wso2 identity server 的openid实例

最新推荐文章于 2024-06-02 09:47:01 发布

zzhongcy

最新推荐文章于 2024-06-02 09:47:01 发布

阅读量2.3k

点赞数

分类专栏： wso2 文章标签： wso2

本文链接：https://blog.csdn.net/zzhongcy/article/details/24714931

版权

wso2 专栏收录该内容

6 篇文章 0 订阅

订阅专栏

最近在研究wso2 IS openid，在网上找了下例子，在此说明一下。

1、从网上下一个openidclient.war包，放到tomcat的webapp下。

2、启动tomcat，登陆http://localhost:8080/openidclient/

3、在对话框中输入你在IS里的openid地址，如我的是：https://localhost:9443/openid/zhongcy，点击login。

此时，tomcat web服务器将执行下面代码：

			String claimed_id = httpRequest.getParameter("claimed_id");

			if (claimed_id == null) { // if the user access the servlet directly

				httpResponse.sendRedirect("index.jsp");

			} else { // the index.jsp's form request, must place the authRequest

				if (openidUserPattern != null && !openidUserPattern.equals("")) {
					claimed_id = openidUserPattern + httpRequest.getParameter("claimed_id");
				}

				try {
					// Smart consumer manager
					manager = new ConsumerManager();

					// Discovery on the user supplied ID
					List discoveries = manager.discover(claimed_id);

					// Associate with the OP and share a secrete
					DiscoveryInformation discovered = manager.associate(discoveries);

					// Keeping necessary parameters to verify the AuthResponse
					httpRequest.getSession().setAttribute("openid-disc", discovered);

					// To identify OP's HTTP POST from other POSTs
					return_to = httpRequest.getRequestURL().toString() + "?is_id_res=true";

					AuthRequest authReq = manager.authenticate(discovered, return_to);

					// Getting emaill attribute using FetchRequest
					FetchRequest fetchRequest = FetchRequest.createFetchRequest();

					// addAttribute(attributeName, typeURI, isRequired)
					fetchRequest.addAttribute("email", "http://axschema.org/contact/email", true);
					fetchRequest.addAttribute("firstname", "http://axschema.org/namePerson/first", true);
					fetchRequest.addAttribute("lastname", "http://axschema.org/namePerson/last", true);
					fetchRequest.addAttribute("country", "http://axschema.org/contact/country/home", true);
					fetchRequest.addAttribute("language", "http://axschema.org/pref/language", true);
					
					
					// Adding the AX extension to the AuthRequest message
					authReq.addExtension(fetchRequest);

					// Redirecting the browser to the OP
					httpResponse.sendRedirect(authReq.getDestinationUrl(true));

				} catch (MessageException e) {
					e.printStackTrace();
				} catch (ConsumerException e) {
					e.printStackTrace();
				} catch (DiscoveryException e) {
					e.printStackTrace();
				}

			}

4、进入IS登陆页面：

https://localhost:9443/authenticationendpoint/openid_login.do?
openid.realm=http%3A%2F%2Flocalhost%3A8080%2Fopenid-client%2FOpenIDRelyingPartyServlet%3Fis_id_res%3Dtrue&
openid.return_to=http%3A%2F%2Flocalhost%3A8080%2Fopenid-client%2FOpenIDRelyingPartyServlet%3Fis_id_res%3Dtrue&
openid.claimed_id=https%3A%2F%2Flocalhost%3A9443%2Fopenid%2Fzhongcy&
openid.identity=https%3A%2F%2Flocalhost%3A9443%2Fopenid%2Fzhongcy&

username=zhongcy

在此输入我的密码，点击login。 login成功后，网页将跳转到上面红色的URL上。

6、此时，openidclient.war的OpenIDRelyingPartyServlet类将执行下面的代码：

//登陆成功后, url中会返回is_id_res=true
		if (httpRequest.getParameter("is_id_res") != null &&
		    httpRequest.getParameter("is_id_res").equals("true")) {

			try {
				// Getting all parameters in request including AuthResponse
				ParameterList authResponseParams = new ParameterList(httpRequest.getParameterMap());

				// Previously discovered information
				DiscoveryInformation discovered =
				                                  (DiscoveryInformation) httpRequest.getSession()
				                                                                    .getAttribute("openid-disc");

				// Verify return-to, discoveries, nonce & signature
				// Signature will be verified using the shared secrete
				VerificationResult verificationResult =
				                                        manager.verify(return_to.toString(),
				                                                       authResponseParams,
				                                                       discovered);

				Identifier verified = verificationResult.getVerifiedId();

				// Identifier will be NULL if verification failed
				if (verified != null) {
					AuthSuccess authSuccess = (AuthSuccess) verificationResult.getAuthResponse();

					String verifiedID = authSuccess.getIdentity();
					String email, firstname, lastname, country, language;

					// Trying to get email attribute using AX extension
					if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
						FetchResponse fetchResp =
						                          (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);

						email = fetchResp.getAttributeValue("email");
						firstname = fetchResp.getAttributeValue("firstname");
						lastname = fetchResp.getAttributeValue("lastname");
						country = fetchResp.getAttributeValue("country");
						language = fetchResp.getAttributeValue("language");

						// Sending results to index.jsp
						httpResponse.sendRedirect("out.jsp?openid=" + verifiedID + "&email= " +
						                          email + "&firstname=" + firstname + "&lastname=" +
						                          lastname + "&country=" + country + "&language=" +
						                          language);

					} else { // OP has not sent any attribute
						httpResponse.sendRedirect("out.jsp?email=Error");
					}

				} else { // somethig went wrong, redirecting back to home
					httpResponse.sendRedirect("index.jsp");
				}

			} catch (MessageException e) {
				e.printStackTrace();
			} catch (DiscoveryException e) {
				e.printStackTrace();
			} catch (AssociationException e) {
				e.printStackTrace();
			}

		}

5、IS登陆成功后，IS重定向到：http://localhost:8080/openidclient/out.jsp?openid=https://localhost:9443/openid/zhongcy&email=%20null&firstname=null&lastname=null&country=null&language=null

内容显示：