Simple Java BrowserID Verifier
Java
Switch branches/tags
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
doc
lib
sample
.gitignore
Eclipse_built-in-codestyle.xml
README.md

README.md

Important:

Thank you for your interest. Mozilla has shut down Persona.org and this project is not longer mainteined. Look into OAuth 2.0 or other alternatives.

BrowserID Verifier

Build Status Maven Central

Java library for the BrowserID protocol.

This is a verification library for Mozilla Persona written in Java. It allows to easily authenticate web application's users by veryfing BrowserID assertions.

The only external dependencies are SLF4J and json.org1.

To use it just write something like:

BrowserIDResponse loginRepsonse = verifier.verify(assertion, AUDIENCE);

Find a simple, yet complete live sample here with its source code.

How to use it

1. Add it as a dependency

Its Maven coordinate is info.modprobe:browserid-verifier:<version>; in a pom file it would look like:

   <dependency>
      <groupId>info.modprobe</groupId>
      <artifactId>browserid-verifier</artifactId>
      <version>0.8.9</version>
    </dependency>

Example

2. Use it

On the server side:

final Verifier verifier = new Verifier();
final BrowserIDResponse personaResponse = verifier.verify(assertion, audience);
final Status status = personaResponse.getStatus();

if (status == Status.OK) {
	/* Authentication with Persona was successful */
	final String email = personaResponse.getEmail();
	log.info("Signing in '{}'", email);
	HttpSession session;
	if ((session = req.getSession(false)) != null) {
		// Prevent session hijacking
		session.invalidate();
	}
	session = req.getSession(true);	
	session.setAttribute("email", email);

} else {
	/* Authentication with Persona failed */
	log.info("Sign in failed: {}", personaResponse.getReason());
}

Complete example

On the client side:

<button type="button" onclick="navigator.id.request();">Sign in - Sign up</button>
<button type="button" onclick="navigator.id.logout();">Sign out</button>
....
	<script src="https://login.persona.org/include.js"></script>

	<script type="text/javascript">
		var currentUser = '${sessionScope.email}';
		if(!currentUser) {
			// If falsy set it to the literal null
			currentUser = null;
		}

		navigator.id.watch({
			loggedInUser : currentUser,
			onlogin : function(assertion) {				
				loginRequest = $.ajax({
					type : 'POST',
					url : 'in',
					data : {
						assertion : assertion
					}
				});
				loginRequest.done(function(res, status, xhr) {
					window.location.reload();
				});
				loginRequest.fail(function(xhr, status, error) {
					navigator.id.logout();
					alert("Login error: " + error);
				});
			},

			onlogout : function() {
				logoutRequest = $.ajax({
					type : 'POST',
					url : 'out'
				});
				logoutRequest.done(function(res, status, xhr) {
					window.location.reload();
				});
				logoutRequest.fail(function(xhr, status, error) {
					alert("Logout error: " + error);
				});
			}

		});
	</script>

Complete example


  1. This implies that the use of the software is restricted for Good.

This project is based in code from https://github.com/mozilla/browserid-cookbook