Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.openid.client.servlet
Class OpenIDClientServlet

java.lang.Object
  extended by javax.servlet.GenericServlet
      extended by javax.servlet.http.HttpServlet
          extended by com.atlassian.crowd.openid.client.servlet.OpenIDClientServlet
All Implemented Interfaces:
Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
public class OpenIDClientServlet
extends javax.servlet.http.HttpServlet

OpenIDClientServlet acts as the proxy to handling OpenID authentication requests and responses. This servlet is called by either:

  1. the application: an authentication request is to be sent to an OpenID Provider (in which case an OpenIDAuthRequest needs to be in the HttpServletRequest object). The application is responsible for setting a Return URL on the OpenIDAuthRequest object so that when the request from OpenID provider comes back to this servlet, the servlet knows where to pass control back to after processing the response.
  2. the OpenID provider: an authentication response is posted to this servlet via HTTP redirects. This servlet then processes the OpenID authentication response and creates an OpenIDAuthResponse object representing the response. This object is put into the request and control is forwarded to the Return URL specified in the original OpenIDAuthRequest.

This design allows the application code to be separated from OpenID specific code. All the application needs to do is create an OpenIDAuthRequest, put it into the request, and forward control to this servlet.

The OpenID provider will take it's time to verify the authentication, eg. allow the user to login, select a profile, etc. Once this is complete, the OpenID server will asynchronously respond to the authentication request and will redirect an authentication response to this servlet.

This servlet will then receive the response from the OpenID Provider, build an OpenIDAuthResponse object and forward control back to the application. The application can process the OpenIDAuthResponse and create an OpenIDPrincipal from it if required.

The application will need to implement a Servlet/Action/etc to make the authentication request (eg. Login action) and one to process the authentication response (eg. LoginResponse action). It has been done this way for clarity, however, it could easily be refactored into one action.

See Also:
Serialized Form

Constructor Summary
OpenIDClientServlet()
           
 
Method Summary
protected  void doGet(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse)
          Forward to doPost().
protected  void doPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          The servlet is used to both send requests and recieve responses.
 void init(javax.servlet.ServletConfig config)
          Initialise the servlet to inject the CrowdConsumer from Spring.
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service
 
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OpenIDClientServlet

public OpenIDClientServlet()
Method Detail

init

public void init(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException
Initialise the servlet to inject the CrowdConsumer from Spring.

Specified by:
init in interface javax.servlet.Servlet
Overrides:
init in class javax.servlet.GenericServlet
Parameters:
config - ServletConfig
Throws:
javax.servlet.ServletException

doGet

protected void doGet(javax.servlet.http.HttpServletRequest httpServletRequest,
                     javax.servlet.http.HttpServletResponse httpServletResponse)
              throws javax.servlet.ServletException,
                     IOException
Forward to doPost().

Overrides:
doGet in class javax.servlet.http.HttpServlet
Parameters:
httpServletRequest - httpServletRequest
httpServletResponse - httpServletResponse
Throws:
javax.servlet.ServletException
IOException

doPost

protected void doPost(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
               throws javax.servlet.ServletException,
                      IOException
The servlet is used to both send requests and recieve responses.
  1. If there is an OpenIDAuthRequest in the HttpServletRequest object, treat the request as an OpenID authentication request and make the request to the OpenID provider.
  2. If there is an "openid.mode" parameter in the request, then treat this request as an OpenID authentication response from the OpenID Provider.
  3. If neither is present, report throw a ServletException as the servlet isn't being used to request authentication or process authentication responses.

Overrides:
doPost in class javax.servlet.http.HttpServlet
Parameters:
request - httpServletRequest
response - httpServletResponse
Throws:
javax.servlet.ServletException
IOException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 Atlassian. All Rights Reserved.