计算机毕业设计外文翻译--面向javaweb应用程序的openid(编辑修改稿)

计算机毕业设计外文翻译--面向javaweb应用程序的openid(编辑修改稿)内容摘要：

t its name implies: it handles any potential problems that arise during the discovery process. createOpenIdAuthRequest() creates the AuthRequest construct that is required to do the authentication. processReturn() handles processing the authentication request39。 s results. Writing the RP 外文翻译 7 The whole point of authentication is for the user to prove his or her identity. Doing this protects a Web resource from access by unwanted or malicious visitors. Once the user has proved his identity, you decide whether or not to grant him access to the resource (though authorization is beyond the scope of this article). The sample application for this article performs a function mon to many Web sites: user registration. It assumes that if the user can prove his identity then he is allowed to register. It39。 s a simple premise, but it will demonstrate how a typical conversation with the OP goes and how to use openid4java to do it. Here are the basic steps: Obtain the UserSupplied Identifier: The RP gets the user39。 s OpenID. Discovery: The RP normalizes the UserSupplied Identifier to determine which OP to contact for authentication and how to contact it. Association: An optional step, but one I highly remend, wherein the RP and OP establish a secure munication channel. Authentication request: The RP asks the OP to authenticate the user. Verification: The RP requests userid verification from the OP and ensures the munication has not been tampered with. Proceed to application: Following authentication, the RP directs the user to the resource he or she initially requested. Next, we39。 ll look at each of these steps in detail, including code examples. As we progress through the sections below, I will use a single example to illustrate the OpenID authentication process from start to finish. Obtain the UserSupplied Identifier This is the job of your RP application. In the working example, the userid is obtained on the application39。 s OpenIdRegistrationPage. I enter my OpenID and click the Confirm OpenID button. The sample application (which acts as the RP) now has my UserSupplied Identifier. Figure 1 shows a screen shot of the sample application in action. Figure 1. Obtaining the UserSupplied Identifier 外文翻译 8 In this case, the UserSupplied Identifier is . The UI code is responsible for two things: making sure the user has entered text into the Your OpenID text box and submitting the form when the user clicks the Confirm OpenID button. Following confirmation, the application begins the call sequence. Listing 1 shows the code for the OpenIdRegistrationPage that submits the form and makes this call sequence. Listing 1. Wicket UI code to make the OpenID authentication call sequence using Button confirmOpenIdButton = new Button(confirmOpenIdButton) { public void onSubmit() { String userSuppliedIdentifier = ()。 DiscoveryInformation discoveryInformation = 外文翻译 9 ( userSuppliedIdentifier)。 MakotoOpenIdAwareSession session = (MakotoOpenIdAwareSession)()。 (discoveryInformation, true)。 AuthRequest authRequest = ( discoveryInformation, returnToUrl)。 getRequestCycle().setRedirect(false)。 getResponse().redirect((true))。 } }。 Try not to get too distracted by the example and how it fits into the Wicket UI code (though if you39。 re curious, feel free to look at , from which Listing 1 was taken). The important point here is that when the user clicks the button, the UI code delegates to the various methods of RegistrationService to call openid4java39。 s API, doing three things (each of which is in bold in Listing 1): Perform discovery on the UserSupplied Identifier Create the openid4java AuthRequest object that will be used to make the authentication request Redirect the browser to the OpenID provider After redirecting the browser, the UI code is done and control is in the hands of the OP. Notice that is part of the identifier and the UserSupplied Identifier is not a wellformed URL. Still, enough information is encoded in this identifier to allow openid4java to normalize and perform discovery on it. We will see that next. Discovery The RP takes the UserSupplied Identifier and converts it to a form that can be used to determine two things: who the OpenID Provider (OP) is and how to contact the OP. The process of discovery is used by the RP to determine how to make requests of the OP, 外文翻译 10 and the key is the UserSupplied Identifier. But before the UserSupplied Identifier can be used for discovery, it must be normalized. The openid4java library actually does the heavy lifting to normalize the UserSupplied Identifier, so there39。 s no need to cover the details of it here. The two distinct forms are: XRI: Extensible Resource Identifier URL: Uniform Resource Locator In this article, we will look at URL examples. The UserSupplied Identifier from Figure 1 is a URI missing a scheme, so as part of normalization, openid4java attaches to it and arrives at the Claimed Identifier Encoded in the Claimed Identifier is the name of the OP, in this case, myOpenID. Because the Claimed Identifier is a URL, openid4java knows how to contact the OP — at — which it does. Listing 2 (from the sample application39。 s RegistrationService class) shows how the RP uses openid4java to perform discovery. Listing 2. Using openid4java to perform discovery public static DiscoveryInformation performDiscoveryOnUserSuppliedIdentifier( String userSuppliedIdentifier) { DiscoveryInformation ret = null。 ConsumerManager consumerManager = getConsumerManager()。 try { // Perform discover on the UserSupplied Identifier ListDiscoveryInformation discoveries = (userSuppliedIdentifier)。 // Pass the discoveries to th。