org.openid4java.server
Class ServerManager

java.lang.Object
  extended by org.openid4java.server.ServerManager

public class ServerManager
extends java.lang.Object

Manages OpenID communications with an OpenID Relying Party (Consumer).

Author:
Marius Scurtescu, Johnny Bufu

Constructor Summary
ServerManager()
          Constructs a ServerManager with default settings.
ServerManager(RealmVerifierFactory factory)
           
 
Method Summary
 Message associationResponse(ParameterList requestParams)
          Processes a Association Request and returns a Association Response message, according to the request parameters and the preferences configured for the OpenID Provider
 Message authResponse(AuthRequest authReq, java.lang.String userSelId, java.lang.String userSelClaimed, boolean authenticatedAndApproved)
          Processes a Authentication Request received from a consumer site.
 Message authResponse(AuthRequest authReq, java.lang.String userSelId, java.lang.String userSelClaimed, boolean authenticatedAndApproved, boolean signNow)
          Processes a Authentication Request received from a consumer site.
 Message authResponse(AuthRequest auhtReq, java.lang.String userSelId, java.lang.String userSelClaimed, boolean authenticatedAndApproved, java.lang.String opEndpoint)
          Processes a Authentication Request received from a consumer site.
 Message authResponse(AuthRequest authReq, java.lang.String userSelId, java.lang.String userSelClaimed, boolean authenticatedAndApproved, java.lang.String opEndpoint, boolean signNow)
          Processes a Authentication Request received from a consumer site.
 Message authResponse(ParameterList requestParams, java.lang.String userSelId, java.lang.String userSelClaimed, boolean authenticatedAndApproved)
          Processes a Authentication Request received from a consumer site.
 Message authResponse(ParameterList requestParams, java.lang.String userSelId, java.lang.String userSelClaimed, boolean authenticatedAndApproved, boolean signNow)
          Processes a Authentication Request received from a consumer site.
 Message authResponse(ParameterList requestParams, java.lang.String userSelId, java.lang.String userSelClaimed, boolean authenticatedAndApproved, java.lang.String opEndpoint)
          Processes a Authentication Request received from a consumer site.
 Message authResponse(ParameterList requestParams, java.lang.String userSelId, java.lang.String userSelClaimed, boolean authenticatedAndApproved, java.lang.String opEndpoint, boolean signNow)
          Processes a Authentication Request received from a consumer site, after parsing the request parameters into a valid AuthRequest.
 boolean getEnforceRpId()
          Gets the flag that instructs the realm verifier to enforce validation of the return URL agains the endpoints discovered from the RP's realm.
 int getExpireIn()
          Gets the expiration time (in seconds) for the generated associations
 AssociationSessionType getMinAssocSessEnc()
          Gets the minimum level of encryption configured for association sessions.
 NonceGenerator getNonceGenerator()
          Gets the NonceGenerator used for generating nonce tokens to uniquely identify authentication responses.
 java.lang.String getOPEndpointUrl()
          Gets OpenID Provider's endpoint URL, where it accepts OpenID authentication requests.
 AssociationSessionType getPrefAssocSessEnc()
          Gets the preferred association / session type.
 ServerAssociationStore getPrivateAssociations()
          Gets the store implementation used for keeping track of the generated private associations (used for signing responses to stateless consumer sites).
 RealmVerifier getRealmVerifier()
          Gets the RealmVerifier used to verify realms against return_to URLs.
 ServerAssociationStore getSharedAssociations()
          Gets the store implementation used for keeping track of the generated associations established with consumer sites.
 java.lang.String[] getSignExtensions()
           
