Eric Simmerman
Most of the MindTouch sample code available in the wild is in PHP or C# so integrating with a Java stack can be painful. Here's a snip of the code we used to support SSO with our Java-based SaaS platform. The HttpClient framework is version 4.1 of Apache's HttpClient
Update: Modified to skip Cookie parsing based upon bjorg's comment
private boolean parseAndSetMindtouchCookie(final HttpServletResponse response,final DefaultHttpClient client,final User user) {
StringBuffer buf = new StringBuffer("http://");
buf.append(this.MINDTOUCH_HOST).append(this.MINDTOUCH_BASEURI).append("users/authenticate?authprovider=1&apikey=").append(MINDTOUCH_APIKEY);
HttpGet get = new HttpGet(buf.toString());
try {
ResponseHandler<String> responseHandler = new BasicResponseHandler();
String responseBody = client.execute(get, responseHandler);
javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("authtoken", responseBody);
cookie.setDomain(".example.com");
cookie.setSecure(false);
cookie.setPath("/");
cookie.setMaxAge(3600); // 1 hour
response.addCookie(cookie);
log.debug("Successfully set mindtouch auth cookie");
response.sendRedirect("http://"+MINDTOUCH_HOST);
return true;
}catch(HttpResponseException hre){
if(hre.getStatusCode() == HttpStatus.SC_UNAUTHORIZED ){
log.debug("User has no Mindtouch account.");
}else{
log.error("Unable to auth user.",hre);
}
} catch (Exception e) {
log.error("Unable to authenticate user",e);
}
return false;
}
