
 import javax.enterprise.context.SessionScoped;
 import javax.enterprise.inject.AmbiguousResolutionException;
+import javax.enterprise.inject.Any;
 import javax.enterprise.inject.Instance;
 import javax.enterprise.inject.UnsatisfiedResolutionException;
 import javax.enterprise.inject.spi.BeanManager;
@@ -64,7 +65,7 @@
    @Inject private PermissionMapper permissionMapper;
    
    @Inject Instance<RequestSecurityState> requestSecurityState;
-   @Inject Instance<Authenticator> authenticators;
+   @Inject @Any Instance<Authenticator> authenticators;
    
    private User user;
    
@@ -276,7 +277,7 @@ protected boolean authenticate() throws AuthenticationException
          
          if (authenticator == null)
          {
-            throw new AuthenticationException("No Authenticator could be located");
+            throw new AuthenticationException("An Authenticator could be located");
          }
          
          if (AuthStatus.SUCCESS.equals(authenticator.authenticate()))
@@ -313,26 +314,25 @@ protected Authenticator lookupAuthenticator() throws AuthenticationException
    {
       if (!Strings.isEmpty(authenticatorName))
       {
-         try
+         Instance<Authenticator> selected = authenticators.select(new NamedLiteral(authenticatorName));
+         if (selected.isAmbiguous())
          {
-            return authenticators.select(new NamedLiteral(authenticatorName)).get();
+            log.error("Multiple Authenticators found with configured name [" + authenticatorName + "]");
+            return null;
          }
-         catch (UnsatisfiedResolutionException ex)
-         {
-            throw new AuthenticationException("The specified Authenticator [" + 
-                  authenticatorName + "] cannot be located");
-         }
-         catch (AmbiguousResolutionException ex)
+         
+         if (selected.isUnsatisfied())
          {
-            throw new AuthenticationException("Multiple Authenticator instances named [" +
-                  authenticatorName + "] were located");
+            log.error("No authenticator with name [" + authenticatorName + "] was found");
+            return null;               
          }
+         
+         return selected.get();
       }
-      
-      
+            
       for (Authenticator auth : authenticators)
       {
-       //  auth.
+         log.debug("Found authenticator: " + auth);
       }      
       
       return null;
diff --git a/impl/src/main/java/org/jboss/seam/security/management/action/ChangePasswordAction.java b/impl/src/main/java/org/jboss/seam/security/management/action/ChangePasswordAction.java
@@ -7,13 +7,11 @@
 
 import org.jboss.seam.persistence.transaction.Transactional;
 import org.jboss.seam.security.Identity;
-import org.jboss.seam.solder.core.Requires;
 import org.picketlink.idm.api.Credential;
 import org.picketlink.idm.api.IdentitySession;
 import org.picketlink.idm.common.exception.IdentityException;
 import org.picketlink.idm.impl.api.PasswordCredential;
 
-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")
 public @Transactional @Model class ChangePasswordAction implements Serializable
 {
    private static final long serialVersionUID = -8727330690588109980L;
diff --git a/impl/src/main/java/org/jboss/seam/security/management/action/GroupAction.java b/impl/src/main/java/org/jboss/seam/security/management/action/GroupAction.java
@@ -10,7 +10,6 @@
 
 import org.jboss.seam.persistence.transaction.Transactional;
 import org.jboss.seam.security.GroupImpl;
-import org.jboss.seam.solder.core.Requires;
 import org.picketlink.idm.api.Group;
 import org.picketlink.idm.api.IdentitySession;
 import org.picketlink.idm.common.exception.IdentityException;
@@ -20,7 +19,6 @@
  *  
  * @author Shane Bryzak
  */
-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")
 public @Named @ConversationScoped class GroupAction implements Serializable
 {
    private static final long serialVersionUID = -1553124158319503903L;
diff --git a/impl/src/main/java/org/jboss/seam/security/management/action/RoleAction.java b/impl/src/main/java/org/jboss/seam/security/management/action/RoleAction.java
@@ -8,7 +8,6 @@
 import javax.inject.Named;
 
 import org.jboss.seam.persistence.transaction.Transactional;
-import org.jboss.seam.solder.core.Requires;
 import org.picketlink.idm.api.IdentitySession;
 import org.picketlink.idm.common.exception.FeatureNotSupportedException;
 import org.picketlink.idm.common.exception.IdentityException;
@@ -18,7 +17,6 @@
  * 
  * @author Shane Bryzak
  */
-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")
 public @Named @ConversationScoped class RoleAction implements Serializable
 {
    private static final long serialVersionUID = -4215849488301658353L;
diff --git a/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java b/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
@@ -12,7 +12,6 @@
 
 import org.jboss.seam.persistence.transaction.Transactional;
 import org.jboss.seam.security.UserImpl;
-import org.jboss.seam.solder.core.Requires;
 import org.picketlink.idm.api.Attribute;
 import org.picketlink.idm.api.Group;
 import org.picketlink.idm.api.IdentitySession;
@@ -28,7 +27,6 @@
  * 
  * @author Shane Bryzak
  */
-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")
 public @Named @ConversationScoped class UserAction implements Serializable
 {
    private static final long serialVersionUID = 5820385095080724087L;

