开发者

How to integrate OpenID login authentication implementation (Java) with JBoss

开发者 https://www.devze.com 2023-01-08 12:33 出处:网络
I have implementedone service that perform operation required for OpenID login authentication using openid4java library.

I have implemented one service that perform operation required for OpenID login authentication using openid4java library.

Flow of application is some think like as below

  1. JSP page for g开发者_StackOverflow社区etting OpenID from user
  2. JSP page 's actions servlet
  3. Servlet fetch openid parameter , interacts with the service to get required information to redirect user to actual OpenID provider for authentication.
  4. return url provided to OpenID provider is one another servlet.
  5. this servlet retrieves information required from response sent by open id provider and then interacts with the service to check if user is authenticated by open id provider.
  6. If user is authenticated, it servlet redirect user to home page.

If u have understood my implementation approach please entertain my following queries else please let me know so that i put more effort to make it understandable

Queries I am using JBoss 5 application server. In above code i am simply getting information if user is authenticated or not but i will need to inform jboss some how that it should allow user to access restricted resources i.e. viewing web pages.

Normally we use Custom login module class which inherit org.jboss.security.auth.spi.UsernamePasswordLoginModule for database based authentication (calling service methods to get database authetication information). But in this case i need servlet that act as communication channel between the service , user and OpenID provider.So how should i integrate servlet and login module implementation both.

One more issue i might be facing is that i am using session between two implemented servlets for storage and retrieval of DiscoveryInformation object. I think session will not be accessible untill user is not logged in.

Implementation approach i am following is based upon article http://www.theserverside.com/news/1364125/Using-OpenID

Please help me out Thanks


Something is missing in your scenario: is openid the only way to authenticate or the user have also username and password? in the first case you can refactor your custom login to extend AbstractServerLoginModule and pass the openId account info. Otherwise you just have to chain the two authentication systems.

For the session issue everything should be ok since the session starts when the browser first hits the server and goes on untile it espires due to inactivity or programmaticaly resetted.

0

精彩评论

暂无评论...
验证码 换一张
取 消