 java.lang.String getSignFields()
          Gets the list of parameters that the OpenID Provider will sign when generating authentication responses.
 java.lang.String getUserSetupUrl()
          Gets the URL at the OpenID Provider where the user should be directed when a immediate authentication request fails.
 void setEnforceRpId(boolean enforceRpId)
          Sets the flag that instructs the realm verifier to enforce validation of the return URL agains the endpoints discovered from the RP's realm.
 void setExpireIn(int _expireIn)
          Sets the expiration time (in seconds) for the generated associations
 void setMinAssocSessEnc(AssociationSessionType minAssocSessEnc)
          Configures the minimum level of encryption accepted for association sessions.
 void setNonceGenerator(NonceGenerator nonceGenerator)
          Sets the NonceGenerator implementation that will be used to generate nonce tokens to uniquely identify authentication responses.
 void setOPEndpointUrl(java.lang.String opEndpointUrl)
          Sets the OpenID Provider's endpoint URL, where it accepts OpenID authentication requests.
 void setPrefAssocSessEnc(AssociationSessionType type)
          Sets the preferred association / session type.
 void setPrivateAssociations(ServerAssociationStore privateAssociations)
          Sets the store implementation that will be used for keeping track of the generated private associations (used for signing responses to stateless consumer sites).
 void setRealmVerifier(RealmVerifier realmVerifier)
          Sets the RealmVerifier used to verify realms against return_to URLs.
 void setSharedAssociations(ServerAssociationStore sharedAssociations)
          Sets the store implementation that will be used for keeping track of the generated associations established with consumer sites.
 void setSignExtensions(java.lang.String[] extensins)
           
 void setSignFields(java.lang.String signFields)
          Sets the list of parameters that the OpenID Provider will sign when generating authentication responses.
 void setUserSetupUrl(java.lang.String userSetupUrl)
          Sets the URL at the OpenID Provider where the user should be directed when a immediate authentication request fails.
 void sign(AuthSuccess authSuccess)
          Signs an AuthSuccess message, using the association identified by the handle specified within the message.
 Message verify(ParameterList requestParams)
          Responds to a verification request from the consumer.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ServerManager

public ServerManager()
Constructs a ServerManager with default settings.


ServerManager

@Inject
public ServerManager(RealmVerifierFactory factory)
Method Detail

getSharedAssociations

public ServerAssociationStore getSharedAssociations()
Gets the store implementation used for keeping track of the generated associations established with consumer sites.

See Also:
ServerAssociationStore

setSharedAssociations

public void setSharedAssociations(ServerAssociationStore sharedAssociations)
Sets the store implementation that will be used for keeping track of the generated associations established with consumer sites.

Parameters:
sharedAssociations - ServerAssociationStore implementation
See Also:
ServerAssociationStore

getPrivateAssociations

public ServerAssociationStore getPrivateAssociations()
Gets the store implementation used for keeping track of the generated private associations (used for signing responses to stateless consumer sites).

See Also:
ServerAssociationStore

setPrivateAssociations

public void setPrivateAssociations(ServerAssociationStore privateAssociations)
Sets the store implementation that will be used for keeping track of the generated private associations (used for signing responses to stateless consumer sites).

Parameters:
privateAssociations - ServerAssociationStore implementation
See Also:
ServerAssociationStore

getMinAssocSessEnc

public AssociationSessionType getMinAssocSessEnc()
Gets the minimum level of encryption configured for association sessions.

Default: no-encryption session, SHA1 MAC association


getNonceGenerator

public NonceGenerator getNonceGenerator()
Gets the NonceGenerator used for generating nonce tokens to uniquely identify authentication responses.

See Also:
NonceGenerator

setNonceGenerator

public void setNonceGenerator(NonceGenerator nonceGenerator)
Sets the NonceGenerator implementation that will be used to generate nonce tokens to uniquely identify authentication responses.

See Also:
NonceGenerator

setMinAssocSessEnc

public void setMinAssocSessEnc(AssociationSessionType minAssocSessEnc)
Configures the minimum level of encryption accepted for association sessions.

Default: no-encryption session, SHA1 MAC association


getPrefAssocSessEnc

public AssociationSessionType getPrefAssocSessEnc()
Gets the preferred association / session type.


setPrefAssocSessEnc

public void setPrefAssocSessEnc(AssociationSessionType type)
                         throws ServerException
Sets the preferred association / session type.

