summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2010-07-24 23:21:38 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2010-07-24 23:21:38 +0000
commit50b290072e213a7aeb62d6bac5ad4b67a6fc42eb (patch)
tree809a05cb56ee40a7f2dbf4973422c0070cd60773
parentfcc191fad24715bf54e8dcd0ea50303161787d0b (diff)
Change OpenID conf to protect the entire tree under a host, and work with OpenID step2 discovery.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@978945 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--sca-cpp/trunk/modules/openid/htdocs/index.html28
-rw-r--r--sca-cpp/trunk/modules/openid/htdocs/login/index.html (renamed from sca-cpp/trunk/modules/openid/htdocs/protected/login/index.html)4
-rw-r--r--sca-cpp/trunk/modules/openid/htdocs/logout/index.html (renamed from sca-cpp/trunk/modules/openid/htdocs/protected/logout/index.html)2
-rw-r--r--sca-cpp/trunk/modules/openid/htdocs/unprotected/index.html (renamed from sca-cpp/trunk/modules/openid/htdocs/protected/index.html)24
-rwxr-xr-xsca-cpp/trunk/modules/openid/openid-conf38
-rwxr-xr-xsca-cpp/trunk/modules/openid/openid-step2-conf72
-rw-r--r--sca-cpp/trunk/modules/openid/openid.composite4
-rwxr-xr-xsca-cpp/trunk/modules/openid/start-test3
8 files changed, 122 insertions, 53 deletions
diff --git a/sca-cpp/trunk/modules/openid/htdocs/index.html b/sca-cpp/trunk/modules/openid/htdocs/index.html
index 1134201389..e6295a93b5 100644
--- a/sca-cpp/trunk/modules/openid/htdocs/index.html
+++ b/sca-cpp/trunk/modules/openid/htdocs/index.html
@@ -17,9 +17,27 @@
under the License.
-->
-<html><body>
-<h1>Unprotected area - It works!</h1>
-<p><a href="protected">Protected area</a></p>
-<p><a href="protected/login">Sign in</a></p>
-<p><a href="/protected/logout">Sign out</a></p>
+<html>
+<head>
+<script type="text/javascript" src="/js/tuscany-ref.js"></script>
+<script type="text/javascript">
+var component = new tuscany.sca.Component("Protected");
+var userInfo = new tuscany.sca.Reference("userInfo");
+var user = userInfo.apply("getuser");
+var email = userInfo.apply("getemail");
+</script>
+</head>
+<body>
+<h1>Protected area - It works!</h1>
+<p>The following info is returned by a JSONRPC service:</p>
+<div id="user"></div>
+<div id="email"></div>
+<script type="text/javascript">
+document.getElementById('user').innerHTML="User: " + user;
+document.getElementById('email').innerHTML="Email: " + email;
+</script>
+<p><a href="info">User info</a></p>
+<p><a href="login">Sign in</a></p>
+<p><a href="logout">Sign out</a></p>
+<p><a href="unprotected">Unprotected area</a></p>
</body></html>
diff --git a/sca-cpp/trunk/modules/openid/htdocs/protected/login/index.html b/sca-cpp/trunk/modules/openid/htdocs/login/index.html
index a3c0119839..14f378e968 100644
--- a/sca-cpp/trunk/modules/openid/htdocs/protected/login/index.html
+++ b/sca-cpp/trunk/modules/openid/htdocs/login/index.html
@@ -42,7 +42,7 @@ function openidReferrer() {
}
if (typeof(openidReferrer()) == 'undefined') {
- document.location = '/protected';
+ document.location = '/';
}
function submitSignin(w) {
@@ -77,7 +77,7 @@ function withXRDSEndpoint() {
}
</script>
-<form name="signin" action="/protected" method="GET">
+<form name="signin" action="/" method="GET">
<input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id"/>
</form>
