我正在尝试创建一个使用 OpenID4Java 进行 openId 身份验证的小型应用程序。
我能够成功地将用户重定向到 OpenID 提供程序站点以登录,但在返回 URL 时,其验证失败。
处理来自 openID Provider 的响应的方法是,
public HashMap<String, String> verifyResponse(HttpServletRequest httpReq){
HashMap<String, String> values = new HashMap<String, String>();
try{
ParameterList response = new ParameterList(httpReq.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation)httpReq.getSession().getAttribute("openid-disc");
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = httpReq.getRequestURL();
String queryString = httpReq.getQueryString();
if (queryString != null && queryString.length() > 0)
receivingURL.append("?").append(httpReq.getQueryString());
// verify the response; ConsumerManager needs to be the same
// (static) instance used to place the authentication request
VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);
// examine the verification result and extract the verified identifier
Identifier verified = verification.getVerifiedId();
if (verified != null){
AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)){
FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
values.put("GUID", (String)fetchResp.getAttributeValues("GUID").get(0));
values.put("Email", (String)fetchResp.getAttributeValues("Email").get(0));
values.put("FirstName", (String)fetchResp.getAttributeValues("FirstName").get(0));
values.put("LastName", (String)fetchResp.getAttributeValues("LastName").get(0));
values.put("Gender", (String)fetchResp.getAttributeValues("Gender").get(0));
values.put("Country", (String)fetchResp.getAttributeValues("Country").get(0));
values.put("Company", (String)fetchResp.getAttributeValues("Company").get(0));
values.put("VerifiedUserId", verified.getIdentifier());
values.put("Verified", verified.toString());
}
return values; // success
}else{
values.put("VerifiedUserId", "nun");
// values.put("Verified", verified.toString());
return values; // success
}
}
catch (OpenIDException e){
// present error to the user
}
return null;
}
返回时,控制台中有以下失败消息。
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << Set-Cookie: ephemeral_session_id=56f872bb71a5f4feae404d3f391f9d51833d50b51c13ddbcdac6a1fc058e5269; domain=myopenid.com; path=/
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << Set-Cookie: ephemeral_session_id=56f872bb71a5f4feae404d3f391f9d51833d50b51c13ddbcdac6a1fc058e5269; domain=myopenid.com; path=/
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << Set-Cookie: browser_id=5e3bfb0c08da19a59e8445e624637c261aee10e65a6b672ed642cb9201e5d8e4; domain=myopenid.com; path=/; expires=Sat, 16-Mar-2013 21:40:09 GMT
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << Set-Cookie: browser_id=5e3bfb0c08da19a59e8445e624637c261aee10e65a6b672ed642cb9201e5d8e4; domain=myopenid.com; path=/; expires=Sat, 16-Mar-2013 21:40:09 GMT
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << Set-Cookie: session_id=8aef51436d464910daaa1ef8eb5c661e6fa45c134c0969a1f7048ef5f23707c6; domain=myopenid.com; path=/; expires=Sat, 16-Mar-2013 21:40:09 GMT
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << Set-Cookie: session_id=8aef51436d464910daaa1ef8eb5c661e6fa45c134c0969a1f7048ef5f23707c6; domain=myopenid.com; path=/; expires=Sat, 16-Mar-2013 21:40:09 GMT
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << Connection: close
31573 [http-bio-8080-exec-9] DEBUG org.apache.http.headers - << Connection: close
31574 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted: "[version: 0][name: ephemeral_session_id][value: 56f872bb71a5f4feae404d3f391f9d51833d50b51c13ddbcdac6a1fc058e5269][domain: myopenid.com][path: /][expiry: null]".
31574 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted: "[version: 0][name: ephemeral_session_id][value: 56f872bb71a5f4feae404d3f391f9d51833d50b51c13ddbcdac6a1fc058e5269][domain: myopenid.com][path: /][expiry: null]".
31574 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted: "[version: 0][name: browser_id][value: 5e3bfb0c08da19a59e8445e624637c261aee10e65a6b672ed642cb9201e5d8e4][domain: myopenid.com][path: /][expiry: Sun Mar 17 02:40:09 PKT 2013]".
31574 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted: "[version: 0][name: browser_id][value: 5e3bfb0c08da19a59e8445e624637c261aee10e65a6b672ed642cb9201e5d8e4][domain: myopenid.com][path: /][expiry: Sun Mar 17 02:40:09 PKT 2013]".
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted: "[version: 0][name: session_id][value: 8aef51436d464910daaa1ef8eb5c661e6fa45c134c0969a1f7048ef5f23707c6][domain: myopenid.com][path: /][expiry: Sun Mar 17 02:40:09 PKT 2013]".
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted: "[version: 0][name: session_id][value: 8aef51436d464910daaa1ef8eb5c661e6fa45c134c0969a1f7048ef5f23707c6][domain: myopenid.com][path: /][expiry: Sun Mar 17 02:40:09 PKT 2013]".
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.client.ClientParamsStack - 'http.protocol.handle-redirects': false
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.client.ClientParamsStack - 'http.protocol.handle-redirects': false
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.wire - << "is_valid:false[\n]"
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.wire - << "is_valid:false[\n]"
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.wire - << "ns:http://specs.openid.net/auth/2.0[\n]"
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.wire - << "ns:http://specs.openid.net/auth/2.0[\n]"
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Connection shut down
31575 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Connection shut down
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager - Released connection is not reusable.
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager - Released connection is not reusable.
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Releasing connection [HttpRoute[{}->http://www.myopenid.com]][null]
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Releasing connection [HttpRoute[{}->http://www.myopenid.com]][null]
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Notifying no-one, there are no waiting threads
31576 [http-bio-8080-exec-9] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Notifying no-one, there are no waiting threads
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.util.HttpCache - Read 51 bytes.
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.util.HttpCache - Read 51 bytes.
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList - Creating parameter list from key-value form:
is_valid:false
ns:http://specs.openid.net/auth/2.0
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList - Creating parameter list from key-value form:
is_valid:false
ns:http://specs.openid.net/auth/2.0
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList - Created empty parameter list.
31576 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList - Created empty parameter list.
31581 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList - Copying parameter list:
is_valid:false
ns:http://specs.openid.net/auth/2.0
31581 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList - Copying parameter list:
is_valid:false
ns:http://specs.openid.net/auth/2.0
31581 [http-bio-8080-exec-9] DEBUG org.openid4java.consumer.ConsumerManager - Retrived response:
is_valid:false
ns:http://specs.openid.net/auth/2.0
31581 [http-bio-8080-exec-9] DEBUG org.openid4java.consumer.ConsumerManager - Retrived response:
is_valid:false
ns:http://specs.openid.net/auth/2.0
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList - Created empty parameter list.
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.message.ParameterList - Created empty parameter list.
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.message.VerifyResponse - Created verification response:
is_valid:false
ns:http://specs.openid.net/auth/2.0
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.message.VerifyResponse - Created verification response:
is_valid:false
ns:http://specs.openid.net/auth/2.0
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.consumer.ConsumerManager - Direct signature verification failed with OP: http://www.myopenid.com/server
31582 [http-bio-8080-exec-9] DEBUG org.openid4java.consumer.ConsumerManager - Direct signature verification failed with OP: http://www.myopenid.com/server
31582 [http-bio-8080-exec-9] ERROR org.openid4java.consumer.ConsumerManager - Verification failed for: http://aaaqif.myopenid.com/ reason: Direct signature verification failed.
31582 [http-bio-8080-exec-9] ERROR org.openid4java.consumer.ConsumerManager - Verification failed for: http://aaaqif.myopenid.com/ reason: Direct signature verification failed.