liferay openid配置与代码详解

Tyler_Zhou

浏览: 216997 次
性别:
来自: 湖北->上海

最近访客更多访客>>

sargeguo

chbzheng

武林第一帅哥

zcwd1217

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

liferay

EXT .net Google Yahoo

1.liferay的openid的配置很简单的，先去 openid提供商注册一个自已的openid如果已经有就不用了,现在yahoo,google都提供openid,你也可以在www.myopenid.com上面去注册一个。

2. portal.properties文件open.id.auth.enabled=true，liferay5.0默认就是true,然后用你的openid登陆lliferay。

3.liferay在发送验证之前，以你的openid为ScreenName去查找用户，如果没有这个用户，会向提供商请求first name,last name,mail三个参数。

4.接收验证成功，如果三个参数都能获取，liferay会自动为你注册一个帐户，如果有一个参数为空就跳往新增用户页面。

下面是相关代码的解释：

	public static void sendOpenIdRequest(
			ThemeDisplay themeDisplay, HttpServletRequest req,
			HttpServletResponse res, String openId)
		throws Exception {

		if (!OpenIdUtil.isEnabled(themeDisplay.getCompanyId())) {
			return;
		}

		HttpSession ses = req.getSession();

		String returnURL =
			PortalUtil.getPortalURL(req) + themeDisplay.getPathMain() +
				"/portal/open_id_response";
		//创建消费者对象，它将向认证服务器发出认证请求
		ConsumerManager manager = OpenIdUtil.getConsumerManager();
		//下载OpenID提供者列表,返回结果将按照用户指定的优选顺序排列
		List<DiscoveryInformation> discoveries = manager.discover(openId);
		//通过关联获取和OpenID提供者之间的共享密钥
		DiscoveryInformation discovered = manager.associate(discoveries);
		//密钥放入用户session以方便后面使用
		ses.setAttribute(WebKeys.OPEN_ID_DISCO, discovered);
		//将用户重定向到他们的OpenID提供者页面，并告诉OpenID提供者外部站点的地址
		AuthRequest authReq = manager.authenticate(discovered, returnURL);
		
		String screenName = OpenIdUtil.getScreenName(openId);

		try {
			//通过openid取用户
			UserLocalServiceUtil.getUserByScreenName(
				themeDisplay.getCompanyId(), screenName);
		}
		//没有screenName为openid的用户
		catch (NoSuchUserException nsue) {
			//构建一个空的请求参数列表
			FetchRequest fetch = FetchRequest.createFetchRequest();
			//写上请求的参数（姓名和邮箱，以方便注册用）
			fetch.addAttribute(
				"email", "http://schema.openid.net/contact/email", true);
			fetch.addAttribute(
				"firstName", "http://schema.openid.net/namePerson/first", true);
			fetch.addAttribute(
				"lastName", "http://schema.openid.net/namePerson/last", true);

			authReq.addExtension(fetch);
			//构建一个空的请求参数列表（与FetchRequest什么区别暂时还不清楚）
			SRegRequest sregReq = SRegRequest.createFetchRequest();

			sregReq.addAttribute("fullname", true);
			sregReq.addAttribute("email", true);

			authReq.addExtension(sregReq);
		}
		//发往OpenID提供者页面
		res.sendRedirect(authReq.getDestinationUrl(true));
	}

	protected User readResponse(
			ThemeDisplay themeDisplay, HttpServletRequest req)
		throws Exception {

		HttpSession ses = req.getSession();

		ConsumerManager manager = OpenIdUtil.getConsumerManager();

		ParameterList params = new ParameterList(req.getParameterMap());
		//取得session中的密钥
		DiscoveryInformation discovered =
			(DiscoveryInformation)ses.getAttribute(WebKeys.OPEN_ID_DISCO);
		
		if (discovered == null) {
			return null;
		}

		StringBuffer receivingURL = req.getRequestURL();
		String queryString = req.getQueryString();

		if ((queryString != null) && (queryString.length() > 0)) {
			receivingURL.append(StringPool.QUESTION);
			receivingURL.append(req.getQueryString());
		}
		//校验
		VerificationResult verification = manager.verify(
			receivingURL.toString(), params, discovered);

		Identifier verified = verification.getVerifiedId();

		if (verified == null) {
			return null;
		}

		AuthSuccess authSuccess = (AuthSuccess)verification.getAuthResponse();

		String firstName = null;
		String lastName = null;
		String emailAddress = null;
		//获取信息
		if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) {
			MessageExtension ext = authSuccess.getExtension(
				SRegMessage.OPENID_NS_SREG);

			if (ext instanceof SRegResponse) {
				SRegResponse sregResp = (SRegResponse)ext;

