1、专 业 外 文 翻 译题 目 小型企业网站的制作系 (院)计算机科学技术系专 业 计算机网络技术班 级学生姓名学 号指导教师职 称二一年五月二日*专科毕业设计(专业外文翻译)1OpenID for Java Web applicationsSummary: OpenID is a decentralized authentication protocol that makes it easier for users to access resources in your Java Web applications. In this first half of a two-part articl
2、e, youll learn about the OpenID Authentication Specification and walk through the steps of incorporating it into a sample Java application. Rather than implement the OpenID Authentication specification by hand, author J. Steven Perry uses the openid4java library and a popular OpenID provider, myOpen
3、ID, to create a safe and reliable registration process for a Java application written in Wicket.Tags for this article: authentication, java, openid, openid4java, sign-on, single, steve_perry, websOpenID is a decentralized authentication mechanism. Using OpenID, I can prove I own a URI such as http:/
4、 and I can use that identity to authenticate myself with any site that supports OpenID such as Google, Slashdot, or Wordpress. Clearly, Open ID is great for end users. But using it got me to thinking: “What about using OpenID to create a standard, reliable authentication system for the Java-based We
5、b applications I write for my customers?“In this two-part article I will show you how to use the openid4java library and a well-known OpenID provider, myOpenID, to create an authentication system for a Java-based Web application. Ill also show you how to receive user information with an OpenID Simpl
6、e Registration Extension (SReg).Ill start by explaining what OpenID is and showing you how to get an OpenID of your own. Next, I will present a brief overview of how OpenID authentication works. Finally, I will walk through the steps involved in performing OpenID authentication using openid4java. In
7、 the second half of this article, youll learn how to create your own OpenID provider. Throughout the discussion Ill be working with a Wicket-based Java Web application that I wrote specifically for this article. You can download the source code for the application any time. You also might want to ta
8、ke a look at the openid4java library (see *专科毕业设计(专业外文翻译)2Resources).Note: This article focuses on using OpenID for Java Web applications, but OpenID works in any software architectural scenario.Introduction to OpenIDOpenID is a specification for proving a user owns an identifier. For now, just thin
9、k of an identifier as a String that uniquely identifies a user. If youre like me, you own many identifiers or userids. I have a userid at Facebook, another at Twitter, and others at dozens of sites that I use around the Internet. I always try to use the same userid but its not available on every new
10、 site I sign up for. So, I have a mental map of all of my userids and the Web sites theyre associated with. What a pain; I use the “Forget your password?“ feature a lot! It would be great if there were a way to claim a single identifier and use it everywhere.OpenID solves exactly this problem. Using
11、 OpenID, I claim an identifier and use it on any site or Web resource that has adopted the protocol. The latest figures (from the OpenID Web site) say that more than 50,000 Websites support OpenID, including Facebook, Yahoo!, Google, and Twitter.OpenID authenticationOpenID authentication is at the h
12、eart of OpenID, and consists of three main concepts:The OpenID Identifier: A String of text that uniquely identifies the user.The OpenID Relying Party (RP): An online resource (probably a Web site, but it could be a file, an image, or pretty much anything you want to control access to) that uses Ope
13、nID to identify who can access it.The OpenID Provider (OP): A site where users can claim an OpenID and subsequently sign-in and authenticate their identity for the benefit of any RP. The OpenID Foundation is a consortium whose members are interested in promoting open source identity management throu
14、gh the OpenID specification.How does OpenID work?Suppose a user is attempting to access a resource that is part of an RPs Web site, and the RP uses OpenID. To access the resource, the user must present his OpenID in a form *专科毕业设计(专业外文翻译)3that can be recognized (normalized) as an OpenID. The OpenID
15、is encoded with the OPs location. The RP then takes the users identifier and redirects the user to the OP, where he will be required to prove his claim to that ID.Lets briefly consider each component of the OpenID specification and its role in this process.OpenID IdentifiersAt the heart of OpenID is
16、, of course, the OpenID Identifier. An OpenID Identifier (or just “identifier“) is a human-readable String of characters that uniquely identifies someone. No two users have the same OpenID, and thats what makes OpenID work. By following stipulations in the OpenID Authentication Specification Version
