THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Authentication technologies to be used:
- OpenID4Java (http://code.google.com/p/openid4java/
) - XRI (Extensible Resource Identifier)
- OpenID4Java (http://code.google.com/p/openid4java/
- Database changes - add a new database table userattributes. It should consist of three columns: user_id, attributename and attributevalue. So, with such changes in the database scheme any other authentication system which requires some user attributes can use this database table.
- Change Acegi Authentication filter in security.xml file - add a new filter to redirect the user to the OpenID Provider website
- List of classes to which the new functionality will be added:
- org.apache.roller.weblogger.User.java - add the list of openids and method of casting openid to the canonical view (so in the database it will be stored in the predefined format)
- String castToCanonical(String url)
- Create a new POJO class UserAttributes which will represent the userattributes database table.
- Create a new class OpenIDConnector where implement methods to establish connection with the openid provider, requesting authentication and handling the response.
- String getProviderURL(String opened_url) - returns Provider's URL to send request
- void sendRedirect(String provider_url) - redirects the user to the Provider's website
- UserDetails getParameters() - get user profile information
- void verifyResponse(HttpServletRequest httpReq) - verify Provider's response
- Modify classes Authenticator.java, JPAUserManagerImpl.java and JPAPersistenceStrategy.java - add methods to connect to the OpenID provider and receive response, and methods connected with receiving an instance of the user and managing his openIDs, for instance:
- int getUserId(openid_url) - returns userid by the verified openid_url
- GetOpenIDsByUser(user_id) - returns the list of openid's that belong to one user
- AttachOpenID(openid_url, user_id) - add openid url to the user's profile
- DetachOpenID(openid_url, user_id) - delete certain openid url from the user's profile
- DetachOpenIDsByUser(user_id) - delete all openIDs from the user's profile
- org.apache.roller.weblogger.User.java - add the list of openids and method of casting openid to the canonical view (so in the database it will be stored in the predefined format)
- For some of the actions I should add work with cookies - to preload openid_url for user convenience
- Add new Struts Actions and Forms - for establishing the connection with opened provider website and receiving the response from it.
...