OpenId

RP 建立一個 ConsumerManager，保存起來

1. ConsumerManager 確認 OP

2. ConsumerManager 跟 OP 建立 DiscoveryInformation

3. 保存這個 DiscoveryInformation 物件  httpReq.getSession().setAttribute("openid-disc", discovered);

4. 使用這個 ConsumerManager 跟認證資料回覆的位址建立 AuthRequest

5. 保存這個 ConsumerManager 物件  httpReq.getSession().setAttribute("openid-manager", manager);

6. 使用 AuthRequest 包裹資料需求欄位

7. 送出認證需求

認證資料回覆的位址

1. 取回先前的 ConsumerManager 物件  (ConsumerManager)httpReq.getSession().getAttribute("openid-manager")

2. 取回先前的 DiscoveryInformation 物件  (DiscoveryInformation)httpReq.getSession().getAttribute("openid-disc")

3. 以認證資料回覆的位址、資料認證回覆的參數 List、先前的 DiscoveryInformation 物件，使用先前的 ConsumerManager 物件來確認是否相符

4. 如果認證相符則解譯出內含的資料

SAMPLECONSUMER.JAVA

/* * Copyright 2006-2007 Sxip Identity Corporation * */

package org.openid4java.consumer;

import org.openid4java.discovery.Identifier;

import org.openid4java.discovery.DiscoveryInformation;

import org.openid4java.message.ax.FetchRequest;

import org.openid4java.message.ax.FetchResponse;

import org.openid4java.message.ax.AxMessage;

import org.openid4java.message.*;

import org.openid4java.OpenIDException;

import javax.servlet.http.HttpSession;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.util.List;

import java.io.IOException;

/**

 * Sample Consumer (Relying Party)implementation.

 */

public class SampleConsumer{

public ConsumerManager manager;

public SampleConsumer()throws ConsumerException{

// instantiate a ConsumerManager object

manager = new ConsumerManager();

}

// --- placing the authentication request ---

public String authRequest(String userSuppliedString, HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException{

try{

// configure the return_to URL where your application will receive

// the authentication responses from the OpenID provider

String returnToUrl = "http://example.com/openid";

// --- Forward proxy setup (only if needed) ---

// ProxyProperties proxyProps = new ProxyProperties();

// proxyProps.setProxyName("proxy.example.com");

// proxyProps.setProxyPort(8080);

// HttpClientFactory.setProxyProperties(proxyProps);

// perform discovery on the user-supplied identifier

List discoveries = manager.discover(userSuppliedString);

// attempt to associate with the OpenID provider

// and retrieve one service endpoint for authentication

DiscoveryInformation discovered = manager.associate(discoveries);

// store the discovery information in the user's session

httpReq.getSession().setAttribute("openid-disc", discovered);

// obtain a AuthRequest message to be sent to the OpenID provider

AuthRequest authReq = manager.authenticate(discovered, returnToUrl);

// Attribute Exchange example: fetching the 'email' attribute

FetchRequest fetch = FetchRequest.createFetchRequest();

//fetch.addAttribute("attribute alias","type URI","required");

fetch.addAttribute("email","http://schema.openid.net/contact/email",true);

// attach the extension to the authentication request

authReq.addExtension(fetch);

if (! discovered.isVersion2() ){

// Option 1: GET HTTP-redirect to the OpenID Provider endpoint

// The only method supported in OpenID 1.x

// redirect-URL usually limited ~2048 bytes

httpResp.sendRedirect(authReq.getDestinationUrl(true));

return null;

}else{

// Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)

RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("formredirection.jsp");

httpReq.setAttribute("parameterMap", authReq.getParameterMap());

httpReq.setAttribute("destinationUrl", authReq.getDestinationUrl(false));

dispatcher.forward(httpReq, httpResp);

}

}catch (OpenIDException e){

// present error to the user

}

return null;

    }

    // --- processing the authentication response ---

public Identifier verifyResponse(HttpServletRequest httpReq){

try{

// extract the parameters from the authentication response

// (which comes in as a HTTP request from the OpenID provider)

ParameterList response = new ParameterList(httpReq.getParameterMap());

// retrieve the previously stored discovery information

DiscoveryInformation discovered = (DiscoveryInformation)httpReq.getSession().getAttribute("openid-disc");

// extract the receiving URL from the HTTP request

StringBuffer receivingURL = httpReq.getRequestURL();

String queryString = httpReq.getQueryString();

if (queryString != null && queryString.length() > 0)

receivingURL.append("?").append(httpReq.getQueryString());

// verify the response; ConsumerManager needs to be the same

// (static)instance used to place the authentication request

VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);

// examine the verification result and extract the verified identifier

Identifier verified = verification.getVerifiedId();

if (verified != null){

AuthSuccess authSuccess = (AuthSuccess)verification.getAuthResponse();

if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)){

FetchResponse fetchResp = (FetchResponse)authSuccess.getExtension(AxMessage.OPENID_NS_AX);

List emails = fetchResp.getAttributeValues("email");

String email = (String)emails.get(0);

}

return verified;  // success

}

}catch (OpenIDException e){

// present error to the user

}

return null;

}

}

reference:

https://code.google.com/p/openid4java/wiki/SampleConsumer