外文文献翻译---面向java-web应用程序的openid本科学位论文.doc

《外文文献翻译---面向java-web应用程序的openid本科学位论文.doc》由会员分享，可在线阅读，更多相关《外文文献翻译---面向java-web应用程序的openid本科学位论文.doc（31页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、专业外文翻译题 目小型企业网站的制作 系 （院）计算机科学技术系专 业计算机网络技术班 级学生姓名学 号指导教师职 称二一年五月二日*专科毕业设计（专业外文翻译）OpenID for Java Web applicationsJ. Steven Perry is an independent software development consultant and has been developing software professionally since 1991. Steve has a passion for software development, and enjoys writ

2、ing about software development and mentoring other developers. He is the author of Java Management Extensions (OReilly) and Log4j (OReilly), and Joda-Time (which he wrote for IBM developerWorks). In his spare time he hangs out with his three kids, rides his bike, and teaches yoga. Steve is the owner

3、 and principal consultant for Makoto Consulting Group, located in Little Rock, Arkansas.Summary: OpenID is a decentralized authentication protocol that makes it easier for users to access resources in your Java Web applications. In this first half of a two-part article, youll learn about the OpenID

4、Authentication Specification and walk through the steps of incorporating it into a sample Java application. Rather than implement the OpenID Authentication specification by hand, author J. Steven Perry uses the openid4java library and a popular OpenID provider, myOpenID, to create a safe and reliabl

5、e registration process for a Java application written in Wicket.Tags for this article: authentication, java, openid, openid4java, sign-on, single, steve_perry, websOpenID is a decentralized authentication mechanism. Using OpenID, I can prove I own a URI such as and I can use that identity to authent

6、icate myself with any site that supports OpenID such as Google, Slashdot, or Wordpress. Clearly, Open ID is great for end users. But using it got me to thinking: What about using OpenID to create a standard, reliable authentication system for the Java-based Web applications I write for my customers?

7、In this two-part article I will show you how to use the openid4java library and a well-known OpenID provider, myOpenID, to create an authentication system for a Java-based Web application. Ill also show you how to receive user information with an OpenID Simple Registration Extension (SReg).Ill start

8、 by explaining what OpenID is and showing you how to get an OpenID of your own. Next, I will present a brief overview of how OpenID authentication works. Finally, I will walk through the steps involved in performing OpenID authentication using openid4java. In the second half of this article, youll l

9、earn how to create your own OpenID provider. Throughout the discussion Ill be working with a Wicket-based Java Web application that I wrote specifically for this article. You can download the source code for the application any time. You also might want to take a look at the openid4java library (see

10、 Resources).Note: This article focuses on using OpenID for Java Web applications, but OpenID works in any software architectural scenario.Introduction to OpenIDOpenID is a specification for proving a user owns an identifier. For now, just think of an identifier as a String that uniquely identifies a

11、 user. If youre like me, you own many identifiers or userids. I have a userid at Facebook, another at Twitter, and others at dozens of sites that I use around the Internet. I always try to use the same userid but its not available on every new site I sign up for. So, I have a mental map of all of my

12、 userids and the Web sites theyre associated with. What a pain; I use the Forget your password? feature a lot! It would be great if there were a way to claim a single identifier and use it everywhere.OpenID solves exactly this problem. Using OpenID, I claim an identifier and use it on any site or We

13、b resource that has adopted the protocol. The latest figures (from the OpenID Web site) say that more than 50,000 Websites support OpenID, including Facebook, Yahoo!, Google, and Twitter.OpenID authenticationOpenID authentication is at the heart of OpenID, and consists of three main concepts:The Ope

14、nID Identifier: A String of text that uniquely identifies the user.The OpenID Relying Party (RP): An online resource (probably a Web site, but it could be a file, an image, or pretty much anything you want to control access to) that uses OpenID to identify who can access it.The OpenID Provider (OP):

15、 A site where users can claim an OpenID and subsequently sign-in and authenticate their identity for the benefit of any RP. The OpenID Foundation is a consortium whose members are interested in promoting open source identity management through the OpenID specification.How does OpenID work?Suppose a