Throws:
ServerException
See Also:
AssociationSessionType

getExpireIn

public int getExpireIn()
Gets the expiration time (in seconds) for the generated associations


setExpireIn

public void setExpireIn(int _expireIn)
Sets the expiration time (in seconds) for the generated associations


getUserSetupUrl

public java.lang.String getUserSetupUrl()
Gets the URL at the OpenID Provider where the user should be directed when a immediate authentication request fails.


setUserSetupUrl

public void setUserSetupUrl(java.lang.String userSetupUrl)
Sets the URL at the OpenID Provider where the user should be directed when a immediate authentication request fails.


setSignFields

public void setSignFields(java.lang.String signFields)
Sets the list of parameters that the OpenID Provider will sign when generating authentication responses.

The fields in the list must be coma-separated and must not include the 'openid.' prefix. Fields that are required to be signed are automatically added by the underlying logic, so that a valid message is generated, regardles if they are included in the user-supplied list or not.


getSignFields

public java.lang.String getSignFields()
Gets the list of parameters that the OpenID Provider will sign when generating authentication responses.

Coma-separated list.


setSignExtensions

public void setSignExtensions(java.lang.String[] extensins)

getSignExtensions

public java.lang.String[] getSignExtensions()

getRealmVerifier

public RealmVerifier getRealmVerifier()
Gets the RealmVerifier used to verify realms against return_to URLs.


setRealmVerifier

public void setRealmVerifier(RealmVerifier realmVerifier)
Sets the RealmVerifier used to verify realms against return_to URLs.


getEnforceRpId

public boolean getEnforceRpId()
Gets the flag that instructs the realm verifier to enforce validation of the return URL agains the endpoints discovered from the RP's realm.


setEnforceRpId

public void setEnforceRpId(boolean enforceRpId)
Sets the flag that instructs the realm verifier to enforce validation of the return URL agains the endpoints discovered from the RP's realm.


getOPEndpointUrl

public java.lang.String getOPEndpointUrl()
Gets OpenID Provider's endpoint URL, where it accepts OpenID authentication requests.

This is a global setting for the ServerManager; can also be set on a per message basis.

See Also:
authResponse(org.openid4java.message.ParameterList, String, String, boolean, String)

setOPEndpointUrl

public void setOPEndpointUrl(java.lang.String opEndpointUrl)
Sets the OpenID Provider's endpoint URL, where it accepts OpenID authentication requests.

This is a global setting for the ServerManager; can also be set on a per message basis.

See Also:
authResponse(org.openid4java.message.ParameterList, String, String, boolean, String)

associationResponse

public Message associationResponse(ParameterList requestParams)
Processes a Association Request and returns a Association Response message, according to the request parameters and the preferences configured for the OpenID Provider

Returns:
AssociationResponse upon successfull association, or AssociationError if no association was established

authResponse

public Message authResponse(ParameterList requestParams,
                            java.lang.String userSelId,
                            java.lang.String userSelClaimed,
                            boolean authenticatedAndApproved)
Processes a Authentication Request received from a consumer site.

Uses ServerManager's global OpenID Provider endpoint URL.

Returns:
An signed positive Authentication Response if successfull, or an IndirectError / DirectError message.
See Also:
authResponse(org.openid4java.message.ParameterList, String, String, boolean, String, boolean)

authResponse

public Message authResponse(AuthRequest authReq,
                            java.lang.String userSelId,
                            java.lang.String userSelClaimed,
                            boolean authenticatedAndApproved)
Processes a Authentication Request received from a consumer site.

Uses ServerManager's global OpenID Provider endpoint URL.

Returns:
A signed positive Authentication Response if successfull, or an IndirectError / DirectError message.
See Also:
authResponse(org.openid4java.message.AuthRequest, String, String, boolean, String, boolean)

authResponse

public Message authResponse(ParameterList requestParams,
                            java.lang.String userSelId,
                            java.lang.String userSelClaimed,
                            boolean authenticatedAndApproved,
                            boolean signNow)
Processes a Authentication Request received from a consumer site.

Uses ServerManager's global OpenID Provider endpoint URL.

