import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
+import java.util.Date;
import java.util.Formatter;
import javax.naming.Context;
/**
* The name of the authentication cookie.
*/
- private static final String AUTH_COOKIE = "_gss_a";
+ public static final String AUTH_COOKIE = "_gss_a";
/**
* The separator character for the authentication cookie.
*/
- private static final char COOKIE_SEPARATOR = '|';
+ public static final char COOKIE_SEPARATOR = '|';
/**
* The name of the the webdav cookie.
String[] attrs = new String[] {"REMOTE_USER", "HTTP_SHIB_INETORGPERSON_DISPLAYNAME",
"HTTP_SHIB_INETORGPERSON_GIVENNAME", "HTTP_SHIB_PERSON_COMMONNAME",
"HTTP_SHIB_PERSON_SURNAME", "HTTP_SHIB_INETORGPERSON_MAIL",
- "HTTP_SHIB_EP_UNSCOPEDAFFILIATION"};
+ "HTTP_SHIB_EP_UNSCOPEDAFFILIATION", "HTTP_PERSISTENT_ID"};
StringBuilder buf = new StringBuilder("Shibboleth Attributes\n");
for (String attr: attrs)
buf.append(attr+": ").append(request.getAttribute(attr)).append('\n');
Object snAttr = request.getAttribute("HTTP_SHIB_PERSON_SURNAME"); // Multi-valued
Object mailAttr = request.getAttribute("HTTP_SHIB_INETORGPERSON_MAIL"); // Multi-valued
Object userclassAttr = request.getAttribute("HTTP_SHIB_EP_UNSCOPEDAFFILIATION"); // Multi-valued
+ Object persistentIdAttr = request.getAttribute("HTTP_PERSISTENT_ID");
// Use a configured test username if found, as a shortcut for development deployments.
String gwtServer = null;
if (getConfiguration().getString("testUsername") != null) {
String userclass = userclassAttr != null ? userclassAttr.toString() : "";
if (userclass.indexOf(';') != -1)
userclass = userclass.substring(0, userclass.indexOf(';'));
+ String persistentId = persistentIdAttr != null ? persistentIdAttr.toString() : "";
+ String idp = "";
+ String idpid = "";
+ if (!persistentId.isEmpty()) {
+ int bang = persistentId.indexOf('!');
+ if (bang > -1) {
+ idp = persistentId.substring(0, bang);
+ idpid = persistentId.substring(bang + 1);
+ }
+ }
try {
user = getService().findUser(username);
if (user == null)
- user = getService().createUser(username, name, mail);
+ user = getService().createUser(username, name, mail, idp, idpid);
if (!user.hasAcceptedPolicy()) {
String policyUrl = "policy.jsp";
if (request.getQueryString() != null)
response.sendRedirect(policyUrl);
return;
}
- // Update the user name and e-mail if modified.
- boolean update = false;
- if (!user.getName().equals(name)) {
- user.setName(name);
- update = true;
- }
- if (!user.getEmail().equals(mail)) {
- user.setEmail(mail);
- update = true;
- }
+ user.setName(name);
+ user.setEmail(mail);
+ user.setIdentityProvider(idp);
+ user.setIdentityProviderId(idpid);
+ user.setLastLogin(new Date());
if (user.getAuthToken() == null)
user = getService().updateUserToken(user.getId());
// Set WebDAV password to token if it's never been set.
- if (user.getWebDAVPassword()==null || user.getWebDAVPassword().length()==0) {
+ if (user.getWebDAVPassword() == null || user.getWebDAVPassword().length() == 0) {
String tokenEncoded = new String(Base64.encodeBase64(user.getAuthToken()), "US-ASCII");
user.setWebDAVPassword(tokenEncoded);
- update = true;
}
- if (update)
- getService().updateUser(user);
+ getService().updateUser(user);
} catch (RpcException e) {
String error = "An error occurred while communicating with the service";
logger.error(error, e);
nextUrl += "?u=" + userEncoded + "&t=" + tokenEncoded;
else {
String domain = next.getHost();
- String path = next.getPath();
+ String path = getServletContext().getContextPath() + '/';
Cookie cookie = new Cookie(AUTH_COOKIE, userEncoded + COOKIE_SEPARATOR +
tokenEncoded);
cookie.setMaxAge(-1);