				String fullName = GetterUtil.getString(
					sregResp.getAttributeValue("fullname"));

				int pos = fullName.indexOf(StringPool.SPACE);

				if ((pos != -1) && ((pos + 1) < fullName.length())) {
					firstName = fullName.substring(0, pos);
					lastName = fullName.substring(pos + 1);
				}

				emailAddress = sregResp.getAttributeValue("email");
			}
		}

		if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
			MessageExtension ext = authSuccess.getExtension(
				AxMessage.OPENID_NS_AX);

			if (ext instanceof FetchResponse) {
				FetchResponse fetchResp = (FetchResponse)ext;

				if (Validator.isNull(firstName)) {
					firstName = getFirstValue(
						fetchResp.getAttributeValues("firstName"));
				}

				if (Validator.isNull(lastName)) {
					lastName = getFirstValue(
						fetchResp.getAttributeValues("lastName"));
				}

				if (Validator.isNull(emailAddress)) {
					emailAddress = getFirstValue(
						fetchResp.getAttributeValues("email"));
				}
			}
		}

		String screenName = OpenIdUtil.getScreenName(authSuccess.getIdentity());

		User user = null;

		try {
			//通过openid做为ScreenName试着能否查找出这个用户
			user = UserLocalServiceUtil.getUserByScreenName(
				themeDisplay.getCompanyId(), screenName);
		}
		catch (NoSuchUserException nsue) {
			//如果openid提供没有firstName之类的用户信息，报错
			if (Validator.isNull(firstName) || Validator.isNull(lastName) ||
				Validator.isNull(emailAddress)) {

				SessionErrors.add(req, "missingOpenIdUserInformation");

				_log.error(
					"The OpenID provider did not send the required " +
						"attributes to create an account");

				return null;
			}
			//能取到信息就生成一个用户
			user = addUser(
				themeDisplay.getCompanyId(), firstName, lastName, emailAddress,
				screenName, themeDisplay.getLocale());
		}

		ses.setAttribute(WebKeys.OPEN_ID_LOGIN, new Long(user.getUserId()));

		return user;
	}

在网上很难找到操作openid的相关api中文帮助文档，下面是我在网上找的一段希望能对大家有所帮助

依赖方发送 SRegRequest
SRegRequest sregReq = SRegRequest.createFetchRequest();

sregReq.addAttribute("fullname", true);
sregReq.addAttribute("nickname", true);
sregReq.addAttribute("email", true);

AuthRequest req = _consumerManager.authenticate(discovered, return_to);
req.addExtension(sregReq);OpenID 提供方接受 SRegRequest
if (authReq.hasExtension(SRegMessage.OPENID_NS_SREG))
{
    MessageExtension ext = authReq.getExtension(SRegMessage.OPENID_NS_SREG)

    if (ext instanceof SRegRequest)
    {
        SRegRequest sregReq = (SRegRequest) ext;
        List required = sregReq.getAttributes(true);
        List optional = sregReq.getAttributes(false);
        // prompt the user
    }
}OpenID 提供方发送 SRegResponse
    // data released by the user
    Map userData = new HashMap();
    //userData.put("email", "user@example.com");

    SRegResponse sregResp = SRegResponse.createSRegResponse(sregReq, userData);

    // (alternatively) manually add attribute values
    sregResp.addAttribute("email", "user@example.com");

    authSuccess.addExtension(sregResp);依赖方接受 SRegResponse
if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG))
{
    MessageExtension ext = authSuccess.getExtension(SRegMessage.OPENID_NS_SREG);

    if (ext instanceof SRegResponse)
    {
        SRegResponse sregResp = (SRegResponse) ext;
        
        String fullName = sregResp.getAttributeValue("fullname");
        String nickName = sregResp.getAttributeValue("nickname");
        String email = sregResp.getAttributeValues("email");
    }
}

分享到：

liferay 的加密技术(CRYPT,SHA,SSHA,MD2,MD ... | 重新定位自已，解开心结

2008-11-21 21:14
浏览 2824
评论(2)
查看更多

2 楼 Tyler_Zhou 2008-11-24

lishaoyun 写道

补一下第四讲的视频教程嘛.我一直在等着了..

第四讲丢掉的都是一些具体的portlet的操作，其实大家摸索一下，就能知道是怎么操作的了，很简单的。

1 楼 lishaoyun 2008-11-24

补一下第四讲的视频教程嘛.我一直在等着了..

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论