Tuesday, October 02, 2007

How to Add OpenID Support to your Java Application

Here is a quick and easy step by step to add OpenID support to your application. We are using joid because it's the lightest weight implementation with the least number of dependencies (2 jars).

  1. Download joid from http://code.google.com/p/joid/
  2. Copy joid.jar, log4j-*.jar, and tsik.jar to your lib directory (so they end up in WEB-INF/lib).
  3. Add OpenIdFilter to your web.xml (see below for how to add it)
  4. Add OpenId login form (see below for a sample jsp page)

After a user logs in, you can access the username that they're signed in as with:

String loggedInAs = OpenIdFilter.getCurrentUser(session);

Simple huh?

OpenIdFilter for web.xml

<filter>
<filter-name>OpenIdFilter</filter-name>
<filter-class>org.verisign.joid.consumer.OpenIdFilter</filter-class>
<init-param>
<description>Optional. Will store the identity url in a cookie under "openid.identity" if set to true.</description>
<param-name>saveInCookie</param-name>
<param-value>true</param-value>
</init-param>
<!--
<init-param>
<param-name>cookieDomain</param-name>
<param-value>www.mydomain.com</param-value>
<description>Optional. Domain to store cookie based on RFC 2109. Defaults to current context.</description>
</init-param>
-->
</filter>
<filter-mapping>
<filter-name>OpenIdFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

OpenID Login Form

<%@ page import="org.verisign.joid.consumer.OpenIdFilter" %>
<%@ page import="org.verisign.joid.util.UrlUtils" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
String returnTo = UrlUtils.getBaseUrl(request);

if (request.getParameter("signin") != null) {
try {
String id = request.getParameter("openid_url");
if (!id.startsWith("http:")) {
id = "
http://" + id;
}
String trustRoot = returnTo;

String s = OpenIdFilter.joid().getAuthUrl(id, returnTo, trustRoot);
response.sendRedirect(s);
} catch (Throwable e) {
e.printStackTrace();
%>
An error occurred! Please press back and try again.
<%
}
return;
}
%>
<html>
<head><title>A Page I Want to Login To</title></head>
<body>
<h1>Login</h1>
<p>
This is a sample login page where a user enters their OpenID url to login.
</p>

<%
String loggedInAs = OpenIdFilter.getCurrentUser(session);
if(loggedInAs != null){
%>
<p align="center">
<span style=" background- padding:5px;">You are logged in as: <%=OpenIdFilter.getCurrentUser(session)%></span> - <a href="logout.jsp">Logout</a>
</p>
<%
}
%>

<div style='margin: 1em 0 1em 2em; border-left: 2px solid black; padding-left: 1em;'>
<form action="index.jsp" method="post">
<input type="hidden" name="signin" value="true"/>
<b>Login with your OpenID URL:</b> <input type="text" size="30" value=""
name="openid_url"/>
<input type="submit" value="Login"/><br/>
<i>For example: <tt>someone.bloghost.com</tt></i>
</form>
</div>

<p>
<strong>Don't have an OpenID?</strong> <a href="
https://pip.verisignlabs.com/" target="_blank">Go</a>
<a href="
http://www.myopenid.com/" target="_blank">get</a>
<a href="
https://myvidoop.com/" target="_blank">one</a>.
</p>

</body>
</html>