以GoogleOpenID 为例,试验了OAuth单点登录的用法:
1 <dependency> 2 <groupId>org.openid4java</groupId> 3 <artifactId>openid4java</artifactId> 4 <version>0.9.8</version> 5 </dependency>
1 import java.util.List; 2 3 import javax.servlet.http.HttpServletRequest; 4 import javax.servlet.http.HttpServletResponse; 5 6 import org.openid4java.OpenIDException; 7 import org.openid4java.consumer.ConsumerManager; 8 import org.openid4java.consumer.VerificationResult; 9 import org.openid4java.discovery.DiscoveryInformation; 10 import org.openid4java.discovery.Identifier; 11 import org.openid4java.message.AuthRequest; 12 import org.openid4java.message.AuthSuccess; 13 import org.openid4java.message.ParameterList; 14 import org.openid4java.message.ax.AxMessage; 15 import org.openid4java.message.ax.FetchRequest; 16 import org.openid4java.message.ax.FetchResponse; 17 import org.slf4j.Logger; 18 import org.slf4j.LoggerFactory; 19 import org.springframework.stereotype.Controller; 20 import org.springframework.web.bind.annotation.RequestMapping; 21 import org.springframework.web.util.UriComponentsBuilder; 22 23 import com.google.common.base.Throwables; 24 25 @Controller 26 @RequestMapping("/openid") 27 @SuppressWarnings("rawtypes") 28 public class SecurityOpenIDController { 29 30 public static final String GOOGLE_ENDPOINT = "https://www.google.com/accounts/o8/id"; 31 private static final Logger LOGGER = LoggerFactory.getLogger(SecurityOpenIDController.class); 32 33 public final ConsumerManager manager = new ConsumerManager(); 34 35 @RequestMapping("/login") 36 public void login( 37 UriComponentsBuilder builder, 38 HttpServletRequest request, 39 HttpServletResponse response 40 ) throws Exception 41 { 42 // configure the return_to URL where your application will receive 43 // the authentication responses from the OpenID provider 44 String returnUrl = builder.path("/openid/return").build().toUriString(); 45 46 // --- Forward proxy setup (only if needed) --- 47 // ProxyProperties proxyProps = new ProxyProperties(); 48 // proxyProps.setProxyName("proxy.example.com"); 49 // proxyProps.setProxyPort(8080); 50 // HttpClientFactory.setProxyProperties(proxyProps); 51 52 // perform discovery on the user-supplied identifier 53 List discoveries = manager.discover(GOOGLE_ENDPOINT); 54 55 // attempt to associate with the OpenID provider 56 // and retrieve one service endpoint for authentication 57 DiscoveryInformation discovered = manager.associate(discoveries); 58 59 // store the discovery information in the user's session 60 request.getSession().setAttribute("openid-disc", discovered); 61 62 // obtain a AuthRequest message to be sent to the OpenID provider 63 AuthRequest authReq = manager.authenticate(discovered, returnUrl); 64 65 // attribute Exchange 66 FetchRequest fetch = FetchRequest.createFetchRequest(); 67 fetch.addAttribute("email", "http://axschema.org/contact/email", true); 68 fetch.addAttribute("firstName", "http://axschema.org/namePerson/first", true); 69 fetch.addAttribute("lastName", "http://axschema.org/namePerson/last", true); 70 71 // attach the extension to the authentication request 72 authReq.addExtension(fetch); 73 74 if (!discovered.isVersion2()) { 75 // Option 1: GET HTTP-redirect to the OpenID Provider endpoint 76 // The only method supported in OpenID 1.x 77 // redirect-URL usually limited ~2048 bytes 78 response.sendRedirect(authReq.getDestinationUrl(true)); 79 } else { 80 // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) 81 response.sendRedirect(authReq.getDestinationUrl(true)); 82 } 83 } 84 85 @RequestMapping("/return") 86 public void verifyResponse(HttpServletRequest request) { 87 String email = null; 88 String lastName = null; 89 String firstName = null; 90 91 try { 92 // extract the parameters from the authentication response 93 // (which comes in as a HTTP request from the OpenID provider) 94 ParameterList response = new ParameterList(request.getParameterMap()); 95 96 // retrieve the previously stored discovery information 97 DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute("openid-disc"); 98 99 // extract the receiving URL from the HTTP request 100 StringBuffer receivingURL = request.getRequestURL(); 101 String queryString = request.getQueryString(); 102 if (queryString != null && queryString.length() > 0) { 103 receivingURL.append("?").append(request.getQueryString()); 104 } 105 106 // verify the response; ConsumerManager needs to be the same 107 // (static) instance used to place the authentication request 108 VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered); 109 110 // examine the verification result and extract the verified 111 // identifier 112 Identifier verified = verification.getVerifiedId(); 113 if (verified != null) { 114 AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); 115 116 if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { 117 FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); 118 119 List emails = fetchResp.getAttributeValues("email"); 120 email = (String) emails.get(0); 121 122 List lastNames = fetchResp.getAttributeValues("lastName"); 123 lastName = (String) lastNames.get(0); 124 125 List firstNames = fetchResp.getAttributeValues("firstName"); 126 firstName = (String) firstNames.get(0); 127 128 LOGGER.debug("email: {}", email); 129 LOGGER.debug("lastName: {}", lastName); 130 LOGGER.debug("firstName: {}", firstName); 131 } 132 // success 133 134 // 在这里与安全框架集成 apache-shiro/spring-security 135 // 这里要根据相关的信息自己定义Principal 136 } 137 } catch (OpenIDException e) { 138 LOGGER.error(e.getMessage(), e); 139 Throwables.propagate(e); 140 } 141 } 142 }