我正在编写一个Java JSP代码,它使用openid对WSO2 IS服务器进行身份验证。我已经采取了示例代码从开发人员,所以我得到以下内容:
<%
ConsumerManager manager = new ConsumerManager ();
String _returnURL = "https://192.168.15.48:9443/ficlient/secret.jsp";
List discoveries = manager.discover("https://myserverIP/openid");
DiscoveryInformation discovered = manager.associate(discoveries);
session.setAttribute("discovered", discovered);
AuthRequest authReq = manager.authenticate(discovered, _returnURL);
nextlink = authReq.getDestinationUrl(true);
%>
<a href="<%out.println(nextlink);%>">Secret data</a>
在第三行(列出发现…)我得到一个异常:
org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport error: peer not authenticated
我明白这是由于为https通信颁发的非有效ssl证书,并尝试包括以下内容(在互联网上找到),以避免验证:
<%
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) {}
}
};
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (Exception e) {}
%>
但它仍然不工作。我错过了什么?
我最终通过使用Oltu库进行身份验证来解决这个问题。