Quick StartOnce you have installed the library and have obtained the user's OpenID identifier, you have to put in the following code to have your webapp perform authentication using OpenID: Instantiate a ConsumerManager Object public ConsumerManager manager;
public SampleConsumer() throws ConsumerException
{
_manager = new ConsumerManager();
}The ConsumerManager will do all the OpenID hard work for you. Define a ReturnURLThis is the endpoint where your webapp will receive and process the authentication responses from the OpenID Provider. String _returnURL = "http://example.com/openid"; Create an Authentication Request // perform discovery on the user-supplied identifier
List discoveries = manager.discover(userSuppliedString);
// attempt to associate with the OpenID provider
// and retrieve one service endpoint for authentication
DiscoveryInformation discovered = manager.associate(discoveries);
// store the discovery information in the user's session for later use
// leave out for stateless operation / if there is no session
session.setAttribute("discovered", discovered);
// obtain a AuthRequest message to be sent to the OpenID provider
AuthRequest authReq = manager.authenticate(discovered, _returnURL);Redirect the User to Their OpenID ProviderhttpResp.sendRedirect(authReq.getDestinationUrl(true)); Verify the OpenID Provider's Authentication ResponseReceive the response at your webapp's ReturnURL and process it like this: // extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList openidResp = new ParameterList(request.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation) session.getAttribute("discovered");
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = request.getRequestURL();
String queryString = request.getQueryString();
if (queryString != null && queryString.length() > 0)
receivingURL.append("?").append(request.getQueryString());
// verify the response
VerificationResult verification = _consumerManager.verify(receivingURL.toString(), openidResp, discovered);
// examine the verification result and extract the verified identifier
Identifier verified = verification.getVerifiedId();
if (verified != null)
// success, use the verified identifier to identify the user
else
// OpenID authentication failedWhere to go next?You can see all the above put together in the SampleConsumer class. |
► Sign in to add a comment
Note that the same instance of ConsumerManager? is used for association/authentication and verification. Otherwise, verification fails (or at least it did for me). It looks like ConsumerManager? is thread-safe, but it'd be really nice to get some confirmation that it is safe to share a single instance between all requests.
"it'd be really nice to get some confirmation that it is safe to share a single instance between all requests."
I agree. I have created a filter in my webapp that handles all the loginprocess at i hat only a single instance of ConsumerManager?. Should I create one for each loginprocess?
I need some help in working gmail credentials. I used my gmail username as useridentifier(id@gmail.com).But my code which is similar to sampleconsumer.java is not able to discover the google endpoint.
same code is working fine for yahoo as i am able to authenticate user and get user information.
any help will be appreciated. thanks in advance
@ravi did you discover how to do this? I'm looking at creating an app and using either OpenAuth? and have my own authentication server or, preferably, using OpenID and the users Google or other OpenID account.
Now, correct me if I'm wrong but the server to authenticate against is contained within the users ID URI, so discovering the authenticaton servers shouldn't be a problem?
Hi When I run ant file given in samples (demorp project).. I get the errors saying that cannot use javahl nor command line svn client. I included required jar files in my ant build still I am getting this error: svnant-1.0.0.jar svnClientAdapter-1.0.0.jar svnjavahl-1.0.0.jar svnkit.jar
Kindly help.
@Michael: For correctness, each user login MUST use its own SampleConsumer. It's just like concurrent bank account updates. In this case, state is in ConsumerManager?, and if a one login overwrites an earlier login's ConsumerManager? before the earlier login has finished using the ConsumerManager?, then the earlier login will fail.
Since the entire protocol takes little time (typically less than a second) unless a site has hundreds of logins per hour, the chance of logins conflicting is quite low. But shared code is still wrong.
I don't understand the session.setAttribute() calls in SampleConsumer.verifyResponse(). They write to the HttpServletRequest? that contains the authentication response. However, this request isn't accessible to any other code.
It seems to me that for SampleConsumer to be useful the session.setAttribute() calls must be replaced by writing to a data structure available to all SampleConsumer references. For example, I'm saving them to a HashMap?.
Arthur
Question - if there's an identity provider that does not support "discovery endpoint" (ie. can't do discovery), would openid4java work for this kind of scenario?
Instantiation of a ConsumerManager? (see line 70 of class SampleConsumer) fails with java.lang.ClassNotFoundException?: javax.inject.Provider
$20 to anyone who solves this within an hour!
Arthur
How do I find out the user's OpenID identifier?
Hi evrybdy...
i'm trying to use OpenId4Java? for myservlet in which i'm facing error "0x100: Required parameter missing: openid.mode" in the following line of code:
returnDiscoveyInfo);im using only one servlet for getting email id and loggin method i have created for this purpose, so i guess i dont have to use response.sendredirect or any request dispatcher method...
if u find any suggestion plz.... share with me
public String loggin(String OpenId?, HttpServletRequest? request) {
if u find any suggestion plz.... share with me
Regards, Mateen