结合openId身份识别 博客分类: JAVA openid
程序员文章站
2024-03-17 08:31:04
...
openID是一个分散式身份识别协议,在其基础上实现了网上身份认证系统。可以将您的系统使用openID来作为用户登录,让你的程序支持opendID。我使用的是http://www.openid.org.cn/ 作为openID提供商,使用openid4java库编写openID依赖方。
以下根据openid4java文档写的一个demo
发起openID请求的action
将用户的OpenID帐户和返回url封装成openID请求 AuthRequest
应用程序验证openID请求验证的返回
struts.xml
continue.jsp 提交封装后的openID请求到openID OP端
只是为了实现第一个demo,只是为了看到效果,所以代码组织的不太规范。
大致过程是 SampleConsumerManager 通过Discovery进程,根据用户OpenID的帐户
定位到相应的openID提供商,然后将相应参数提交到openID op端的action。
op端提供一个页面输入密码。验证成功后,返回到 returnToUrl ,应用中,在
returnToUrl中的action验证op的response。
以下根据openid4java文档写的一个demo
发起openID请求的action
//yuyong 2012-2-10
public class OpenIDLoginAction extends ActionSupport implements ServletRequestAware,ServletResponseAware{
private ISampleConsumerManager sampleConsumerManager;
private AuthRequest authReq;
private String openID=null;
ActionContext context = ActionContext.getContext();
HttpServletRequest request = null;
HttpServletResponse response = null;
Map<String,Object>pm=null;
String actionURL;
public String execute()throws Exception{
if(openID!=null&&openID.startsWith("http://")){
openID=openID.replaceAll("http://", "");
}
String returnToUrl="http://localhost:8181/SSO/firstPageAction.action";
ActionContext context = ActionContext.getContext();
Map params = context.getParameters();
authReq=sampleConsumerManager.authRequest(openID, returnToUrl,request,response, request.getSession());
Map<String,Object>pm=authReq.getParameterMap();
this.pm=pm;
this.actionURL=authReq.getOPEndpoint();
request.setAttribute("pm", pm);
request.setAttribute("actionURL", authReq.getOPEndpoint());
return SUCCESS;
}
}
将用户的OpenID帐户和返回url封装成openID请求 AuthRequest
//yuyong 2012-2-10
public class SampleConsumerManager implements ISampleConsumerManager{
public ConsumerManager manager;
public SampleConsumerManager()throws ConsumerException{
manager=new ConsumerManager();
manager.setAssociations(new InMemoryConsumerAssociationStore());
manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
}
//将openID,返回url封装为一个openID请求
public AuthRequest authRequest(String userSuppliedString,
String returnToUrl, HttpServletRequest httpReq,
HttpServletResponse httpResp,HttpSession session)
throws IOException {
try {
List discoveries=manager.discover(userSuppliedString);
DiscoveryInformation discovered=manager.associate(discoveries);
session.setAttribute("discovered", discovered);
AuthRequest authReq=manager.authenticate(discovered, returnToUrl);
httpResp.sendRedirect(authReq.getDestinationUrl(true));
return authReq;
} catch (DiscoveryException e) {
e.printStackTrace();
} catch (MessageException e) {
e.printStackTrace();
} catch (ConsumerException e) {
e.printStackTrace();
}
return null;
}
//验证openID登录验证的返回
public Identifier verifyResponse(HttpServletRequest httpReq,
HttpSession session) throws IOException {
ParameterList openidResp=new ParameterList(httpReq.getParameterMap());
DiscoveryInformation discovered=(DiscoveryInformation) session.getAttribute("discovered");
StringBuffer receivingURL=httpReq.getRequestURL();
String queryString=httpReq.getQueryString();
if(queryString!=null&&queryString.length()>0)
receivingURL.append("?").append(httpReq.getQueryString());
try {
VerificationResult verification=manager.verify(receivingURL.toString(), openidResp, discovered);
Identifier verified=verification.getVerifiedId();
return verified;
} catch (MessageException e) {
e.printStackTrace();
} catch (DiscoveryException e) {
e.printStackTrace();
} catch (AssociationException e) {
e.printStackTrace();
}
return null;
}
}
应用程序验证openID请求验证的返回
//yuyong 2012-2-10
public class FirstPageAction extends ActionSupport implements ServletRequestAware,ServletResponseAware{
private ISampleConsumerManager sampleConsumerManager=null;
private HttpServletRequest request=null;
private HttpServletResponse response=null;
private HttpSession session=null;
public String execute()throws Exception{
if(sampleConsumerManager.verifyResponse(request, session)!=null)
return SUCCESS;
else
return ERROR;
}
}
struts.xml
<action name="openIDLoginAction" class="openIDLoginAction">
<param name="openID">
http://yuyongwuhu.openid.org.cn/
</param>
<result name="success">/continue.jsp</result>
</action>
<action name="firstPageAction" class="FirstPageAction">
<result name="success">/success.jsp</result>
<result name="error">/error.jsp</result>
</action>
continue.jsp 提交封装后的openID请求到openID OP端
<body onload="document.forms['openid-form-redirection'].submit();">
<form id="openid-form-redirection" action="<s:property value="#request.actionURL"/>">
<s:iterator value="#request.pm">
<input type="hidden" name="<s:property value="key"/>" value="<s:property value="value"/>" />
</s:iterator>
</form>
</body>
只是为了实现第一个demo,只是为了看到效果,所以代码组织的不太规范。
大致过程是 SampleConsumerManager 通过Discovery进程,根据用户OpenID的帐户
定位到相应的openID提供商,然后将相应参数提交到openID op端的action。
op端提供一个页面输入密码。验证成功后,返回到 returnToUrl ,应用中,在
returnToUrl中的action验证op的response。