spring-mvc 与 openid4java
2015-11-03 14:13
423 查看
以GoogleOpenID 为例,试验了OAuth单点登录的用法:
<dependency> <groupId>org.openid4java</groupId> <artifactId>openid4java</artifactId> <version>0.9.8</version> </dependency>
import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.openid4java.OpenIDException; import org.openid4java.consumer.ConsumerManager; import org.openid4java.consumer.VerificationResult; import org.openid4java.discovery.DiscoveryInformation; import org.openid4java.discovery.Identifier; import org.openid4java.message.AuthRequest; import org.openid4java.message.AuthSuccess; import org.openid4java.message.ParameterList; import org.openid4java.message.ax.AxMessage; import org.openid4java.message.ax.FetchRequest; import org.openid4java.message.ax.FetchResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.util.UriComponentsBuilder; import com.google.common.base.Throwables; @Controller @RequestMapping("/openid") @SuppressWarnings("rawtypes") public class SecurityOpenIDController { public static final String GOOGLE_ENDPOINT = "https://www.google.com/accounts/o8/id"; private static final Logger LOGGER = LoggerFactory.getLogger(SecurityOpenIDController.class); public final ConsumerManager manager = new ConsumerManager(); @RequestMapping("/login") public void login( UriComponentsBuilder builder, HttpServletRequest request, HttpServletResponse response ) throws Exception { // configure the return_to URL where your application will receive // the authentication responses from the OpenID provider String returnUrl = builder.path("/openid/return").build().toUriString(); // --- Forward proxy setup (only if needed) --- // ProxyProperties proxyProps = new ProxyProperties(); // proxyProps.setProxyName("proxy.example.com"); // proxyProps.setProxyPort(8080); // HttpClientFactory.setProxyProperties(proxyProps); // perform discovery on the user-supplied identifier List discoveries = manager.discover(GOOGLE_ENDPOINT); // attempt to associate with the OpenID provider // and retrieve one service endpoint for authentication DiscoveryInformation discovered = manager.associate(discoveries); // store the discovery information in the user's session request.getSession().setAttribute("openid-disc", discovered); // obtain a AuthRequest message to be sent to the OpenID provider AuthRequest authReq = manager.authenticate(discovered, returnUrl); // attribute Exchange FetchRequest fetch = FetchRequest.createFetchRequest(); fetch.addAttribute("email", "http://axschema.org/contact/email", true); fetch.addAttribute("firstName", "http://axschema.org/namePerson/first", true); fetch.addAttribute("lastName", "http://axschema.org/namePerson/last", true); // attach the extension to the authentication request authReq.addExtension(fetch); if (!discovered.isVersion2()) { // Option 1: GET HTTP-redirect to the OpenID Provider endpoint // The only method supported in OpenID 1.x // redirect-URL usually limited ~2048 bytes response.sendRedirect(authReq.getDestinationUrl(true)); } else { // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) response.sendRedirect(authReq.getDestinationUrl(true)); } } @RequestMapping("/return") public void verifyResponse(HttpServletRequest request) { String email = null; String lastName = null; String firstName = null; try { // extract the parameters from the authentication response // (which comes in as a HTTP request from the OpenID provider) ParameterList response = new ParameterList(request.getParameterMap()); // retrieve the previously stored discovery information DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute("openid-disc"); // extract the receiving URL from the HTTP request StringBuffer receivingURL = request.getRequestURL(); String queryString = request.getQueryString(); if (queryString != null && queryString.length() > 0) { receivingURL.append("?").append(request.getQueryString()); } // verify the response; ConsumerManager needs to be the same // (static) instance used to place the authentication request VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered); // examine the verification result and extract the verified // identifier Identifier verified = verification.getVerifiedId(); if (verified != null) { AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); List emails = fetchResp.getAttributeValues("email"); email = (String) emails.get(0); List lastNames = fetchResp.getAttributeValues("lastName"); lastName = (String) lastNames.get(0); List firstNames = fetchResp.getAttributeValues("firstName"); firstName = (String) firstNames.get(0); LOGGER.debug("email: {}", email); LOGGER.debug("lastName: {}", lastName); LOGGER.debug("firstName: {}", firstName); } // success // 在这里与安全框架集成 apache-shiro/spring-security // 这里要根据相关的信息自己定义Principal } } catch (OpenIDException e) { LOGGER.error(e.getMessage(), e); Throwables.propagate(e); } } }
相关文章推荐
- java通过模拟post方式提交表单实现图片上传功能实例
- 从”JAVA“而终 7:java运行过程以及各变量初始化顺序
- myeclipse修改内存大小不足
- java中id为封装类时整形new出的对象为null
- 【Java并发编程实战】-----“J.U.C”:CyclicBarrier
- SpringMVC拦截器(资源和权限管理)
- openid4java 使用记录[转载]
- java堆内存和栈内存的区别
- 如何查看eclipse中adt的版本
- spring mvc 从一个控制器跳转到另一个控制器
- java-基础
- 错误异常 Process 'command 'E:\Java\jdk1.8.0_65\bin\java.exe'' finished with non-zero exit value 2
- Java RMI 入门指南
- mybatis错误org.springframework.beans.factory.BeanCreationException: Could not autowire field
- Spring与RMI集成实现远程访问
- 关于Java的Classpath详解
- eclipse maven安装配置
- java并发编程 之 常用并发类库使用举例
- Eclipse的调试功能的10个小窍门
- java基础学习笔记——I/O文件切割与合并