1.liferay的openid的配置很简单的,先去 openid提供商注册一个自已的openid如果已经有就不用了,现在yahoo,google都提供openid,你也可以在www.myopenid.com上面去注册一个。
2. portal.properties文件open.id.auth.enabled=true,liferay5.0默认就是true,然后用你的openid登陆lliferay。
3.liferay在发送验证之前,以你的openid为ScreenName去查找用户,如果没有这个用户,会向提供商请求first name,last name,mail三个参数。
4.接收验证成功,如果三个参数都能获取,liferay会自动为你注册一个帐户,如果有一个参数为空就跳往新增用户页面。
下面是相关代码的解释:
public static void sendOpenIdRequest( ThemeDisplay themeDisplay, HttpServletRequest req, HttpServletResponse res, String openId) throws Exception { if (!OpenIdUtil.isEnabled(themeDisplay.getCompanyId())) { return; } HttpSession ses = req.getSession(); String returnURL = PortalUtil.getPortalURL(req) + themeDisplay.getPathMain() + "/portal/open_id_response"; //创建消费者对象,它将向认证服务器发出认证请求 ConsumerManager manager = OpenIdUtil.getConsumerManager(); //下载OpenID提供者列表,返回结果将按照用户指定的优选顺序排列 List<DiscoveryInformation> discoveries = manager.discover(openId); //通过关联获取和OpenID提供者之间的共享密钥 DiscoveryInformation discovered = manager.associate(discoveries); //密钥放入用户session以方便后面使用 ses.setAttribute(WebKeys.OPEN_ID_DISCO, discovered); //将用户重定向到他们的OpenID提供者页面,并告诉OpenID提供者外部站点的地址 AuthRequest authReq = manager.authenticate(discovered, returnURL); String screenName = OpenIdUtil.getScreenName(openId); try { //通过openid取用户 UserLocalServiceUtil.getUserByScreenName( themeDisplay.getCompanyId(), screenName); } //没有screenName为openid的用户 catch (NoSuchUserException nsue) { //构建一个空的请求参数列表 FetchRequest fetch = FetchRequest.createFetchRequest(); //写上请求的参数(姓名和邮箱,以方便注册用) fetch.addAttribute( "email", "http://schema.openid.net/contact/email", true); fetch.addAttribute( "firstName", "http://schema.openid.net/namePerson/first", true); fetch.addAttribute( "lastName", "http://schema.openid.net/namePerson/last", true); authReq.addExtension(fetch); //构建一个空的请求参数列表(与FetchRequest什么区别暂时还不清楚) SRegRequest sregReq = SRegRequest.createFetchRequest(); sregReq.addAttribute("fullname", true); sregReq.addAttribute("email", true); authReq.addExtension(sregReq); } //发往OpenID提供者页面 res.sendRedirect(authReq.getDestinationUrl(true)); }
protected User readResponse( ThemeDisplay themeDisplay, HttpServletRequest req) throws Exception { HttpSession ses = req.getSession(); ConsumerManager manager = OpenIdUtil.getConsumerManager(); ParameterList params = new ParameterList(req.getParameterMap()); //取得session中的密钥 DiscoveryInformation discovered = (DiscoveryInformation)ses.getAttribute(WebKeys.OPEN_ID_DISCO); if (discovered == null) { return null; } StringBuffer receivingURL = req.getRequestURL(); String queryString = req.getQueryString(); if ((queryString != null) && (queryString.length() > 0)) { receivingURL.append(StringPool.QUESTION); receivingURL.append(req.getQueryString()); } //校验 VerificationResult verification = manager.verify( receivingURL.toString(), params, discovered); Identifier verified = verification.getVerifiedId(); if (verified == null) { return null; } AuthSuccess authSuccess = (AuthSuccess)verification.getAuthResponse(); String firstName = null; String lastName = null; String emailAddress = null; //获取信息 if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) { MessageExtension ext = authSuccess.getExtension( SRegMessage.OPENID_NS_SREG); if (ext instanceof SRegResponse) { SRegResponse sregResp = (SRegResponse)ext; String fullName = GetterUtil.getString( sregResp.getAttributeValue("fullname")); int pos = fullName.indexOf(StringPool.SPACE); if ((pos != -1) && ((pos + 1) < fullName.length())) { firstName = fullName.substring(0, pos); lastName = fullName.substring(pos + 1); } emailAddress = sregResp.getAttributeValue("email"); } } if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { MessageExtension ext = authSuccess.getExtension( AxMessage.OPENID_NS_AX); if (ext instanceof FetchResponse) { FetchResponse fetchResp = (FetchResponse)ext; if (Validator.isNull(firstName)) { firstName = getFirstValue( fetchResp.getAttributeValues("firstName")); } if (Validator.isNull(lastName)) { lastName = getFirstValue( fetchResp.getAttributeValues("lastName")); } if (Validator.isNull(emailAddress)) { emailAddress = getFirstValue( fetchResp.getAttributeValues("email")); } } } String screenName = OpenIdUtil.getScreenName(authSuccess.getIdentity()); User user = null; try { //通过openid做为ScreenName试着能否查找出这个用户 user = UserLocalServiceUtil.getUserByScreenName( themeDisplay.getCompanyId(), screenName); } catch (NoSuchUserException nsue) { //如果openid提供没有firstName之类的用户信息,报错 if (Validator.isNull(firstName) || Validator.isNull(lastName) || Validator.isNull(emailAddress)) { SessionErrors.add(req, "missingOpenIdUserInformation"); _log.error( "The OpenID provider did not send the required " + "attributes to create an account"); return null; } //能取到信息就生成一个用户 user = addUser( themeDisplay.getCompanyId(), firstName, lastName, emailAddress, screenName, themeDisplay.getLocale()); } ses.setAttribute(WebKeys.OPEN_ID_LOGIN, new Long(user.getUserId())); return user; }
在网上很难找到操作openid的相关api中文帮助文档,下面是我在网上找的一段希望能对大家有所帮助
依赖方发送 SRegRequest
SRegRequest sregReq = SRegRequest.createFetchRequest();
sregReq.addAttribute("fullname", true);
sregReq.addAttribute("nickname", true);
sregReq.addAttribute("email", true);
AuthRequest req = _consumerManager.authenticate(discovered, return_to);
req.addExtension(sregReq);OpenID 提供方接受 SRegRequest
if (authReq.hasExtension(SRegMessage.OPENID_NS_SREG))
{
MessageExtension ext = authReq.getExtension(SRegMessage.OPENID_NS_SREG)
if (ext instanceof SRegRequest)
{
SRegRequest sregReq = (SRegRequest) ext;
List required = sregReq.getAttributes(true);
List optional = sregReq.getAttributes(false);
// prompt the user
}
}OpenID 提供方发送 SRegResponse
// data released by the user
Map userData = new HashMap();
//userData.put("email", "user@example.com");
SRegResponse sregResp = SRegResponse.createSRegResponse(sregReq, userData);
// (alternatively) manually add attribute values
sregResp.addAttribute("email", "user@example.com");
authSuccess.addExtension(sregResp);依赖方接受 SRegResponse
if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG))
{
MessageExtension ext = authSuccess.getExtension(SRegMessage.OPENID_NS_SREG);
if (ext instanceof SRegResponse)
{
SRegResponse sregResp = (SRegResponse) ext;
String fullName = sregResp.getAttributeValue("fullname");
String nickName = sregResp.getAttributeValue("nickname");
String email = sregResp.getAttributeValues("email");
}
}