16、user is attempting to access a resource that is part of an RPs Web site, and the RP uses OpenID. To access the resource, the user must present his OpenID in a form that can be recognized (normalized) as an OpenID. The OpenID is encoded with the OPs location. The RP then takes the users identifier an

17、d redirects the user to the OP, where he will be required to prove his claim to that ID.Lets briefly consider each component of the OpenID specification and its role in this process.OpenID IdentifiersAt the heart of OpenID is, of course, the OpenID Identifier. An OpenID Identifier (or just identifie

18、r) is a human-readable String of characters that uniquely identifies someone. No two users have the same OpenID, and thats what makes OpenID work. By following stipulations in the OpenID Authentication Specification Version 2.0, OpenID RPs are able to decode (or normalize) an identifier to figure ou

19、t how to authenticate a user. In the operational world of OpenID, where we as developers write code, two identifiers are of interest:User-Supplied Identifier Claimed Identifier As the name suggests, a User-Supplied Identifier is the identifier supplied by the user to the RP. The User-Supplied Identi

20、fier must be normalized into a Claimed Identifier, which is just a fancy way to say that the identifier supplied by the user is transformed into a standard form. The Claimed Identifier can then be used to locate the OP through a process called discovery, after which the OP will authenticate the user

21、.OpenID Relying PartyIt is normally the RP that is presented with a User-Supplied Identifier, which is normalized to a Claimed Identifier. The users browser (the User Agent) will be redirected to the OP so that the user can provide his or her password and be authenticated.The RP neither knows nor ca

22、res about the specifics of how a Claimed Identifier is authenticated; it only wants to know whether the OP has successfully authenticated the user. If so, the User Agent (again, probably the users browser) is forwarded to the secure resource that the user was attempting to access. If the user cannot

23、 be authenticated, then the RP denies access.Open ID Provider (OP)The OP, or OpenID Provider, is responsible for issuing Identifiers and performing user authentication. OPs also provide Web-based management of OpenIDs. OPs collect and hold the following basic information about each user:E-mail addre

24、ss Full name Date of birth Postal code Country Primary language When an OP is asked to authenticate a Claimed Identifier, the users browser is directed to a sign-in page where the user is challenged to enter his password. At that point, control is with the OP. If the user is successfully authenticat

25、ed, then the OP directs the browser to a location specified by the RP (in a special return-to URL). If the user cannot authenticate, he will probably receive a message from the OP that his authentication attempt failed (at least thats the case with ClaimID and myOpenID, two popular OpenID Providers)

26、.Becoming an OpenID Relying PartySo now you know about the major components of OpenID and how they fit together. For the remainder of the article, well focus on writing an OpenID Relying Party (RP) using the open source openid4java library.The first step in using OpenID is to get an identifier. Its

27、easy to do: just go to myOpenID and click the SIGN UP FOR AN OPENID button. Pick an OpenID like redneckyogi or jstevenperry (both of which are mine, by the way). The sign up form will tell you whether the userid youve chosen is already taken. If not, youll be instructed to enter a password, an e-mai

28、l address, some text in a JCaptcha-style text box (youre not a bot, are you?), and thats it! Some minutes later youll get an e-mail at the address provided containing a link in it. Click the link to confirm your e-mail address and congratulations! you now have an OpenID!Of course, as with any awesom

29、e technology there are numerous OpenID providers to choose from (see Resources for a complete list).To illustrate how quick and easy it is to get an OpenID, I signed up with accounts at myOpenID, Verisign, and ClaimID in the space of about 30 minutes. And that includes time spent entering detailed i

30、nformation and uploading a picture!You may already have an OpenIDAccording to OpenI, Google, Wordpress, and other popular sites support OpenID. If youve signed up for any of these sites you may already have an OpenID.For instance, if you have a Yahoo! Account, you probably also have an OpenID (I did

31、, and didnt even know it). You just use your Yahoo! ID when you sign in, and Yahoo is your OpenID Provider. You provide your Yahoo-based OpenID as whatever and the RP will ask Yahoo to authenticate you (you can actually see this in action if you run the sample application that accompanies this artic

