OpenID for Java Web applications, part 1th

Using OpenID authentication in a Java Web application

OpenID is a set of decentralized authentication systems. With OpenID I can prove that I have a URL like Http://openid.jstevenperry.com/steve, and I can log in to any OpenID-like Google, Slashdot or Wo, using a proven identity. Rdpress. OpenID is certainly a good tool for end users. But the use of OpenID raises the idea that "what if you use OpenID to create a standard, reliable identity system for a java-based WEB application that I write to my customers?" ”

In this two-part article, I'll show you how to create an authentication system for java-based WEB applications using the Openid4java library and the well-known OpenID provider Myopenid. You will also be shown how to receive user information using an OpenID simple registration extension (registration Extension) (Sreg).

First I will explain what OpenID is and how to get my OpenID. Next, briefly describes how OpenID authentication works. Finally, the steps required to perform OpenID authentication using Openid4java are outlined. In the 2nd part of this article, you will learn how to create your own OpenID provider.

I'm going to use a Wicket-based Java WEB application throughout, which I wrote specifically for this article. You can download the application source code at any time. Also, you may want to look at the Openid4java library.

Note: This article focuses on OpenID for Java Web applications, but OpenID works in any software architecture pattern.

OpenID profile

OpenID is a specification that proves that a user has an identifier. Now, only the identifier is considered a String that uniquely identifies the user. If you are like me, you will have a lot of identifiers or user names. I have a username on Facebook, Twitter and a number of other sites on the Internet. I often try to use the same username, but this is not available on every new site I want to register. Therefore, I need to remember all the user names and their corresponding WEB sites. This is a very painful thing, I often use the "Forget the password?" "This is a hint of information. If there is a way to use the same identifier at all sites, how good!

OpenID can solve this problem. With OpenID, I can declare an identifier and then use it on any WEB site that uses the OpenID protocol. The latest statistics (from the OpenID Web site) show that more than 50,000 websites support OpenID, including Facebook, Yahoo!, Google and Twitter.

OpenID Authentication

OpenID authentication is the core of OpenID, which includes three key concepts:

OpenID identifier: A text string that uniquely identifies the user.

OpenID dependency (RP): An online resource (perhaps a Web site, or any file, image, or any resource that you want to access control), using OpenID to identify the object that can access it.

OpenID provider (OP): A site where users can declare OpenID and then log in and authenticate as any RP.

The OpenID Foundation is a community in which members are concerned about promoting open source identity management through the OpenID specification.

How does OpenID work?

Suppose a user tries to access resources that belong to the RP Web site, and the RP uses OpenID. To access this resource, users must present their OpenID in a form that can be identified (normalized) as OpenID. OpenID is encoded by the OP's location. The RP then takes the user identifier and redirects the user to the OP, at which point the OP asks the user to prove his or her ID request.

Next, let's briefly describe each component of the OpenID specification and its role.