OpenId Implementation using Java

 

What is Open ID..?

OpenID is a decentralized authentication protocol that makes it easy for people to sign up and access web accounts.

An OpenID is in the form of a unique URL, and is authenticated by the user's 'OpenID provider'.

OpenID is a method of using a single sign on at a trusted provider to automatically allow you trusted access to other websites. You do not need to create accounts or new logins at the other websites, you merely need to tell the other websites what your OpenID is. The first time you do this at a website you are giving permission to your trusted provider to give some of your profile information to the new website. Behind the scenes the trusted provider confirms to the other website that you are who you say you are, because you have already logged in with them today from this browser session.


Example: You have a Google account.  Now you want to login into create a new thread in any forum or website (e.g.: stackoverflow.com) . You don’t need to create a new account in that website. You need to login to your Google account in that website using the OpenID. In back end it Google generates OpenID and stackoverflow.com stores that in its database and it now recognizes as a valid user.

Implementing the Open ID using JAVA

To OpenID-enable your web-application, you need to do the following:

• Download and install the libraries to your project.
• Change your authentication prompt to ask users for their OpenID identifier rather than their username and password.
• Create an authentication request for this identifier, and redirect the user to their OpenID Provider.
• Receive the OpenID Provider's authentication response at your web-application's ReturnURL, and verify the response.

// creating consumer manager

ConsumerManager consumerManager = new ConsumerManager();

// discover the OpenID authentication server's endpoint URL

List discoveries = manager.discover(userSuppliedOpenID);

// attempt to associate with the OpenID provider

// and retrieve one service endpoint for authentication

DiscoveryInformation discovered = manager.associate(discoveries);

// store the discovery information in the user's session for later use

session.setAttribute("discovered", discovered);

// define the return path

String returnURL = "http://company.com/openidresponse.jsp";

// generate an AuthRequest message to be sent to the OpenID provider

AuthRequest authReq = manager.authenticate (discovered, returnURL);

// redirect the user to their provider for authentication

httpResp.sendRedirect (authReq.getDestinationUrl(true));

The code above will do:

• Download a list of OpenID providers (generally just one). The results will be returned in order of preference for authentication.
• Establish a shared-secret with the OpenID provider, through association.
• Store the association ('DiscoveryInformation') for later use
• Redirect the user to their OpenID Provider for authentication, we also need to tell the return to URL of the relying party website (our web appplciation), so that the provider knows where to send the user after performing the authentication.
• After authenticating the user, the OpenID Provider will redirect the user back to the Relying Party site (i.e. your web-application), using the return URL we provided, and send an authentication response message to your web-application. Our web-application will need to receive and process this response. Depending on our workflow, we can then display an error message or send the user to the 'success' page.

The simplest way to process the OpenID Provider's authentication message response is:

// extract the parameters from the authentication response

// (which comes in as a HTTP request from the OpenID provider)

ParameterList openidResp = new ParameterList(request.getParameterMap());

// retrieve the previously stored discovery information

DiscoveryInformation discovered = (DiscoveryInformation) session.getAttribute("discovered");

// extract the receiving URL from the HTTP request

StringBuffer receivingURL = request.getRequestURL();

String queryString = request.getQueryString();

if (queryString != null && queryString.length() > 0)

   receivingURL.append("?").append(request.getQueryString());

// verify the response

VerificationResult verification = manager.verify(receivingURL.toString(), openidResp, discovered);

// examine the verification result and extract the verified identifier

Identifier verified = verification.getVerifiedId();

if (verified != null)

    // success, use the verified identifier to identify the user.

Else

    // OpenID authentication failed.

 

Hibernate Id generation using sequence

Mapped classes must declare the primary key column of the database table. The element is used to define the mapping property to the primary key column.

We can specify the id with class to generate the auto increment value for this id property.

We can use hibernate generated sequence or data base sequence.

Hibernate sequence we can use the “increment” and “native” to use auto increment of the value.

We “increment” for numeric data to auto increment the data, “native” is also used same purpose but the hibernate will select the appropriate value based on the data base. For example on oracle native, increment as same effect which is used to get the value from “hibernate_sequence.NEXT_VALUE”.

To make the id has the database sequence then we need pass the sequence name with

element.

So while you are saving the object it is not required to the value for this property, since we set the value it overrides the value with the sequence generated value.

If we try to persist the object with the by setting the id value, it throws the exception entity cache is detached or not persistent object.

Note:- we can mix 2 strategies for the id property.

SQL Supports two date/time functions NEXT_ DAY and LAST_DAY using this functions we can find records between dates.

Syntax: NEXT_DAY (, ) 

LAST_DAY (date) 

Options are SUN, MON, TUE, WED, THU, FRI, and SAT

I give some examples which will explain how to find the THIS WEEK, Next WEEK and THIS MONTH, NEXT MONTH.
Note:- Assuming SUNDAY - SATURDAY as week


1) Finding this week dates


WHERE pending_date between TO_CHAR (NEXT_DAY(sysdate - 7, 'SUN'), 'dd-Mon-yyyy') and TO_CHAR (NEXT_DAY(sysdate - 1, 'SAT'), 'dd-Mon-yyyy')


2) Finding next week dates


WHERE pending_date between TO_CHAR (NEXT_DAY(sysdate, 'SUN'), 'dd-Mon-yyyy') and TO_CHAR (NEXT_DAY(sysdate + 6, 'SAT'), 'dd-Mon-yyyy')


3) Finding this month dates


TO_CHAR (TRUNC(sysdate, 'MM'), 'dd-Mon-yyyy') and TO_CHAR (LAST_DAY(sysdate), 'dd-Mon-yyyy')


4) Finding next month dates


TO_CHAR (LAST_DAY(sysdate) + 1, 'dd-Mon-yyyy') and TO_CHAR (LAST_DAY(ADD_MONTHS(sysdate)), 'dd-Mon-yyyy')


Quick Points :


1) LAST_DAY returns last day of the month.
2) NEXT_day returns next occurance of the given week in it.
3) TRUNC(sysdate, 'MM') always returns starting date of the month.
4) ADD_MONTHS(sysdate, 2) adds 2 months to current date. e.g: present month is oct then it will become    DEC. if you use -2 negative number it will reduce in our case it becomes AUG.