Hi,
I have implemented one service that perform operation required for OpenID login authentication using openid4java library.
Flow of application is some think like as below
- JSP page for getting OpenID from user
- JSP page 's actions servlet
- Servlet fetch openid parameter , interacts with the service to get required information to redirect user to actual OpenID provider for authentication.
- return url provided to OpenID provider is one another servlet.
- this servlet retrieves information required from response sent by open id provider and then interacts with the service to check if user is authenticated by open id provider.
- If user is authenticated, it servlet redirect user to home page.
If u have understood my implementation approach please entertain my following queries else please let me know so that i put more effort to make it understandable
Queries I am using JBoss 5 application server. In above code i am simply getting information if user is authenticated or not but i will need to inform jboss some how that it should allow user to access restricted resources i.e. viewing web pages.
Normally we use Custom login module class which inherit org.jboss.security.auth.spi.UsernamePasswordLoginModule for database based authentication (calling service methods to get database authetication information). But in this case i need servlet that act as communication channel between the service , user and OpenID provider.So how should i integrate servlet and login module implementation both.
One more issue i might be facing is that i am using session between two implemented servlets for storage and retrieval of DiscoveryInformation object. I think session will not be accessible untill user is not logged in.
Implementation approach i am following is based upon article http://www.theserverside.com/news/1364125/Using-OpenID
Please help me out Thanks