RP 建立一個 ConsumerManager,保存起來
1. ConsumerManager 確認 OP
2. ConsumerManager 跟 OP 建立 DiscoveryInformation
3. 保存這個 DiscoveryInformation 物件 httpReq.getSession().setAttribute("openid-disc", discovered);
4. 使用這個 ConsumerManager 跟認證資料回覆的位址建立 AuthRequest
5. 保存這個 ConsumerManager 物件 httpReq.getSession().setAttribute("openid-manager", manager);
6. 使用 AuthRequest 包裹資料需求欄位
7. 送出認證需求
認證資料回覆的位址
1. 取回先前的 ConsumerManager 物件 (ConsumerManager)httpReq.getSession().getAttribute("openid-manager")
2. 取回先前的 DiscoveryInformation 物件 (DiscoveryInformation)httpReq.getSession().getAttribute("openid-disc")
3. 以認證資料回覆的位址、資料認證回覆的參數 List、先前的 DiscoveryInformation 物件,使用先前的 ConsumerManager 物件來確認是否相符
4. 如果認證相符則解譯出內含的資料
SAMPLECONSUMER.JAVA
/* * Copyright 2006-2007 Sxip Identity Corporation * */
package org.openid4java.consumer;
import org.openid4java.discovery.Identifier;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
import org.openid4java.message.ax.AxMessage;
import org.openid4java.message.*;
import org.openid4java.OpenIDException;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
import java.io.IOException;
/**
* Sample Consumer (Relying Party)implementation.
*/
public class SampleConsumer{
public ConsumerManager manager;
public SampleConsumer()throws ConsumerException{
// instantiate a ConsumerManager object
manager = new ConsumerManager();
}
// --- placing the authentication request ---
public String authRequest(String userSuppliedString, HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException{
try{
// configure the return_to URL where your application will receive
// the authentication responses from the OpenID provider
String returnToUrl = "http://example.com/openid";
// --- Forward proxy setup (only if needed) ---
// ProxyProperties proxyProps = new ProxyProperties();
// proxyProps.setProxyName("proxy.example.com");
// proxyProps.setProxyPort(8080);
// HttpClientFactory.setProxyProperties(proxyProps);
// perform discovery on the user-supplied identifier
List discoveries = manager.discover(userSuppliedString);
// attempt to associate with the OpenID provider
// and retrieve one service endpoint for authentication
DiscoveryInformation discovered = manager.associate(discoveries);
// store the discovery information in the user's session
httpReq.getSession().setAttribute("openid-disc", discovered);
// obtain a AuthRequest message to be sent to the OpenID provider
AuthRequest authReq = manager.authenticate(discovered, returnToUrl);
// Attribute Exchange example: fetching the 'email' attribute
FetchRequest fetch = FetchRequest.createFetchRequest();
//fetch.addAttribute("attribute alias","type URI","required");
fetch.addAttribute("email","http://schema.openid.net/contact/email",true);
// attach the extension to the authentication request
authReq.addExtension(fetch);
if (! discovered.isVersion2() ){
// Option 1: GET HTTP-redirect to the OpenID Provider endpoint
// The only method supported in OpenID 1.x
// redirect-URL usually limited ~2048 bytes
httpResp.sendRedirect(authReq.getDestinationUrl(true));
return null;
}else{
// Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("formredirection.jsp");
httpReq.setAttribute("parameterMap", authReq.getParameterMap());
httpReq.setAttribute("destinationUrl", authReq.getDestinationUrl(false));
dispatcher.forward(httpReq, httpResp);
}
}catch (OpenIDException e){
// present error to the user
}
return null;
}
// --- processing the authentication response ---
public Identifier verifyResponse(HttpServletRequest httpReq){
try{
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList response = new ParameterList(httpReq.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation)httpReq.getSession().getAttribute("openid-disc");
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = httpReq.getRequestURL();
String queryString = httpReq.getQueryString();
if (queryString != null && queryString.length() > 0)
receivingURL.append("?").append(httpReq.getQueryString());
// verify the response; ConsumerManager needs to be the same
// (static)instance used to place the authentication request
VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);
// examine the verification result and extract the verified identifier
Identifier verified = verification.getVerifiedId();
if (verified != null){
AuthSuccess authSuccess = (AuthSuccess)verification.getAuthResponse();
if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)){
FetchResponse fetchResp = (FetchResponse)authSuccess.getExtension(AxMessage.OPENID_NS_AX);
List emails = fetchResp.getAttributeValues("email");
String email = (String)emails.get(0);
}
return verified; // success
}
}catch (OpenIDException e){
// present error to the user
}
return null;
}
}
reference:
https://code.google.com/p/openid4java/wiki/SampleConsumer