1
當我的網站用戶點擊登錄時,會發送一個return_to url,以便我知道用戶應該在成功登錄。雖然當我將用戶重定向到他們的openid提供程序時,該信息會丟失。OpenId - 如何在登錄前返回用戶所在的網址
如何保留return_to url?
如果重要,我使用的是openid4java。
A
回答
1
當您將您的用戶重定向到他們的身份提供商時,您會爲其提供一個URL以重定向或將用戶發送回。這可以是你的return_to網址。如果您需要跟蹤更多網址或任何其他信息,則可以將它們作爲參數包含在此URL中。
0
我今天遇到了這個問題,三個小時之後它看起來像我設法解決了這個問題。
我調用LoginServlet有:
out.println("<!--Open IDs login-->");
out.println("<div style=\"margin-left: 50px; margin-top: 40px; height: 60px;\"><form action=\"../web/login?identifier=https://www.google.com/accounts/o8/id&afterLoginUrl="
+ UsualHtmlUtils.encodeURL(returnToUrl) + "\" method=\"post\"> <input class=\"google openid_large_btn\" "
+ "style=\"background: #fff url(../images/openid-logos.png); background-position: -1px -1px;\" type=\"image\" value=\" \" /></form>");
out.println("<form action=\"../web/login?identifier=https://me.yahoo.com&afterLoginUrl=" + UsualHtmlUtils.encodeURL(returnToUrl)
+ "\" method=\"post\"><input class=\"google openid_large_btn\" style=\"background: #fff url(../images/openid-logos.png); background-position: -1px -63px;\" type=\"image\" value=\" \" /> </form></div>");
和實際LoginServlet看起來如下:
import commons.StringUtils;
import commons.UsualHtmlUtils;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.ParameterList;
import org.openid4java.message.ax.AxMessage;
import org.openid4java.message.ax.FetchRequest;
import org.openid4java.message.ax.FetchResponse;
/**
*
* @author mladen
*/
@WebServlet(name = "LoginServlet", urlPatterns = {"/web/login"})
public class LoginServlet extends HttpServlet {
final static String YAHOO_ENDPOINT = "https://me.yahoo.com";
final static String GOOGLE_ENDPOINT = "https://www.google.com/accounts/o8/id";
private static final long serialVersionUID = 309579782731258702L;
private ServletContext context;
private ConsumerManager manager;
@Override
public void init(ServletConfig config) throws ServletException {
super.init(config);
context = config.getServletContext();
this.manager = new ConsumerManager();
}
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
//log.debug("context: " + context);
Identifier identifier = this.verifyResponse(req);
//log.debug("identifier: " + identifier);
// if openid login succeded redirect to home page using our demo account
//if your site is open to anyone without login you can do the redirect directly
if (identifier != null) {
//WebAuthentication pwl = new WebAuthentication();
//pwl.login("guest", "guest");**
String afterLoginUrl = req.getParameter("afterLoginUrl");
if (afterLoginUrl == null) {
afterLoginUrl = "../def/";
}
resp.sendRedirect(afterLoginUrl);
} else {
Logger.getLogger(this.getClass().getName()).log(Level.INFO, "attr= {0}", StringUtils.toString("login with openid failed"));
resp.sendRedirect("../def/");
}
}
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String identifier = req.getParameter("identifier");
String afterLoginUrl = req.getParameter("afterLoginUrl");
//req.getSession().setAttribute("afterLoginUrl", req.getRequestURL().toString());
this.authRequest(identifier, afterLoginUrl, req, resp);
}
// --- placing the authentication request ---
public String authRequest(String userSuppliedString, String afterLoginUrl,
HttpServletRequest httpReq, HttpServletResponse httpResp)
throws IOException {
try {
// configure the return_to URL where your application will receive
// the authentication responses from the OpenID provider
String returnToUrl = httpReq.getRequestURL().toString() + "?afterLoginUrl=" + UsualHtmlUtils.encodeURL(afterLoginUrl);
Logger.getLogger(this.getClass().getName()).log(Level.INFO, "attr= {0}", StringUtils.toString("444 returnToUrl=" + returnToUrl));
// --- Forward proxy setup (only if needed) ---
// ProxyProperties proxyProps = new ProxyProperties();
// proxyProps.setProxyName("proxy.example.com");
// proxyProps.setProxyPort(8080);
// HttpClientFactory.setProxyProperties(proxyProps);
// perform discovery on the user-supplied identifier
List discoveries = manager.discover(userSuppliedString);
// attempt to associate with the OpenID provider
