Change OpenID conf to protect the entire tree under a host, and work with OpenID step2 discovery.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@978945 13f79535-47bb-0310-9956-ffa450edef68

8 files changed, 122 insertions, 53 deletions

diff --git a/sca-cpp/trunk/modules/openid/htdocs/index.html b/sca-cpp/trunk/modules/openid/htdocs/index.html
index 1134201389..e6295a93b5 100644
--- a/sca-cpp/trunk/modules/openid/htdocs/index.html
+++ b/sca-cpp/trunk/modules/openid/htdocs/index.html
@@ -17,9 +17,27 @@
    under the License.
 -->
 
-<html><body>
-<h1>Unprotected area - It works!</h1>
-<p><a href="protected">Protected area</a></p>
-<p><a href="protected/login">Sign in</a></p>
-<p><a href="/protected/logout">Sign out</a></p>
+<html>
+<head>
+<script type="text/javascript" src="/js/tuscany-ref.js"></script>
+<script type="text/javascript">
+var component = new tuscany.sca.Component("Protected");
+var userInfo = new tuscany.sca.Reference("userInfo");
+var user = userInfo.apply("getuser");
+var email = userInfo.apply("getemail");
+</script>
+</head>
+<body>
+<h1>Protected area - It works!</h1>
+<p>The following info is returned by a JSONRPC service:</p>
+<div id="user"></div>
+<div id="email"></div>
+<script type="text/javascript">
+document.getElementById('user').innerHTML="User: " + user;
+document.getElementById('email').innerHTML="Email: " + email;
+</script>
+<p><a href="info">User info</a></p>
+<p><a href="login">Sign in</a></p>
+<p><a href="logout">Sign out</a></p>
+<p><a href="unprotected">Unprotected area</a></p>
 </body></html>
diff --git a/sca-cpp/trunk/modules/openid/htdocs/protected/login/index.html b/sca-cpp/trunk/modules/openid/htdocs/login/index.html
index a3c0119839..14f378e968 100644
--- a/sca-cpp/trunk/modules/openid/htdocs/protected/login/index.html
+++ b/sca-cpp/trunk/modules/openid/htdocs/login/index.html
@@ -42,7 +42,7 @@ function openidReferrer() {
 }
 
 if (typeof(openidReferrer()) == 'undefined') {
-    document.location = '/protected';
+    document.location = '/';
 }
 
 function submitSignin(w) {
@@ -77,7 +77,7 @@ function withXRDSEndpoint() {
 }
 </script>
 
-<form name="signin" action="/protected" method="GET">
+<form name="signin" action="/" method="GET">
 <input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id"/>
 </form>
 
diff --git a/sca-cpp/trunk/modules/openid/htdocs/protected/logout/index.html b/sca-cpp/trunk/modules/openid/htdocs/logout/index.html
index a92bad3086..6c7a9393cc 100644
--- a/sca-cpp/trunk/modules/openid/htdocs/protected/logout/index.html
+++ b/sca-cpp/trunk/modules/openid/htdocs/logout/index.html
@@ -24,7 +24,7 @@
 <script type="text/javascript">
 function submitSignout() {
     document.cookie = 'open_id_session_id=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/';
-    document.signout.action = document.referrer;
+    document.signout.action = "/login";
     document.signout.submit();
     return true;
 }
diff --git a/sca-cpp/trunk/modules/openid/htdocs/protected/index.html b/sca-cpp/trunk/modules/openid/htdocs/unprotected/index.html
index 4c7bc4f5a3..af2cd7ca19 100644
--- a/sca-cpp/trunk/modules/openid/htdocs/protected/index.html
+++ b/sca-cpp/trunk/modules/openid/htdocs/unprotected/index.html
@@ -18,24 +18,10 @@
 -->
 
 <html>
-<head>
-<script type="text/javascript" src="/js/tuscany-ref.js"></script>
-<script language="JavaScript">
-    var component = new tuscany.sca.Component("Protected");
-	var userInfo = new tuscany.sca.Reference("userInfo");
-    var user = userInfo.apply("getuser");
-    var email = userInfo.apply("getemail");
-</script>
-</head>
 <body>
-<h1>Protected area - It works!</h1>
-<p>The following info is returned by a JSONRPC service:</p>
-<div id="user"></div>
-<div id="email"></div>
-<p><a href="/protected/info">User info</a></p>
-<p><a href="/protected/logout">Sign out</a></p>
-<script language="JavaScript">
-    document.getElementById('user').innerHTML="User: " + user;
-    document.getElementById('email').innerHTML="Email: " + email;
-</script>
+<h1>Unprotected area - It works!</h1>
+<p><a href="/info">User info</a></p>
+<p><a href="/login">Sign in</a></p>
+<p><a href="/logout">Sign out</a></p>
+<p><a href="/">Protected area</a></p>
 </body></html>
diff --git a/sca-cpp/trunk/modules/openid/openid-conf b/sca-cpp/trunk/modules/openid/openid-conf
index eeae4292b7..b98b4030c4 100755
--- a/sca-cpp/trunk/modules/openid/openid-conf
+++ b/sca-cpp/trunk/modules/openid/openid-conf
@@ -17,49 +17,41 @@
 #  specific language governing permissions and limitations
 #  under the License.
 
-# Generate an Axis2 server conf
+# Generate an OpenID server conf
 here=`readlink -f $0`; here=`dirname $here`
 root=`readlink -f $1`
-htdocs=`readlink -f $2`
+host=$2
+port=`echo $3 | awk -F "/" '{ print $1 }'`
+pport=`echo $3 | awk -F "/" '{ print $2 }'`
+if [ "$pport" = "" ]; then
+    pport=$port
+fi
+htdocs=`readlink -f $4`
 openid_prefix=`cat openid.prefix`
 
-servername=`cat $root/conf/httpd.conf | grep ServerName | tail -1 | awk '{ print $2 }'`
-
 # Configure HTTPD mod_auth_openid module
 cat >>$root/conf/httpd.conf <<EOF
 # Support for OpenID authentication
 LoadModule authopenid_module  $openid_prefix/modules/mod_auth_openid.so
 
-<Location /protected>
-AuthOpenIDEnabled On
-AuthOpenIDCookiePath /
-AuthOpenIDLoginPage /protected/login
-AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
-AuthOpenIDServerName $servername
-</Location>
-
-<Location /components>
+<Location />
 AuthOpenIDEnabled On
 AuthOpenIDCookiePath /
-AuthOpenIDLoginPage /protected/login
+AuthOpenIDLoginPage /login
 AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
-AuthOpenIDServerName $servername
 </Location>
 
-<Location /references>
-AuthOpenIDEnabled On
-AuthOpenIDCookiePath /
-AuthOpenIDLoginPage /protected/login
-AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
-AuthOpenIDServerName $servername
+<Location /unprotected>
+AuthOpenIDEnabled Off
 </Location>
 
-<Location /protected/login>
+<Location /login>
 AuthOpenIDEnabled Off
 </Location>
 
-<Location /protected/logout>
+<Location /logout>
 AuthOpenIDEnabled Off
 </Location>
 
 EOF
+
diff --git a/sca-cpp/trunk/modules/openid/openid-step2-conf b/sca-cpp/trunk/modules/openid/openid-step2-conf
new file mode 100755
index 0000000000..4ca4150483
--- /dev/null
+++ b/sca-cpp/trunk/modules/openid/openid-step2-conf
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#    
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+# Generate an OpenID Step2 server conf
+here=`readlink -f $0`; here=`dirname $here`
+root=`readlink -f $1`
+host=$2
+port=`echo $3 | awk -F "/" '{ print $1 }'`
+pport=`echo $3 | awk -F "/" '{ print $2 }'`
+if [ "$pport" = "" ]; then
+    pport=$port
+fi
+htdocs=`readlink -f $4`
+
+# Configure HTTPD to serve OpenID XRDS and LRDD documents
+cat >>$root/conf/httpd.conf <<EOF
+# Serve OpenID XRDS document
+Alias /openid $root/conf/openid.xrds
+<Location /openid>
+AuthOpenIDEnabled Off
+ForceType application/xrds+xml
+</Location>
+
+# Serve OpenID LRDD document
+Alias /.well-known/host-meta $root/conf/openid.lrdd
+<Location /.well-known/host-meta>
+AuthOpenIDEnabled Off
+ForceType text/plain
+</Location>
+
+EOF
+
+# Generate OpenID XRDS document
+cat >$root/conf/openid.xrds <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://\$xrds" xmlns="xri://\$xrd*(\$v*2.0)">
+<XRD>
+<CanonicalID>$host</CanonicalID>
+<Service priority="0">
+<Type>http://specs.openid.net/auth/2.0/server</Type>
+<Type>http://specs.openid.net/auth/2.0/signon</Type>
+<Type>http://openid.net/srv/ax/1.0</Type>
+<Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
+<Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
+<Type>http://specs.openid.net/extensions/pape/1.0</Type>
+<URI>https://www.google.com/a/$host/o8/ud?be=o8</URI>
+</Service>
+</XRD>
+</xrds:XRDS>
+EOF
+
+# Generate OpenID LRDD document
+cat >$root/conf/openid.lrdd <<EOF
+Link: <https://www.google.com/accounts/o8/site-xrds?hd=$host>; rel="describedby http://reltype.google.com/openid/xrd-op"; type="application/xrds+xml"
+EOF
+
diff --git a/sca-cpp/trunk/modules/openid/openid.composite b/sca-cpp/trunk/modules/openid/openid.composite
index 6c829c44b1..016139a9a7 100644
--- a/sca-cpp/trunk/modules/openid/openid.composite
+++ b/sca-cpp/trunk/modules/openid/openid.composite
@@ -30,10 +30,10 @@
     <component name="UserInfo">
         <t:implementation.scheme script="user-info.scm"/>
         <service name="info">
-            <t:binding.jsonrpc uri="protected/info"/>
+            <t:binding.jsonrpc uri="info"/>
         </service>
         <property name="user">anonymous</property>
         <property name="email">anonymous@example.com</property>
-    </component>     
+    </component>
 
 </composite>
diff --git a/sca-cpp/trunk/modules/openid/start-test b/sca-cpp/trunk/modules/openid/start-test
index eed21f759c..11a0d0b511 100755
--- a/sca-cpp/trunk/modules/openid/start-test
+++ b/sca-cpp/trunk/modules/openid/start-test
@@ -19,9 +19,10 @@
 
 # Setup
 ../../modules/http/httpd-conf tmp localhost 8090 htdocs
+./openid-conf tmp localhost 8090 htdocs
+./openid-step2-conf tmp localhost 8090 htdocs
 ../../modules/server/server-conf tmp
 ../../modules/server/scheme-conf tmp
-./openid-conf tmp htdocs
 cat >>tmp/conf/httpd.conf <<EOF
 SCAContribution `pwd`/
 SCAComposite openid.composite