Returns:
A positive Authentication Response if successfull, or an IndirectError / DirectError message.
See Also:
authResponse(org.openid4java.message.ParameterList, String, String, boolean, String, boolean)

authResponse

public Message authResponse(AuthRequest authReq,
                            java.lang.String userSelId,
                            java.lang.String userSelClaimed,
                            boolean authenticatedAndApproved,
                            boolean signNow)
Processes a Authentication Request received from a consumer site.

Uses ServerManager's global OpenID Provider endpoint URL.

Returns:
A positive Authentication Response if successfull, or an IndirectError / DirectError message.
See Also:
authResponse(org.openid4java.message.AuthRequest, String, String, boolean, String, boolean)

authResponse

public Message authResponse(ParameterList requestParams,
                            java.lang.String userSelId,
                            java.lang.String userSelClaimed,
                            boolean authenticatedAndApproved,
                            java.lang.String opEndpoint)
Processes a Authentication Request received from a consumer site.

Returns:
A signed positive Authentication Response if successfull, or an IndirectError / DirectError message.
See Also:
authResponse(org.openid4java.message.ParameterList, String, String, boolean, String, boolean)

authResponse

public Message authResponse(AuthRequest auhtReq,
                            java.lang.String userSelId,
                            java.lang.String userSelClaimed,
                            boolean authenticatedAndApproved,
                            java.lang.String opEndpoint)
Processes a Authentication Request received from a consumer site.

Returns:
A signed positive Authentication Response if successfull, or an IndirectError / DirectError message.
See Also:
authResponse(org.openid4java.message.AuthRequest, String, String, boolean, String, boolean)

authResponse

public Message authResponse(ParameterList requestParams,
                            java.lang.String userSelId,
                            java.lang.String userSelClaimed,
                            boolean authenticatedAndApproved,
                            java.lang.String opEndpoint,
                            boolean signNow)
Processes a Authentication Request received from a consumer site, after parsing the request parameters into a valid AuthRequest.

Returns:
A signed positive Authentication Response if successfull, or an IndirectError / DirectError message.
See Also:
authResponse(org.openid4java.message.AuthRequest, String, String, boolean, String, boolean)

authResponse

public Message authResponse(AuthRequest authReq,
                            java.lang.String userSelId,
                            java.lang.String userSelClaimed,
                            boolean authenticatedAndApproved,
                            java.lang.String opEndpoint,
                            boolean signNow)
Processes a Authentication Request received from a consumer site.

Parameters:
opEndpoint - The endpoint URL where the OP accepts OpenID authentication requests.
authReq - A valid authentication request.
userSelId - OP-specific Identifier selected by the user at the OpenID Provider; if present it will override the one received in the authentication request.
userSelClaimed - Claimed Identifier selected by the user at the OpenID Provider; if present it will override the one received in the authentication request.
authenticatedAndApproved - Flag indicating that the OP has authenticated the user and the user has approved the authentication transaction
signNow - If true, the returned AuthSuccess will be signed. If false, the signature will not be computed and set - this will have to be performed later, using #sign(org.openid4java.message.Message).
Returns:
  • AuthSuccess, if authenticatedAndApproved
  • AuthFailure (negative response) if either of authenticatedAndApproved is false;
  • A IndirectError or DirectError message if the authentication could not be performed, or
  • Null if there was no return_to parameter specified in the AuthRequest.

sign

public void sign(AuthSuccess authSuccess)
          throws ServerException,
                 AssociationException
Signs an AuthSuccess message, using the association identified by the handle specified within the message.

Parameters:
authSuccess - The Authentication Success message to be signed.
Throws:
ServerException - If the Association corresponding to the handle in the @authSuccess cannot be retrieved from the store.
AssociationException - If the signature cannot be computed.

verify

public Message verify(ParameterList requestParams)
Responds to a verification request from the consumer.

Parameters:
requestParams - ParameterList containing the parameters received in a verification request from a consumer site.
Returns:
VerificationResponse to be sent back to the consumer site.


Copyright © 2012 Sxip. All Rights Reserved.