32、le).About the sample applicationAs I said at the beginning of this article, Ive written a Java Web application that uses openid4java to create a simple OpenID Relying Party (RP). It is a simple application that you can build (as a WAR), drop into Tomcat, and run from your local machine. The sample a

33、pplication has a very tight focus: The user enters her OpenID on a registration page.The application verifies the Identifier (by directing the user to her OP to sign in).Upon successful authentication, the application retrieves the users profile information from the OP, and directs the user to a Sav

34、e page where she can review and save her profile information.The information displayed on the Save page is pulled from the information available from the OP. I wrote the application with Wicket because, well, I really like Wicket. But Ive tried to minimize Wickets footprint so that it doesnt distrac

35、t you from learning how to write an OpenID Relying Party.The architecture of the sample application is divided into two areas of responsibility:User interface written in Wicket OpenID authentication using the openid4java library Of course the two areas intersect, but again, I have tried to keep over

36、lap to a minimum to make it easier to follow the OpenID instructions, rather than getting distracted by the details of Wicket.About openid4java and the sample application codeThe OpenID Authentication spec is complicated. If you implement specifications all the time, youll probably be very comfortab

37、le writing your own implementation. As for me, Im lazy. I dont want to do any more work than I have to in order to solve the problem at hand, which is where the openid4java library comes into play. openid4java is an implementation of the OpenID Authentication specification that makes it much easier

38、to use OpenID programmatically.The code listings that follow show the openid4java API calls an RP makes to use OpenID. One thing you may notice is how little code the sample application actually needs to make this happen. openid4java really does make your life easier.To reduce the Wicket footprint i

39、n the sample application, Ive isolated the code that calls openid4java into its own Java class called RegistrationService (located in com.makotogroup.sample.model). This class contains five methods that correspond to the usage of the openid4java API:getReturnToUrl() returns the URL that the browser

40、will be directed to once successful authentication has taken place.getConsumerManager() is used to obtain an instance of the main openid4java API class. This class handles all of the code the sample RP application needs to perform authentication.performDiscoveryOnUserSuppliedIdentifier() does what i

41、ts name implies: it handles any potential problems that arise during the discovery process.createOpenIdAuthRequest() creates the AuthRequest construct that is required to do the authentication.processReturn() handles processing the authentication requests results. Writing the RPThe whole point of au

42、thentication is for the user to prove his or her identity. Doing this protects a Web resource from access by unwanted or malicious visitors. Once the user has proved his identity, you decide whether or not to grant him access to the resource (though authorization is beyond the scope of this article)

43、. The sample application for this article performs a function common to many Web sites: user registration. It assumes that if the user can prove his identity then he is allowed to register. Its a simple premise, but it will demonstrate how a typical conversation with the OP goes and how to use openi

44、d4java to do it. Here are the basic steps:Obtain the User-Supplied Identifier: The RP gets the users OpenID.Discovery: The RP normalizes the User-Supplied Identifier to determine which OP to contact for authentication and how to contact it.Association: An optional step, but one I highly recommend, w

45、herein the RP and OP establish a secure communication channel.Authentication request: The RP asks the OP to authenticate the user.Verification: The RP requests userid verification from the OP and ensures the communication has not been tampered with.Proceed to application: Following authentication, t

46、he RP directs the user to the resource he or she initially requested. Next, well look at each of these steps in detail, including code examples. As we progress through the sections below, I will use a single example to illustrate the OpenID authentication process from start to finish.Obtain the User

47、-Supplied IdentifierThis is the job of your RP application. In the working example, the userid is obtained on the applications OpenIdRegistrationPage. I enter my OpenID and click the Confirm OpenID button. The sample application (which acts as the RP) now has my User-Supplied Identifier. Figure 1 sh

48、ows a screen shot of the sample application in action.In this case, the User-Supplied Identifier is .The UI code is responsible for two things: making sure the user has entered text into the Your OpenID text box and submitting the form when the user clicks the Confirm OpenID button. Following confirmation, the application begins the call sequence. Listing 1 shows the code for the OpenIdRegistrationPage that submits the form and makes this call sequence.Listing 1. Wicket UI code to make the OpenID auth