【正文】 pplied Identifier Create the openid4java AuthRequest object that will be used to make the authentication request Redirect the browser to the OpenID provider After redirecting the browser, the UI code is done and control is in the hands of the OP. Notice that is part of the identifier and the UserSupplied Identifier is not a wellformed URL. Still, enough information is encoded in this identifier to allow openid4java to normalize and perform discovery on it. We will see that next. Discovery The RP takes the UserSupplied Identifier and converts it to a form that can be used to determine two things: who the OpenID Provider (OP) is and how to contact the OP. The process of discovery is used by the RP to determine how to make requests of the OP, 外文翻譯 10 and the key is the UserSupplied Identifier. But before the UserSupplied Identifier can be used for discovery, it must be normalized. The openid4java library actually does the heavy lifting to normalize the UserSupplied Identifier, so there39。 Try not to get too distracted by the example and how it fits into the Wicket UI code (though if you39。 getResponse().redirect((true))。 AuthRequest authRequest = ( discoveryInformation, returnToUrl)。 MakotoOpenIdAwareSession session = (MakotoOpenIdAwareSession)()。s OpenIdRegistrationPage. I enter my OpenID and click the Confirm OpenID button. The sample application (which acts as the RP) now has my UserSupplied Identifier. Figure 1 shows a screen shot of the sample application in action. Figure 1. Obtaining the UserSupplied Identifier 外文翻譯 8 In this case, the UserSupplied Identifier is . The UI code is responsible for two things: making sure the user has entered text into the Your OpenID text box and submitting the form when the user clicks the Confirm OpenID button. Following confirmation, the application begins the call sequence. Listing 1 shows the code for the OpenIdRegistrationPage that submits the form and makes this call sequence. Listing 1. Wicket UI code to make the OpenID authentication call sequence using Button confirmOpenIdButton = new Button(confirmOpenIdButton) { public void onSubmit() { String userSuppliedIdentifier = ()。s OpenID. Discovery: The RP normalizes the UserSupplied Identifier to determine which OP to contact for authentication and how to contact it. Association: An optional step, but one I highly remend, wherein the RP and OP establish a secure munication channel. Authentication request: The RP asks the OP to authenticate the user. Verification: The RP requests userid verification from the OP and ensures the munication has not been tampered with. Proceed to application: Following authentication, the RP directs the user to the resource he or she initially requested. Next, we39。s results. Writing the RP 外文翻譯 7 The whole point of authentication is for the user to prove his or her identity. Doing this protects a Web resource from access by unwanted or malicious visitors. Once the user has proved his identity, you decide whether or not to grant him access to the resource (though authorization is beyond the scope of this article). The sample application for this article performs a function mon to many Web sites: user registration. It assumes that if the user can prove his identity then he is allowed to register. It39。t want to do any more work than I have to in order to solve the problem at hand, which is where the openid4java library es into play. openid4java is an implementation of the OpenID Authentication specification that makes it much easier to use OpenID programmatically. The code listings that follow show the openid4java API calls an RP makes to use OpenID. One thing you may notice is how little code the sample application actually needs to make this happen. openid4java really does make your life easier. To reduce the Wicket footprint in the sample application, I39。ll probably be very fortable writing your own implementation. As for me, I39。s footprint so that it doesn39。s profile information from the OP, and directs the user to a Save page where she can review and save her profile information. The information displayed on the Save page is pulled from the information available from the OP. I wrote the application with Wicket because, well, I really like Wicket. But I39。t even know it). You just use your Yahoo! ID when you sign in, and Yahoo is your OpenID Provider. You provide your Yahoobased OpenID as and the RP will ask Yahoo to authenticate you (you can actually see this in action if you run the sample application that acpanies this article). About the sample application As I said at the beginning of this article, I39。ll get an at the address provided containing a link in it. Click the link to confirm your address and — congratulations! — you now have an 外文翻譯 5 OpenID! Of course, as with any awesome technology there are numerous OpenID providers to choose from (see Resources for a plete list). To illustrate how quick and easy it is to get an OpenID, I signed up with accounts at myOpenID, Verisign, and ClaimID in the space of about 30 minutes. And that includes time spent entering detailed information and uploading a picture! You may already have an OpenID According to , Google, Wordpress, and other popular sites support OpenID. If you39。re not a bot, are you?), and that39。ve chosen is already taken. If not, you39。ll focus on writing an OpenID Relying Party (RP) using the open source openid4java library. The first step in using OpenID is to get an identifier. It39。s browser is directed to a signin page where the user is challenged to enter his password. At that point, control is with the OP. If the user is successfully authenticated, then the OP directs the browser to a location specified by the RP (in a