【正文】 接下來簡要介紹一下 OpenID 規(guī)范的每個組成部分及其作用。 OpenID 身份驗證 OpenID 身份驗證是 OpenID 的核心，它包括三個主要概念： OpenID 標(biāo)識符 ：一個惟一標(biāo)識用戶的文本字符串。如果您 像我一樣，會擁有很多標(biāo)識符或用戶名。還將向您展示如何使用一個 OpenID 簡單注冊擴(kuò)展（ Simple Registration Extension）（ SReg）接收用戶信息。ll focus on the other half of the OpenID puzzle: writing an OpenID Provider. It will be another codedriven discussion with a sample Java Web application written specifically for the purpose of instruction. In the meantime, please feel free to use the code from in order to implement OpenID authentication in your Java Web applications. Go ahead, I don39。 registrationModel = (discoveryInformation, pageParameters, ())。 throw new RuntimeException(message, e)。 // Create the Simple Registration Request SRegRequest sRegRequest = ()。 throw new RuntimeException(message, e)。 } return ret。s no need to cover the details of it here. The two distinct forms are: XRI: Extensible Resource Identifier URL: Uniform Resource Locator In this article, we will look at URL examples. The UserSupplied Identifier from Figure 1 is a URI missing a scheme, so as part of normalization, openid4java attaches to it and arrives at the Claimed Identifier Encoded in the Claimed Identifier is the name of the OP, in this case, myOpenID. Because the Claimed Identifier is a URL, openid4java knows how to contact the OP — at — which it does. Listing 2 (from the sample application39。 (discoveryInformation, true)。ve isolated the code that calls openid4java into its own Java class called RegistrationService (located in ). This class contains five methods that correspond to the usage of the openid4java API: getReturnToUrl() returns the URL that the browser will be directed to once successful authentication has taken place. getConsumerManager() is used to obtain an instance of the main openid4java API class. This class handles all of the code the sample RP application needs to perform authentication. performDiscoveryOnUserSuppliedIdentifier() does what its name implies: it handles any potential problems that arise during the discovery process. createOpenIdAuthRequest() creates the AuthRequest construct that is required to do the authentication. processReturn() handles processing the authentication request39。ve written a Java Web application that uses openid4java to create a simple OpenID Relying Party (RP). It is a simple application that you can build (as a WAR), drop into Tomcat, and run from your local machine. The sample application has a very tight focus: The user enters her OpenID on a registration page. The application verifies the Identifier (by directing the user to her OP to sign in). Upon successful authentication, the application retrieves the user39。s easy to do: just go to myOpenID and click the SIGN UP FOR AN OPENID button. Pick an OpenID like redneckyogi or jstevenperry (both of which are mine, by the way). The sign up form will tell you whether the userid you39。s briefly consider each ponent of the OpenID specification and its role in this process. OpenID Identifiers At the heart of OpenID is, of course, the OpenID Identifier. An OpenID Identifier (or just identifier) is a humanreadable String of characters that uniquely identifies someone. No two users have the same OpenID, and that39。ll be working with a Wicketbased Java Web application that I 外文翻譯 2 wrote specifically for this article. You can download the source code for the application any time. You also might want to take a look at the openid4java library (see Resources). Note: This article focuses on using OpenID for Java Web applications, but OpenID works in any software architectural scenario. Introduction to OpenID OpenID is a specification for proving a user owns an identifier. For now, just think of an identifier as a String that uniquely identifies a user. If you39。ll also show you how to receive user information with an OpenID Simple Registration Extension (SReg). I39。s Web site, and the RP uses OpenID. To access the resource, the user must present his OpenID in a form that can be recognized (normalized) as an OpenID. The OpenID is encoded with the OP39。s browser is directed to a signin page where the user is challenged to enter his password. At that point, control is with the OP. If the user is successfully authenticated, then the OP directs the browser to a location specified by the RP (in a special returnto URL). If the user cannot authenticate, he will probably receive a message from the OP that his authentication attempt failed (at least that39。ll get an at the address provided containing a link in it. Click the link to confirm your address and — congratulations! — you now have an 外文翻譯 5 OpenID! Of course, as with any awesome technology there are numerous OpenID providers to choose from (see Resources for a plete list). To illustrate how quick and easy it is to get an OpenID, I signed up with accounts at myOpenID, Verisign, and ClaimID in the space of about 30 minutes. And that includes time spent entering detailed information and uploading a picture! You may already have an OpenID According to , Google, Wordpress, and other popular sites support OpenID. If you39。ll probably be very fortable writing your own implementation. As for me, I39。s OpenIdRegistrationPage. I enter my OpenID and click the Confirm OpenID button. The sample application (which acts as the RP) now has my UserSupplied Identifier. Figure 1 shows a screen shot of the sample application in action. Figure 1. Obtaining the UserSupplied Identifier 外文翻譯 8 In this case, the UserSupplied Identifier is . The UI code is responsible for two things: making sure the user has entered text into the Your OpenID text box and submitting the form when the user clicks the Confirm OpenID button. Followi