以GoogleOpenID 为例,试验了OAuth单点登录的用法:
12 org.openid4java 3openid4java 40.9.8 5
1 import java.util.List; 2 3 import javax.servlet.http.HttpServletRequest; 4 import javax.servlet.http.HttpServletResponse; 5 6 import org.openid4java.OpenIDException; 7 import org.openid4java.consumer.ConsumerManager; 8 import org.openid4java.consumer.VerificationResult; 9 import org.openid4java.discovery.DiscoveryInformation; 10 import org.openid4java.discovery.Identifier; 11 import org.openid4java.message.AuthRequest; 12 import org.openid4java.message.AuthSuccess; 13 import org.openid4java.message.ParameterList; 14 import org.openid4java.message.ax.AxMessage; 15 import org.openid4java.message.ax.FetchRequest; 16 import org.openid4java.message.ax.FetchResponse; 17 import org.slf4j.Logger; 18 import org.slf4j.LoggerFactory; 19 import org.springframework.stereotype.Controller; 20 import org.springframework.web.bind.annotation.RequestMapping; 21 import org.springframework.web.util.UriComponentsBuilder; 22 23 import com.google.common.base.Throwables; 24 25 @Controller 26 @RequestMapping("/openid") 27 @SuppressWarnings("rawtypes") 28 public class SecurityOpenIDController { 29 30 public static final String GOOGLE_ENDPOINT = "https://www.google.com/accounts/o8/id"; 31 private static final Logger LOGGER = LoggerFactory.getLogger(SecurityOpenIDController.class); 32 33 public final ConsumerManager manager = new ConsumerManager(); 34 35 @RequestMapping("/login") 36 public void login( 37 UriComponentsBuilder builder, 38 HttpServletRequest request, 39 HttpServletResponse response 40 ) throws Exception 41 { 42 // configure the return_to URL where your application will receive 43 // the authentication responses from the OpenID provider 44 String returnUrl = builder.path("/openid/return").build().toUriString(); 45 46 // --- Forward proxy setup (only if needed) --- 47 // ProxyProperties proxyProps = new ProxyProperties(); 48 // proxyProps.setProxyName("proxy.example.com"); 49 // proxyProps.setProxyPort(8080); 50 // HttpClientFactory.setProxyProperties(proxyProps); 51 52 // perform discovery on the user-supplied identifier 53 List discoveries = manager.discover(GOOGLE_ENDPOINT); 54 55 // attempt to associate with the OpenID provider 56 // and retrieve one service endpoint for authentication 57 DiscoveryInformation discovered = manager.associate(discoveries); 58 59 // store the discovery information in the user's session 60 request.getSession().setAttribute("openid-disc", discovered); 61 62 // obtain a AuthRequest message to be sent to the OpenID provider 63 AuthRequest authReq = manager.authenticate(discovered, returnUrl); 64 65 // attribute Exchange 66 FetchRequest fetch = FetchRequest.createFetchRequest(); 67 fetch.addAttribute("email", "http://axschema.org/contact/email", true); 68 fetch.addAttribute("firstName", "http://axschema.org/namePerson/first", true); 69 fetch.addAttribute("lastName", "http://axschema.org/namePerson/last", true); 70 71 // attach the extension to the authentication request 72 authReq.addExtension(fetch); 73 74 if (!discovered.isVersion2()) { 75 // Option 1: GET HTTP-redirect to the OpenID Provider endpoint 76 // The only method supported in OpenID 1.x 77 // redirect-URL usually limited ~2048 bytes 78 response.sendRedirect(authReq.getDestinationUrl(true)); 79 } else { 80 // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) 81 response.sendRedirect(authReq.getDestinationUrl(true)); 82 } 83 } 84 85 @RequestMapping("/return") 86 public void verifyResponse(HttpServletRequest request) { 87 String email = null; 88 String lastName = null; 89 String firstName = null; 90 91 try { 92 // extract the parameters from the authentication response 93 // (which comes in as a HTTP request from the OpenID provider) 94 ParameterList response = new ParameterList(request.getParameterMap()); 95 96 // retrieve the previously stored discovery information 97 DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute("openid-disc"); 98 99 // extract the receiving URL from the HTTP request100 StringBuffer receivingURL = request.getRequestURL();101 String queryString = request.getQueryString();102 if (queryString != null && queryString.length() > 0) {103 receivingURL.append("?").append(request.getQueryString());104 }105 106 // verify the response; ConsumerManager needs to be the same107 // (static) instance used to place the authentication request108 VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);109 110 // examine the verification result and extract the verified111 // identifier112 Identifier verified = verification.getVerifiedId();113 if (verified != null) {114 AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();115 116 if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {117 FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);118 119 List emails = fetchResp.getAttributeValues("email");120 email = (String) emails.get(0);121 122 List lastNames = fetchResp.getAttributeValues("lastName");123 lastName = (String) lastNames.get(0);124 125 List firstNames = fetchResp.getAttributeValues("firstName");126 firstName = (String) firstNames.get(0);127 128 LOGGER.debug("email: {}", email);129 LOGGER.debug("lastName: {}", lastName);130 LOGGER.debug("firstName: {}", firstName);131 }132 // success133 134 // 在这里与安全框架集成 apache-shiro/spring-security135 // 这里要根据相关的信息自己定义Principal136 }137 } catch (OpenIDException e) {138 LOGGER.error(e.getMessage(), e);139 Throwables.propagate(e);140 }141 }142 }