1、外文翻译 1 OpenID for Java Web applications, Part 1: Enable your Java Web applications to use OpenID authentication J Steven Perry, Principal Consultant, Makoto Consulting Group, Inc. Summary: OpenID is a decentralized authentication protocol that makes it easier for users to access resources in your Ja
2、va Web applications. In this first half of a two-part article, youll learn about the OpenID Authentication Specification and walk through the steps of incorporating it into a sample Java application. Rather than implement the OpenID Authentication specification by hand, author J. Steven Perry uses t
3、he openid4java library and a popular OpenID provider, myOpenID, to create a safe and reliable registration process for a Java application written in Wicket. Tags for this article: authentication, java, openid, openid4java, sign-on, single, steve_perry, webs OpenID is a decentralized authentication m
4、echanism. Using OpenID, I can prove I own a URI such as http:/ and I can use that identity to authenticate myself with any site that supports OpenID such as Google, Slashdot, or Wordpress. Clearly, Open ID is great for end users. But using it got me to thinking: What about using OpenID to create a s
5、tandard, reliable authentication system for the Java-based Web applications I write for my customers? In this two-part article I will show you how to use the openid4java library and a well-known OpenID provider, myOpenID, to create an authentication system for a Java-based Web application. Ill also
6、show you how to receive user information with an OpenID Simple Registration Extension (SReg). Ill start by explaining what OpenID is and showing you how to get an OpenID of your own. Next, I will present a brief overview of how OpenID authentication works. Finally, I will walk through the steps invo
7、lved in performing OpenID authentication using openid4java. In the second half of this article, youll learn how to create your own OpenID provider. Throughout the discussion Ill be working with a Wicket-based Java Web application that I 外文翻译 2 wrote specifically for this article. You can download th
8、e source code for the application any time. You also might want to take a look at the openid4java library (see Resources). Note: This article focuses on using OpenID for Java Web applications, but OpenID works in any software architectural scenario. Introduction to OpenID OpenID is a specification f
9、or proving a user owns an identifier. For now, just think of an identifier as a String that uniquely identifies a user. If youre like me, you own many identifiers or userids. I have a userid at Facebook, another at Twitter, and others at dozens of sites that I use around the Internet. I always try t
10、o use the same userid but its not available on every new site I sign up for. So, I have a mental map of all of my userids and the Web sites theyre associated with. What a pain; I use the Forget your password? feature a lot! It would be great if there were a way to claim a single identifier and use i
11、t everywhere. OpenID solves exactly this problem. Using OpenID, I claim an identifier and use it on any site or Web resource that has adopted the protocol. The latest figures (from the OpenID Web site) say that more than 50,000 Websites support OpenID, including Facebook, Yahoo!, Google, and Twitter
12、. OpenID authentication OpenID authentication is at the heart of OpenID, and consists of three main concepts: The OpenID Identifier: A String of text that uniquely identifies the user. The OpenID Relying Party (RP): An online resource (probably a Web site, but it could be a file, an image, or pretty
13、 much anything you want to control access to) that uses OpenID to identify who can access it. The OpenID Provider (OP): A site where users can claim an OpenID and subsequently sign-in and authenticate their identity for the benefit of any RP. The OpenID Foundation is a consortium whose members are i
14、nterested in promoting open source identity management through the OpenID specification. How does OpenID work? 外文翻译 3 Suppose a user is attempting to access a resource that is part of an RPs Web site, and the RP uses OpenID. To access the resource, the user must present his OpenID in a form that can
15、 be recognized (normalized) as an OpenID. The OpenID is encoded with the OPs location. The RP then takes the users identifier and redirects the user to the OP, where he will be required to prove his claim to that ID. Lets briefly consider each component of the OpenID specification and its role in th
16、is process. OpenID Identifiers At the heart of OpenID is, of course, the OpenID Identifier. An OpenID Identifier (or just identifier) is a human-readable String of characters that uniquely identifies someone. No two users have the same OpenID, and thats what makes OpenID work. By following stipulati
17、ons in the OpenID Authentication Specification Version 2.0, OpenID RPs are able to decode (or normalize) an identifier to figure out how to authenticate a user. In the operational world of OpenID, where we as developers write code, two identifiers are of interest: User-Supplied Identifier Claimed Id
18、entifier As the name suggests, a User-Supplied Identifier is the identifier supplied by the user to the RP. The User-Supplied Identifier must be normalized into a Claimed Identifier, which is just a fancy way to say that the identifier supplied by the user is transformed into a standard form. The Cl
19、aimed Identifier can then be used to locate the OP through a process called discovery, after which the OP will authenticate the user. OpenID Relying Party It is normally the RP that is presented with a User-Supplied Identifier, which is normalized to a Claimed Identifier. The users browser (the User
20、 Agent) will be redirected to the OP so that the user can provide his or her password and be authenticated. The RP neither knows nor cares about the specifics of how a Claimed Identifier is authenticated; it only wants to know whether the OP has successfully authenticated the user. If so, the User Agent (again, probably the users browser) is forwarded to the secure
