• spring-mvc 与 openid4java


    以GoogleOpenID 为例,试验了OAuth单点登录的用法:

    1 <dependency>
    2     <groupId>org.openid4java</groupId>
    3     <artifactId>openid4java</artifactId>
    4     <version>0.9.8</version>
    5 </dependency>
      1 import java.util.List;
      2 
      3 import javax.servlet.http.HttpServletRequest;
      4 import javax.servlet.http.HttpServletResponse;
      5 
      6 import org.openid4java.OpenIDException;
      7 import org.openid4java.consumer.ConsumerManager;
      8 import org.openid4java.consumer.VerificationResult;
      9 import org.openid4java.discovery.DiscoveryInformation;
     10 import org.openid4java.discovery.Identifier;
     11 import org.openid4java.message.AuthRequest;
     12 import org.openid4java.message.AuthSuccess;
     13 import org.openid4java.message.ParameterList;
     14 import org.openid4java.message.ax.AxMessage;
     15 import org.openid4java.message.ax.FetchRequest;
     16 import org.openid4java.message.ax.FetchResponse;
     17 import org.slf4j.Logger;
     18 import org.slf4j.LoggerFactory;
     19 import org.springframework.stereotype.Controller;
     20 import org.springframework.web.bind.annotation.RequestMapping;
     21 import org.springframework.web.util.UriComponentsBuilder;
     22 
     23 import com.google.common.base.Throwables;
     24 
     25 @Controller
     26 @RequestMapping("/openid")
     27 @SuppressWarnings("rawtypes")
     28 public class SecurityOpenIDController {
     29 
     30     public static final String GOOGLE_ENDPOINT = "https://www.google.com/accounts/o8/id";
     31     private static final Logger LOGGER = LoggerFactory.getLogger(SecurityOpenIDController.class);
     32 
     33     public final ConsumerManager manager = new ConsumerManager();
     34 
     35     @RequestMapping("/login")
     36     public void login(
     37             UriComponentsBuilder builder,
     38             HttpServletRequest request,
     39             HttpServletResponse response
     40         ) throws Exception
     41     {
     42         // configure the return_to URL where your application will receive
     43         // the authentication responses from the OpenID provider
     44         String returnUrl = builder.path("/openid/return").build().toUriString();
     45         
     46         // --- Forward proxy setup (only if needed) ---
     47         // ProxyProperties proxyProps = new ProxyProperties();
     48         // proxyProps.setProxyName("proxy.example.com");
     49         // proxyProps.setProxyPort(8080);
     50         // HttpClientFactory.setProxyProperties(proxyProps);
     51 
     52         // perform discovery on the user-supplied identifier
     53         List discoveries = manager.discover(GOOGLE_ENDPOINT);
     54 
     55         // attempt to associate with the OpenID provider
     56         // and retrieve one service endpoint for authentication
     57         DiscoveryInformation discovered = manager.associate(discoveries);
     58         
     59         // store the discovery information in the user's session
     60         request.getSession().setAttribute("openid-disc", discovered);
     61 
     62         // obtain a AuthRequest message to be sent to the OpenID provider
     63         AuthRequest authReq = manager.authenticate(discovered, returnUrl);
     64 
     65         // attribute Exchange
     66         FetchRequest fetch = FetchRequest.createFetchRequest();
     67         fetch.addAttribute("email", "http://axschema.org/contact/email", true);
     68         fetch.addAttribute("firstName", "http://axschema.org/namePerson/first", true);
     69         fetch.addAttribute("lastName", "http://axschema.org/namePerson/last", true);
     70         
     71         // attach the extension to the authentication request
     72         authReq.addExtension(fetch);
     73 
     74         if (!discovered.isVersion2()) {
     75             // Option 1: GET HTTP-redirect to the OpenID Provider endpoint
     76             // The only method supported in OpenID 1.x
     77             // redirect-URL usually limited ~2048 bytes
     78             response.sendRedirect(authReq.getDestinationUrl(true));
     79         } else {
     80             // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)
     81             response.sendRedirect(authReq.getDestinationUrl(true));
     82         }
     83     }
     84 
     85     @RequestMapping("/return")
     86     public void verifyResponse(HttpServletRequest request) {
     87         String email = null;
     88         String lastName = null;
     89         String firstName = null;
     90         
     91         try {
     92             // extract the parameters from the authentication response
     93             // (which comes in as a HTTP request from the OpenID provider)
     94             ParameterList response = new ParameterList(request.getParameterMap());
     95 
     96             // retrieve the previously stored discovery information
     97             DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute("openid-disc");
     98 
     99             // extract the receiving URL from the HTTP request
    100             StringBuffer receivingURL = request.getRequestURL();
    101             String queryString = request.getQueryString();
    102             if (queryString != null && queryString.length() > 0) {
    103                 receivingURL.append("?").append(request.getQueryString());
    104             }
    105 
    106             // verify the response; ConsumerManager needs to be the same
    107             // (static) instance used to place the authentication request
    108             VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);
    109 
    110             // examine the verification result and extract the verified
    111             // identifier
    112             Identifier verified = verification.getVerifiedId();
    113             if (verified != null) {
    114                 AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
    115 
    116                 if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
    117                     FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
    118 
    119                     List emails = fetchResp.getAttributeValues("email");
    120                     email = (String) emails.get(0);
    121                     
    122                     List lastNames = fetchResp.getAttributeValues("lastName");
    123                     lastName = (String) lastNames.get(0);
    124                     
    125                     List firstNames = fetchResp.getAttributeValues("firstName");
    126                     firstName = (String) firstNames.get(0);
    127                     
    128                     LOGGER.debug("email: {}", email);
    129                     LOGGER.debug("lastName: {}", lastName);
    130                     LOGGER.debug("firstName: {}", firstName);
    131                 }
    132                 // success
    133                 
    134                 // 在这里与安全框架集成 apache-shiro/spring-security
    135                 // 这里要根据相关的信息自己定义Principal
    136             }
    137         } catch (OpenIDException e) {
    138             LOGGER.error(e.getMessage(), e);
    139             Throwables.propagate(e);
    140         }
    141     }
    142 }
  • 相关阅读:
    vs2012 不显示最近项目
    golang 控制并发有两种经典方式:WaitGroup 和 Context
    跨域资源共享 CORS 详解 【转】
    erlang的 cowboy服务解决跨域问题
    Rabbitmq +Haproxy +keepalived 实现高可用集群
    golang的mongo批量写入压测
    go的json序列化和反序列化
    openfalcon架构及相关服务配置详解(转)
    golang——写文件和读文件
    图解golang内存分配机制 (转)
  • 原文地址:https://www.cnblogs.com/jun1019/p/4933086.html
Copyright © 2020-2023  润新知