17、 2.0, OpenID RPs are able to decode (or “normalize“) an identifier to figure out how to authenticate a user. In the operational world of OpenID, where we as developers write code, two identifiers are of interest:User-Supplied Identifier Claimed Identifier As the name suggests, a User-Supplied Identi
18、fier is the identifier supplied by the user to the RP. The User-Supplied Identifier must be normalized into a Claimed Identifier, which is just a fancy way to say that the identifier supplied by the user is transformed into a standard form. The Claimed Identifier can then be used to locate the OP th
19、rough a process called discovery, after which the OP will authenticate the user.OpenID Relying PartyIt is normally the RP that is presented with a User-Supplied Identifier, which is normalized to a Claimed Identifier. The users browser (the “User Agent“) will be redirected to the OP so that the user
20、 can provide his or her password and be authenticated.The RP neither knows nor cares about the specifics of how a Claimed Identifier is authenticated; it only wants to know whether the OP has successfully authenticated the user. If so, the User Agent (again, probably the users browser) is forwarded
21、to the secure resource that the user was attempting to access. If the user cannot be authenticated, then the RP denies access.*专科毕业设计(专业外文翻译)4Open ID Provider (OP)The OP, or OpenID Provider, is responsible for issuing Identifiers and performing user authentication. OPs also provide Web-based managem
22、ent of OpenIDs. OPs collect and hold the following basic information about each user:E-mail address Full name Date of birth Postal code Country Primary language When an OP is asked to authenticate a Claimed Identifier, the users browser is directed to a sign-in page where the user is challenged to e
23、nter his password. At that point, control is with the OP. If the user is successfully authenticated, then the OP directs the browser to a location specified by the RP (in a special “return-to“ URL). If the user cannot authenticate, he will probably receive a message from the OP that his authenticati
24、on attempt failed (at least thats the case with ClaimID and myOpenID, two popular OpenID Providers).Becoming an OpenID Relying PartySo now you know about the major components of OpenID and how they fit together. For the remainder of the article, well focus on writing an OpenID Relying Party (RP) usi
25、ng the open source openid4java library.The first step in using OpenID is to get an identifier. Its easy to do: just go to myOpenID and click the SIGN UP FOR AN OPENID button. Pick an OpenID like redneckyogi or jstevenperry (both of which are mine, by the way). The sign up form will tell you whether
26、the userid youve chosen is already taken. If not, youll be instructed to enter a password, an e-mail address, some text in a JCaptcha-style text box (youre not a bot, are you?), and thats it! Some minutes later youll get an e-mail at the address provided containing a link in it. Click the link to co
27、nfirm your e-mail address and congratulations! you now have an *专科毕业设计(专业外文翻译)5OpenID!Of course, as with any awesome technology there are numerous OpenID providers to choose from (see Resources for a complete list).To illustrate how quick and easy it is to get an OpenID, I signed up with accounts at
28、 myOpenID, Verisign, and ClaimID in the space of about 30 minutes. And that includes time spent entering detailed information and uploading a picture!You may already have an OpenIDAccording to OpenI, Google, Wordpress, and other popular sites support OpenID. If youve signed up for any of these sites
29、 you may already have an OpenID.For instance, if you have a Yahoo! Account, you probably also have an OpenID (I did, and didnt even know it). You just use your Yahoo! ID when you sign in, and Yahoo is your OpenID Provider. You provide your Yahoo-based OpenID as and the RP will ask Yahoo to authenti
30、cate you (you can actually see this in action if you run the sample application that accompanies this article).About the sample applicationAs I said at the beginning of this article, Ive written a Java Web application that uses openid4java to create a simple OpenID Relying Party (RP). It is a simple
31、 application that you can build (as a WAR), drop into Tomcat, and run from your local machine. The sample application has a very tight focus: The user enters her OpenID on a registration page.The application verifies the Identifier (by directing the user to her OP to sign in).Upon successful authent
32、ication, the application retrieves the users profile information from the OP, and directs the user to a Save page where she can review and save her profile information.The information displayed on the Save page is pulled from the information available from the OP. I wrote the application with Wicket
33、 because, well, I really like Wicket. But Ive tried to minimize Wickets “footprint“ so that it doesnt distract you from learning how to write an OpenID Relying Party.*专科毕业设计(专业外文翻译)6The architecture of the sample application is divided into two areas of responsibility:User interface written in Wicke