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`
`13`	`13`	`import javax.enterprise.context.SessionScoped;`
`14`	`14`	`import javax.enterprise.inject.AmbiguousResolutionException;`
	`15`	`+import javax.enterprise.inject.Any;`
`15`	`16`	`import javax.enterprise.inject.Instance;`
`16`	`17`	`import javax.enterprise.inject.UnsatisfiedResolutionException;`
`17`	`18`	`import javax.enterprise.inject.spi.BeanManager;`
`@@ -64,7 +65,7 @@`
`64`	`65`	`@Inject private PermissionMapper permissionMapper;`
`65`	`66`
`66`	`67`	`@Inject Instance<RequestSecurityState> requestSecurityState;`
`67`		`- @Inject Instance<Authenticator> authenticators;`
	`68`	`+ @Inject @Any Instance<Authenticator> authenticators;`
`68`	`69`
`69`	`70`	`private User user;`
`70`	`71`
`@@ -276,7 +277,7 @@ protected boolean authenticate() throws AuthenticationException`
`276`	`277`
`277`	`278`	`if (authenticator == null)`
`278`	`279`	`{`
`279`		`- throw new AuthenticationException("No Authenticator could be located");`
	`280`	`+ throw new AuthenticationException("An Authenticator could be located");`
`280`	`281`	`}`
`281`	`282`
`282`	`283`	`if (AuthStatus.SUCCESS.equals(authenticator.authenticate()))`
`@@ -313,26 +314,25 @@ protected Authenticator lookupAuthenticator() throws AuthenticationException`
`313`	`314`	`{`
`314`	`315`	`if (!Strings.isEmpty(authenticatorName))`
`315`	`316`	`{`
`316`		`- try`
	`317`	`+ Instance<Authenticator> selected = authenticators.select(new NamedLiteral(authenticatorName));`
	`318`	`+ if (selected.isAmbiguous())`
`317`	`319`	`{`
`318`		`- return authenticators.select(new NamedLiteral(authenticatorName)).get();`
	`320`	`+ log.error("Multiple Authenticators found with configured name [" + authenticatorName + "]");`
	`321`	`+ return null;`
`319`	`322`	`}`
`320`		`- catch (UnsatisfiedResolutionException ex)`
`321`		`- {`
`322`		`- throw new AuthenticationException("The specified Authenticator [" +`
`323`		`- authenticatorName + "] cannot be located");`
`324`		`- }`
`325`		`- catch (AmbiguousResolutionException ex)`
	`323`	`+`
	`324`	`+ if (selected.isUnsatisfied())`
`326`	`325`	`{`
`327`		`- throw new AuthenticationException("Multiple Authenticator instances named [" +`
`328`		`- authenticatorName + "] were located");`
	`326`	`+ log.error("No authenticator with name [" + authenticatorName + "] was found");`
	`327`	`+ return null;`
`329`	`328`	`}`
	`329`	`+`
	`330`	`+ return selected.get();`
`330`	`331`	`}`
`331`		`-`
`332`		`-`
	`332`	`+`
`333`	`333`	`for (Authenticator auth : authenticators)`
`334`	`334`	`{`
`335`		`- // auth.`
	`335`	`+ log.debug("Found authenticator: " + auth);`
`336`	`336`	`}`
`337`	`337`
`338`	`338`	`return null;`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,6 @@`
`10`	`10`
`11`	`11`	`import org.jboss.seam.persistence.transaction.Transactional;`
`12`	`12`	`import org.jboss.seam.security.GroupImpl;`
`13`		`-import org.jboss.seam.solder.core.Requires;`
`14`	`13`	`import org.picketlink.idm.api.Group;`
`15`	`14`	`import org.picketlink.idm.api.IdentitySession;`
`16`	`15`	`import org.picketlink.idm.common.exception.IdentityException;`
`@@ -20,7 +19,6 @@`
`20`	`19`	`*`
`21`	`20`	`* @author Shane Bryzak`
`22`	`21`	`*/`
`23`		`-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")`
`24`	`22`	`public @Named @ConversationScoped class GroupAction implements Serializable`
`25`	`23`	`{`
`26`	`24`	`private static final long serialVersionUID = -1553124158319503903L;`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,6 @@`
`8`	`8`	`import javax.inject.Named;`
`9`	`9`
`10`	`10`	`import org.jboss.seam.persistence.transaction.Transactional;`
`11`		`-import org.jboss.seam.solder.core.Requires;`
`12`	`11`	`import org.picketlink.idm.api.IdentitySession;`
`13`	`12`	`import org.picketlink.idm.common.exception.FeatureNotSupportedException;`
`14`	`13`	`import org.picketlink.idm.common.exception.IdentityException;`
`@@ -18,7 +17,6 @@`
`18`	`17`	`*`
`19`	`18`	`* @author Shane Bryzak`
`20`	`19`	`*/`
`21`		`-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")`
`22`	`20`	`public @Named @ConversationScoped class RoleAction implements Serializable`
`23`	`21`	`{`
`24`	`22`	`private static final long serialVersionUID = -4215849488301658353L;`