diff --git a/sca-cpp/trunk/modules/openid/htdocs/protected/logout/index.html b/sca-cpp/trunk/modules/openid/htdocs/logout/index.html
index a92bad3086..6c7a9393cc 100644
--- a/sca-cpp/trunk/modules/openid/htdocs/protected/logout/index.html
+++ b/sca-cpp/trunk/modules/openid/htdocs/logout/index.html
@@ -24,7 +24,7 @@
<script type="text/javascript">
function submitSignout() {
document.cookie = 'open_id_session_id=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/';
- document.signout.action = document.referrer;
+ document.signout.action = "/login";
document.signout.submit();
return true;
}
diff --git a/sca-cpp/trunk/modules/openid/htdocs/protected/index.html b/sca-cpp/trunk/modules/openid/htdocs/unprotected/index.html
index 4c7bc4f5a3..af2cd7ca19 100644
--- a/sca-cpp/trunk/modules/openid/htdocs/protected/index.html
+++ b/sca-cpp/trunk/modules/openid/htdocs/unprotected/index.html
@@ -18,24 +18,10 @@
-->
<html>
-<head>
-<script type="text/javascript" src="/js/tuscany-ref.js"></script>
-<script language="JavaScript">
- var component = new tuscany.sca.Component("Protected");
- var userInfo = new tuscany.sca.Reference("userInfo");
- var user = userInfo.apply("getuser");
- var email = userInfo.apply("getemail");
-</script>
-</head>
<body>
-<h1>Protected area - It works!</h1>
-<p>The following info is returned by a JSONRPC service:</p>
-<div id="user"></div>
-<div id="email"></div>
-<p><a href="/protected/info">User info</a></p>
-<p><a href="/protected/logout">Sign out</a></p>
-<script language="JavaScript">
- document.getElementById('user').innerHTML="User: " + user;
- document.getElementById('email').innerHTML="Email: " + email;
-</script>
+<h1>Unprotected area - It works!</h1>
+<p><a href="/info">User info</a></p>
+<p><a href="/login">Sign in</a></p>
+<p><a href="/logout">Sign out</a></p>
+<p><a href="/">Protected area</a></p>
</body></html>
diff --git a/sca-cpp/trunk/modules/openid/openid-conf b/sca-cpp/trunk/modules/openid/openid-conf
index eeae4292b7..b98b4030c4 100755
--- a/sca-cpp/trunk/modules/openid/openid-conf
+++ b/sca-cpp/trunk/modules/openid/openid-conf
@@ -17,49 +17,41 @@
# specific language governing permissions and limitations
# under the License.
-# Generate an Axis2 server conf
+# Generate an OpenID server conf
here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
-htdocs=`readlink -f $2`
+host=$2
+port=`echo $3 | awk -F "/" '{ print $1 }'`
+pport=`echo $3 | awk -F "/" '{ print $2 }'`
+if [ "$pport" = "" ]; then
+ pport=$port
+fi
+htdocs=`readlink -f $4`
openid_prefix=`cat openid.prefix`
-servername=`cat $root/conf/httpd.conf | grep ServerName | tail -1 | awk '{ print $2 }'`
-
# Configure HTTPD mod_auth_openid module
cat >>$root/conf/httpd.conf <<EOF
# Support for OpenID authentication
LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so
-<Location /protected>
-AuthOpenIDEnabled On
-AuthOpenIDCookiePath /
-AuthOpenIDLoginPage /protected/login
-AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
-AuthOpenIDServerName $servername
-</Location>
-
-<Location /components>
+<Location />
AuthOpenIDEnabled On
AuthOpenIDCookiePath /
-AuthOpenIDLoginPage /protected/login
+AuthOpenIDLoginPage /login
AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
-AuthOpenIDServerName $servername
</Location>
-<Location /references>
-AuthOpenIDEnabled On
-AuthOpenIDCookiePath /
-AuthOpenIDLoginPage /protected/login
-AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
-AuthOpenIDServerName $servername
+<Location /unprotected>
+AuthOpenIDEnabled Off
</Location>
-<Location /protected/login>
+<Location /login>
AuthOpenIDEnabled Off
</Location>
-<Location /protected/logout>
+<Location /logout>
AuthOpenIDEnabled Off
</Location>
EOF
+
diff --git a/sca-cpp/trunk/modules/openid/openid-step2-conf b/sca-cpp/trunk/modules/openid/openid-step2-conf
new file mode 100755
index 0000000000..4ca4150483
--- /dev/null
+++ b/sca-cpp/trunk/modules/openid/openid-step2-conf
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Generate an OpenID Step2 server conf
+here=`readlink -f $0`; here=`dirname $here`
+root=`readlink -f $1`
+host=$2
+port=`echo $3 | awk -F "/" '{ print $1 }'`
+pport=`echo $3 | awk -F "/" '{ print $2 }'`
+if [ "$pport" = "" ]; then
+ pport=$port
+fi
+htdocs=`readlink -f $4`
+
+# Configure HTTPD to serve OpenID XRDS and LRDD documents
+cat >>$root/conf/httpd.conf <<EOF
+# Serve OpenID XRDS document
+Alias /openid $root/conf/openid.xrds
+<Location /openid>
+AuthOpenIDEnabled Off
+ForceType application/xrds+xml
+</Location>
+
+# Serve OpenID LRDD document
+Alias /.well-known/host-meta $root/conf/openid.lrdd
+<Location /.well-known/host-meta>
+AuthOpenIDEnabled Off
+ForceType text/plain
+</Location>
+
+EOF
+
+# Generate OpenID XRDS document
+cat >$root/conf/openid.xrds <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://\$xrds" xmlns="xri://\$xrd*(\$v*2.0)">
+<XRD>
+<CanonicalID>$host</CanonicalID>
+<Service priority="0">
+<Type>http://specs.openid.net/auth/2.0/server</Type>
+<Type>http://specs.openid.net/auth/2.0/signon</Type>
+<Type>http://openid.net/srv/ax/1.0</Type>
+<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
+<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
+<Type>http://specs.openid.net/extensions/pape/1.0</Type>
+<URI>https://www.google.com/a/$host/o8/ud?be=o8</URI>
+</Service>
+</XRD>
+</xrds:XRDS>
+EOF
+
+# Generate OpenID LRDD document
+cat >$root/conf/openid.lrdd <<EOF
+Link: <https://www.google.com/accounts/o8/site-xrds?hd=$host>; rel="describedby http://reltype.google.com/openid/xrd-op"; type="application/xrds+xml"
+EOF
+
diff --git a/sca-cpp/trunk/modules/openid/openid.composite b/sca-cpp/trunk/modules/openid/openid.composite
index 6c829c44b1..016139a9a7 100644
--- a/sca-cpp/trunk/modules/openid/openid.composite
+++ b/sca-cpp/trunk/modules/openid/openid.composite
@@ -30,10 +30,10 @@
<component name="UserInfo">
<t:implementation.scheme script="user-info.scm"/>
<service name="info">
- <t:binding.jsonrpc uri="protected/info"/>
+ <t:binding.jsonrpc uri="info"/>
</service>
<property name="user">anonymous</property>
<property name="email">anonymous@example.com</property>
- </component>
+ </component>
</composite>
diff --git a/sca-cpp/trunk/modules/openid/start-test b/sca-cpp/trunk/modules/openid/start-test
index eed21f759c..11a0d0b511 100755
--- a/sca-cpp/trunk/modules/openid/start-test
+++ b/sca-cpp/trunk/modules/openid/start-test
@@ -19,9 +19,10 @@
# Setup
../../modules/http/httpd-conf tmp localhost 8090 htdocs
+./openid-conf tmp localhost 8090 htdocs
+./openid-step2-conf tmp localhost 8090 htdocs
../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp
-./openid-conf tmp htdocs
cat >>tmp/conf/httpd.conf <<EOF
SCAContribution `pwd`/
SCAComposite openid.composite