34、t OpenID authentication using the openid4java library Of course the two areas intersect, but again, I have tried to keep overlap to a minimum to make it easier to follow the OpenID instructions, rather than getting distracted by the details of Wicket.About openid4java and the sample application code
35、The OpenID Authentication spec is complicated. If you implement specifications all the time, youll probably be very comfortable writing your own implementation. As for me, Im lazy. I dont want to do any more work than I have to in order to solve the problem at hand, which is where the openid4java li
36、brary comes into play. openid4java is an implementation of the OpenID Authentication specification that makes it much easier to use OpenID programmatically.The code listings that follow show the openid4java API calls an RP makes to use OpenID. One thing you may notice is how little code the sample a
37、pplication actually needs to make this happen. openid4java really does make your life easier.To reduce the Wicket footprint in the sample application, Ive isolated the code that calls openid4java into its own Java class called RegistrationService (located in com.makotogroup.sample.model). This class
38、 contains five methods that correspond to the usage of the openid4java API:getReturnToUrl() returns the URL that the browser will be directed to once successful authentication has taken place.getConsumerManager() is used to obtain an instance of the main openid4java API class. This class handles all
39、 of the code the sample RP application needs to perform authentication.performDiscoveryOnUserSuppliedIdentifier() does what its name implies: it handles any potential problems that arise during the discovery process.createOpenIdAuthRequest() creates the AuthRequest construct that is required to do t
40、he authentication.*专科毕业设计(专业外文翻译)7processReturn() handles processing the authentication requests results. Writing the RPThe whole point of authentication is for the user to prove his or her identity. Doing this protects a Web resource from access by unwanted or malicious visitors. Once the user has
41、proved his identity, you decide whether or not to grant him access to the resource (though authorization is beyond the scope of this article). The sample application for this article performs a function common to many Web sites: user registration. It assumes that if the user can prove his identity t
42、hen he is allowed to register. Its a simple premise, but it will demonstrate how a typical “conversation“ with the OP goes and how to use openid4java to do it. Here are the basic steps:Obtain the User-Supplied Identifier: The RP gets the users OpenID.Discovery: The RP normalizes the User-Supplied Id
43、entifier to determine which OP to contact for authentication and how to contact it.Association: An optional step, but one I highly recommend, wherein the RP and OP establish a secure communication channel.Authentication request: The RP asks the OP to authenticate the user.Verification: The RP reques
44、ts userid verification from the OP and ensures the communication has not been tampered with.Proceed to application: Following authentication, the RP directs the user to the resource he or she initially requested. Next, well look at each of these steps in detail, including code examples. As we progre
45、ss through the sections below, I will use a single example to illustrate the OpenID authentication process from start to finish.Obtain the User-Supplied IdentifierThis is the job of your RP application. In the working example, the userid is obtained on the applications OpenIdRegistrationPage. I ente
46、r my OpenID and click the Confirm OpenID button. The sample application (which acts as the RP) now has my User-Supplied Identifier. Figure 1 shows a screen shot of the sample application in action.In this case, the User-Supplied Identifier is .*专科毕业设计(专业外文翻译)8The UI code is responsible for two thing
47、s: making sure the user has entered text into the Your OpenID text box and submitting the form when the user clicks the Confirm OpenID button. Following confirmation, the application begins the call sequence. Listing 1 shows the code for the OpenIdRegistrationPage that submits the form and makes thi
48、s call sequence.Listing 1. Wicket UI code to make the OpenID authentication call sequence using RegistrationService.javaButton confirmOpenIdButton = new Button(“confirmOpenIdButton“) public void onSubmit() String userSuppliedIdentifier = formModel.getOpenId();DiscoveryInformation discoveryInformatio
49、n =RegistrationService.performDiscoveryOnUserSuppliedIdentifier(userSuppliedIdentifier);MakotoOpenIdAwareSession session =(MakotoOpenIdAwareSession)owningPage.getSession();session.setDiscoveryInformation(discoveryInformation, true);AuthRequest authRequest =RegistrationService.createOpenIdAuthRequest(discoveryInformation, returnToUrl);getRequestCycle().setRedirect(false);getResponse().redirect(authRequest.getDestinationUrl(true);Try