// and retrieve one service endpoint for authentication
DiscoveryInformation discovered = manager.associate(discoveries);
// store the discovery information in the user's session
httpReq.getSession().setAttribute("openid-disc", discovered);
// obtain a AuthRequest message to be sent to the OpenID provider
AuthRequest authReq = manager.authenticate(discovered, returnToUrl);
FetchRequest fetch = FetchRequest.createFetchRequest();
if (userSuppliedString.startsWith(GOOGLE_ENDPOINT)) {
fetch.addAttribute("email", "http://axschema.org/contact/email", true);
fetch.addAttribute("firstName", "http://axschema.org/namePerson/first", true);
fetch.addAttribute("lastName", "http://axschema.org/namePerson/last", true);
} else if (userSuppliedString.startsWith(YAHOO_ENDPOINT)) {
fetch.addAttribute("email", "http://axschema.org/contact/email", true);
fetch.addAttribute("fullname", "http://axschema.org/namePerson", true);
} else { // works for myOpenID
fetch.addAttribute("fullname", "http://schema.openid.net/namePerson", true);
fetch.addAttribute("email", "http://schema.openid.net/contact/email", true);
}
// attach the extension to the authentication request
authReq.addExtension(fetch);
httpResp.sendRedirect(authReq.getDestinationUrl(true));
} catch (OpenIDException e) {
// present error to the user
}
return null;
}
// --- processing the authentication response ---
public Identifier verifyResponse(HttpServletRequest httpReq) {
try {
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList response = new ParameterList(httpReq.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation) httpReq.getSession().getAttribute("openid-disc");
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = httpReq.getRequestURL();
String queryString = httpReq.getQueryString();
if (queryString != null && queryString.length() > 0) {
receivingURL.append("?").append(httpReq.getQueryString());
}
// verify the response; ConsumerManager needs to be the same
// (static) instance used to place the authentication request
VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);
// examine the verification result and extract the verified
// identifier
Identifier verified = verification.getVerifiedId();
if (verified != null) {
AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
List emails = fetchResp.getAttributeValues("email");
String email = (String) emails.get(0);
Logger.getLogger(this.getClass().getName()).log(Level.INFO, "OpenIdlogin done with email: {0}", email);
Map<String, List<String>> respAttributes = fetchResp.getAttributes();
Logger.getLogger(this.getClass().getName()).log(Level.INFO, "attr= {0}", StringUtils.toString(respAttributes));
//for (Map.Entry<String, List<String>> entry : respAttributes.entrySet()) {
//Logger.getLogger(this.getClass().getName()).log(Level.INFO, "key = " + entry + ", value = " + StringUtils.toString(respAttributes));
// entry.getKey();
//}
//fetch.addAttribute("firstName", "http://axschema.org/namePerson/first", true);
//fetch.addAttribute("lastName", "http://axschema.org/namePerson/last", true);
}
return verified; // success
}
} catch (OpenIDException e) {
// present error to the user
}
return null;
}
}
我不明白這是爲什麼不記錄不錯。實際上,openid4java看起來沒有記錄。
希望這會有所幫助。
相關問題
- 1. StackExchange網站如何關聯用戶帳戶和OpenID登錄?
- 2. 如何使用正確的Google OpenID網址登錄我的網站?
- 3. 我可以在使用openID時登錄用戶登錄
- 4. 如何在登錄之前繞過特定的網址mikrotik
- 5. .Django避免用戶在登錄後返回登錄頁面
- 6. 如何在OpenId身份驗證後登錄用戶
- 7. Django模型:從當前登錄用戶返回用戶名
- 8. 如何返回除當前登錄用戶以外的Meteor.users內的所有用戶?
- 9. 「#」登錄網址
- 10. Django登錄,註銷網址和當前用戶名
- 11. 登錄後,如何將用戶返回到與登錄前相同的門戶頁面?
- 12. XPages - 返回登錄用戶的簡稱
- 13. 會話登錄的用戶返回undefined
- 14. TYPO3前端登錄總是返回錯誤的用戶/密碼
- 15. 獲取當前登錄的用戶IIS返回DefaultAppPool
- 16. 如何讓用戶使用網址儀表板登錄?username = xyz
- 17. 如何用戶在我的網站的twitter帳戶登錄
- 18. 如何使用Google帳戶通過openid登錄自己的網站?
- 19. 如何註銷登錄我的網站的所有用戶-php
- 20. 如何返回與登錄用戶的當前Outlook配置文件關聯的主電子郵件地址?
- 21. 如何禁用返回在我的登錄頁面在PHP?
- 22. 在哪裏存儲返回網址在登錄表單/控制器
- 23. 如何使用facebook登錄openid?
- 24. 用戶已登錄(ID),返回。 Jhipster 4.1.1
- 25. UserPrincipal返回已登錄用戶
- 26. .net 4 - 返回用戶windows登錄
- 27. 如何使用OpenID自動登錄用戶?
- 28. 如何檢查當前登錄的用戶和登錄時間
- 29. rails 3返回網站用戶登出
- 30. 如何爲指向登錄表單的鏈接指定返回網址?