最近在研究wso2 IS openid,在网上找了下例子,在此说明一下。
1、从网上下一个openidclient.war包,放到tomcat的webapp下。
2、启动tomcat,登陆http://localhost:8080/openidclient/
3、在对话框中输入你在IS里的openid地址,如我的是:https://localhost:9443/openid/zhongcy,点击login。
此时,tomcat web服务器将执行下面代码:
String claimed_id = httpRequest.getParameter("claimed_id");
if (claimed_id == null) { // if the user access the servlet directly
httpResponse.sendRedirect("index.jsp");
} else { // the index.jsp's form request, must place the authRequest
if (openidUserPattern != null && !openidUserPattern.equals("")) {
claimed_id = openidUserPattern + httpRequest.getParameter("claimed_id");
}
try {
// Smart consumer manager
manager = new ConsumerManager();
// Discovery on the user supplied ID
List discoveries = manager.discover(claimed_id);
// Associate with the OP and share a secrete
DiscoveryInformation discovered = manager.associate(discoveries);
// Keeping necessary parameters to verify the AuthResponse
httpRequest.getSession().setAttribute("openid-disc", discovered);
// To identify OP's HTTP POST from other POSTs
return_to = httpRequest.getRequestURL().toString() + "?is_id_res=true";
AuthRequest authReq = manager.authenticate(discovered, return_to);
// Getting emaill attribute using FetchRequest
FetchRequest fetchRequest = FetchRequest.createFetchRequest();
// addAttribute(attributeName, typeURI, isRequired)
fetchRequest.addAttribute("email", "http://axschema.org/contact/email", true);
fetchRequest.addAttribute("firstname", "http://axschema.org/namePerson/first", true);
fetchRequest.addAttribute("lastname", "http://axschema.org/namePerson/last", true);
fetchRequest.addAttribute("country", "http://axschema.org/contact/country/home", true);
fetchRequest.addAttribute("language", "http://axschema.org/pref/language", true);
// Adding the AX extension to the AuthRequest message
authReq.addExtension(fetchRequest);
// Redirecting the browser to the OP
httpResponse.sendRedirect(authReq.getDestinationUrl(true));
} catch (MessageException e) {
e.printStackTrace();
} catch (ConsumerException e) {
e.printStackTrace();
} catch (DiscoveryException e) {
e.printStackTrace();
}
}
4、进入IS登陆页面:
https://localhost:9443/authenticationendpoint/openid_login.do?
openid.realm=http%3A%2F%2Flocalhost%3A8080%2Fopenid-client%2FOpenIDRelyingPartyServlet%3Fis_id_res%3Dtrue&
openid.return_to=http%3A%2F%2Flocalhost%3A8080%2Fopenid-client%2FOpenIDRelyingPartyServlet%3Fis_id_res%3Dtrue&
openid.claimed_id=https%3A%2F%2Flocalhost%3A9443%2Fopenid%2Fzhongcy&
openid.identity=https%3A%2F%2Flocalhost%3A9443%2Fopenid%2Fzhongcy&
username=zhongcy
在此输入我的密码,点击login。 login成功后,网页将跳转到上面红色的URL上。
6、此时,openidclient.war的OpenIDRelyingPartyServlet类将执行下面的代码:
//登陆成功后, url中会返回is_id_res=true
if (httpRequest.getParameter("is_id_res") != null &&
httpRequest.getParameter("is_id_res").equals("true")) {
try {
// Getting all parameters in request including AuthResponse
ParameterList authResponseParams = new ParameterList(httpRequest.getParameterMap());
// Previously discovered information
DiscoveryInformation discovered =
(DiscoveryInformation) httpRequest.getSession()
.getAttribute("openid-disc");
// Verify return-to, discoveries, nonce & signature
// Signature will be verified using the shared secrete
VerificationResult verificationResult =
manager.verify(return_to.toString(),
authResponseParams,
discovered);
Identifier verified = verificationResult.getVerifiedId();
// Identifier will be NULL if verification failed
if (verified != null) {
AuthSuccess authSuccess = (AuthSuccess) verificationResult.getAuthResponse();
String verifiedID = authSuccess.getIdentity();
String email, firstname, lastname, country, language;
// Trying to get email attribute using AX extension
if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
FetchResponse fetchResp =
(FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
email = fetchResp.getAttributeValue("email");
firstname = fetchResp.getAttributeValue("firstname");
lastname = fetchResp.getAttributeValue("lastname");
country = fetchResp.getAttributeValue("country");
language = fetchResp.getAttributeValue("language");
// Sending results to index.jsp
httpResponse.sendRedirect("out.jsp?openid=" + verifiedID + "&email= " +
email + "&firstname=" + firstname + "&lastname=" +
lastname + "&country=" + country + "&language=" +
language);
} else { // OP has not sent any attribute
httpResponse.sendRedirect("out.jsp?email=Error");
}
} else { // somethig went wrong, redirecting back to home
httpResponse.sendRedirect("index.jsp");
}
} catch (MessageException e) {
e.printStackTrace();
} catch (DiscoveryException e) {
e.printStackTrace();
} catch (AssociationException e) {
e.printStackTrace();
}
}
5、IS登陆成功后,IS重定向到:http://localhost:8080/openidclient/out.jsp?openid=https://localhost:9443/openid/zhongcy&email=%20null&firstname=null&lastname=null&country=null&language=null
内容显示:
最后登陆成功。完成了使用openid的登陆流程。