当前位置: 首页 > 工具软件 > OpenID4Java > 使用案例 >

spring-mvc 与 openid4java

党源
2023-12-01

以GoogleOpenID 为例,试验了OAuth单点登录的用法:

1 <dependency>
2     <groupId>org.openid4java</groupId>
3     <artifactId>openid4java</artifactId>
4     <version>0.9.8</version>
5 </dependency>

 

  1 import java.util.List;
  2 
  3 import javax.servlet.http.HttpServletRequest;
  4 import javax.servlet.http.HttpServletResponse;
  5 
  6 import org.openid4java.OpenIDException;
  7 import org.openid4java.consumer.ConsumerManager;
  8 import org.openid4java.consumer.VerificationResult;
  9 import org.openid4java.discovery.DiscoveryInformation;
 10 import org.openid4java.discovery.Identifier;
 11 import org.openid4java.message.AuthRequest;
 12 import org.openid4java.message.AuthSuccess;
 13 import org.openid4java.message.ParameterList;
 14 import org.openid4java.message.ax.AxMessage;
 15 import org.openid4java.message.ax.FetchRequest;
 16 import org.openid4java.message.ax.FetchResponse;
 17 import org.slf4j.Logger;
 18 import org.slf4j.LoggerFactory;
 19 import org.springframework.stereotype.Controller;
 20 import org.springframework.web.bind.annotation.RequestMapping;
 21 import org.springframework.web.util.UriComponentsBuilder;
 22 
 23 import com.google.common.base.Throwables;
 24 
 25 @Controller
 26 @RequestMapping("/openid")
 27 @SuppressWarnings("rawtypes")
 28 public class SecurityOpenIDController {
 29 
 30     public static final String GOOGLE_ENDPOINT = "https://www.google.com/accounts/o8/id";
 31     private static final Logger LOGGER = LoggerFactory.getLogger(SecurityOpenIDController.class);
 32 
 33     public final ConsumerManager manager = new ConsumerManager();
 34 
 35     @RequestMapping("/login")
 36     public void login(
 37             UriComponentsBuilder builder,
 38             HttpServletRequest request,
 39             HttpServletResponse response
 40         ) throws Exception
 41     {
 42         // configure the return_to URL where your application will receive
 43         // the authentication responses from the OpenID provider
 44         String returnUrl = builder.path("/openid/return").build().toUriString();
 45         
 46         // --- Forward proxy setup (only if needed) ---
 47         // ProxyProperties proxyProps = new ProxyProperties();
 48         // proxyProps.setProxyName("proxy.example.com");
 49         // proxyProps.setProxyPort(8080);
 50         // HttpClientFactory.setProxyProperties(proxyProps);
 51 
 52         // perform discovery on the user-supplied identifier
 53         List discoveries = manager.discover(GOOGLE_ENDPOINT);
 54 
 55         // attempt to associate with the OpenID provider
 56         // and retrieve one service endpoint for authentication
 57         DiscoveryInformation discovered = manager.associate(discoveries);
 58         
 59         // store the discovery information in the user's session
 60         request.getSession().setAttribute("openid-disc", discovered);
 61 
 62         // obtain a AuthRequest message to be sent to the OpenID provider
 63         AuthRequest authReq = manager.authenticate(discovered, returnUrl);
 64 
 65         // attribute Exchange
 66         FetchRequest fetch = FetchRequest.createFetchRequest();
 67         fetch.addAttribute("email", "http://axschema.org/contact/email", true);
 68         fetch.addAttribute("firstName", "http://axschema.org/namePerson/first", true);
 69         fetch.addAttribute("lastName", "http://axschema.org/namePerson/last", true);
 70         
 71         // attach the extension to the authentication request
 72         authReq.addExtension(fetch);
 73 
 74         if (!discovered.isVersion2()) {
 75             // Option 1: GET HTTP-redirect to the OpenID Provider endpoint
 76             // The only method supported in OpenID 1.x
 77             // redirect-URL usually limited ~2048 bytes
 78             response.sendRedirect(authReq.getDestinationUrl(true));
 79         } else {
 80             // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)
 81             response.sendRedirect(authReq.getDestinationUrl(true));
 82         }
 83     }
 84 
 85     @RequestMapping("/return")
 86     public void verifyResponse(HttpServletRequest request) {
 87         String email = null;
 88         String lastName = null;
 89         String firstName = null;
 90         
 91         try {
 92             // extract the parameters from the authentication response
 93             // (which comes in as a HTTP request from the OpenID provider)
 94             ParameterList response = new ParameterList(request.getParameterMap());
 95 
 96             // retrieve the previously stored discovery information
 97             DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute("openid-disc");
 98 
 99             // extract the receiving URL from the HTTP request
100             StringBuffer receivingURL = request.getRequestURL();
101             String queryString = request.getQueryString();
102             if (queryString != null && queryString.length() > 0) {
103                 receivingURL.append("?").append(request.getQueryString());
104             }
105 
106             // verify the response; ConsumerManager needs to be the same
107             // (static) instance used to place the authentication request
108             VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);
109 
110             // examine the verification result and extract the verified
111             // identifier
112             Identifier verified = verification.getVerifiedId();
113             if (verified != null) {
114                 AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
115 
116                 if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
117                     FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
118 
119                     List emails = fetchResp.getAttributeValues("email");
120                     email = (String) emails.get(0);
121                     
122                     List lastNames = fetchResp.getAttributeValues("lastName");
123                     lastName = (String) lastNames.get(0);
124                     
125                     List firstNames = fetchResp.getAttributeValues("firstName");
126                     firstName = (String) firstNames.get(0);
127                     
128                     LOGGER.debug("email: {}", email);
129                     LOGGER.debug("lastName: {}", lastName);
130                     LOGGER.debug("firstName: {}", firstName);
131                 }
132                 // success
133                 
134                 // 在这里与安全框架集成 apache-shiro/spring-security
135                 // 这里要根据相关的信息自己定义Principal
136             }
137         } catch (OpenIDException e) {
138             LOGGER.error(e.getMessage(), e);
139             Throwables.propagate(e);
140         }
141     }
142 }

 

 类似资料: