外文翻译--面向Java-Web应用程序的OpenID.doc

Summary: OpenID is a decentralized authentication protocol that makes it easier for users

to access resources in your Java™ Web applications. In this first half of a two-part article,

you'll learn about the OpenID Authentication Specification and walk through the steps of

incorporating it into a sample Java application. Rather than implement the OpenID

Authentication specification by hand, author J. Steven Perry uses the openid4java library

and a popular OpenID provider, myOpenID, to create a safe and reliable registration

process for a Java application written in Wicket.

Tags for this article: authentication, java, openid, openid4java, sign-on, single,

steve_perry, webs

well-known OpenID provider, myOpenID, to create an authentication system for a

Java-based Web application. I'll also show you how to receive user information with an

OpenID Simple Registration Extension (SReg).

own. Next, I will present a brief overview of how OpenID authentication works. Finally, I

will walk through the steps involved in performing OpenID authentication using

openid4java. In the second half of this article, you'll learn how to create your own OpenID

provider.

Resources).

an identifier as a String that uniquely identifies a user. If you're like me, you own many

available on every new site I sign up for. So, I have a mental map of all of my userids and

the Web sites they're associated with. What a pain; I use the "Forget your password?"

feature a lot! It would be great if there were a way to claim a single identifier and use it

everywhere.

The OpenID Identifier: A String of text that uniquely identifies the user.

The OpenID Relying Party (RP): An online resource (probably a Web site, but it could be

a file, an image, or pretty much anything you want to control access to) that uses OpenID to

identify who can access it.

The OpenID Provider (OP): A site where users can claim an OpenID and subsequently

sign-in and authenticate their identity for the benefit of any RP.

open source identity management through the OpenID specification.

that can be recognized (normalized) as an OpenID. The OpenID is encoded with the OP's

will be required to prove his claim to that ID.

process.

No two users have the same OpenID, and that's what makes OpenID work. By following

to decode (or "normalize") an identifier to figure out how to authenticate a user. In the

operational world of OpenID, where we as developers write code, two identifiers are of

interest:

to the RP. The User-Supplied Identifier must be normalized into a Claimed Identifier,

which is just a fancy way to say that the identifier supplied by the user is transformed into a

standard form. The Claimed Identifier can then be used to locate the OP through a process

called discovery, after which the OP will authenticate the user.

normalized to a Claimed Identifier. The user's browser (the "User Agent") will be

redirected to the OP so that the user can provide his or her password and be authenticated.

authenticated; it only wants to know whether the OP has successfully authenticated the user.

If so, the User Agent (again, probably the user's browser) is forwarded to the secure

authentication. OPs also provide Web-based management of OpenIDs. OPs collect and hold

the following basic information about each user:

For the remainder of the article, we'll focus on writing an OpenID Relying Party (RP) using

the open source openid4java library.

myOpenID and click the SIGN UP FOR AN OPENID button. Pick an OpenID like

redneckyogi or jstevenperry (both of which are mine, by the way). The sign up form will

tell you whether the userid you've chosen is already taken. If not, you'll be instructed to

enter a password, an e-mail address, some text in a JCaptcha-style text box (you're not a bot,