Dealing with OpenId(5)Spring Security and OpenId Work together

DealingwithOpenId(5)SpringSecurityandOpenIdWorktogether

1.TheSpringSecurityVersion

<properties>

<spring.version>3.1.1.RELEASE</spring.version>

<spring-security.version>3.1.0.M2</spring-security.version>

</properties>

...snip...

<dependency>

<groupId>org.springframework</groupId>

<artifactId>spring-webmvc</artifactId>

<version>${spring.version}</version>

</dependency>

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-core</artifactId>

<version>${spring-security.version}</version>

</dependency>

<dependency>

<groupId>org.openid4java</groupId>

<artifactId>openid4java-nodeps</artifactId>

<version>0.9.6</version>

</dependency>

2.Myspringsecurityconfigurationfilesecurity-context.xml:

<?xmlversion="1.0"encoding="UTF-8"?>

<beansxmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:security="http://www.springframework.org/schema/security"

xsi:schemaLocation="

http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-3.0.xsd

http://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:authentication-manager>

<security:authentication-providerref="openidAuthenticationProvider"/>

<security:authentication-providerref="authenticationProvider"/>

</security:authentication-manager>

<beanid="openidAuthenticationProvider"class="org.springframework.security.openid.OpenIDAuthenticationProvider">

<propertyname="userDetailsService"ref="registeringUserService"/>

</bean>

<beanid="authenticationProvider"class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">

<propertyname="userDetailsService"ref="registeringUserService"/>

</bean>

<security:httppattern="/openidlogin.jsp*"security="none"/>

<security:httppattern="/images/*"security="none"/>

<security:httppattern="/css/*"security="none"/>

<security:httppattern="/js/*"security="none"/>

<security:debug/>

<security:httpaccess-denied-page="/denied.jsp"use-expressions="true">

<security:form-loginlogin-processing-url="/j_spring_security_check"login-page="/openidlogin.jsp"authentication-failure-url="/openidlogin.jsp?login_error=true"/>

<security:intercept-urlpattern="/index.jsp"access="permitAll"/>

<security:intercept-urlpattern="/user/**"access="hasRole('ROLE_USER')"/>

<security:intercept-urlpattern="/super/**"access="hasRole('ROLE_SUPERVISOR')"/>

<security:intercept-urlpattern="/admin/**"access="hasRole('ROLE_ADMIN')"/>

<security:intercept-urlpattern="/**"access="denyAll"/>

<security:logout

invalidate-session="true"

logout-success-url="/openidlogin.jsp"

logout-url="/j_spring_security_logout"/>

<security:openid-login

user-service-ref="registeringUserService"

authentication-failure-url="/openidlogin.jsp?login_error=true"

default-target-url="/index.jsp">

<security:attribute-exchangeidentifier-match="https://www.google.com/.*">

<security:openid-attributename="email"type="http://schema.openid.net/contact/email"required="true"/>

<security:openid-attributename="firstName"type="http://axschema.org/namePerson/first"required="true"/>

<security:openid-attributename="lastName"type="http://axschema.org/namePerson/last"required="true"/>

</security:attribute-exchange>

<security:attribute-exchangeidentifier-match=".*yahoo.com.*">

<security:openid-attributename="email"type="http://axschema.org/contact/email"required="true"/>

<security:openid-attributename="fullname"type="http://axschema.org/namePerson"required="true"/>

</security:attribute-exchange>

<security:attribute-exchangeidentifier-match=".*myopenid.com.*">

<security:openid-attributename="email"type="http://schema.openid.net/contact/email"required="true"/>

<security:openid-attributename="fullname"type="http://schema.openid.net/namePerson"required="true"/>

</security:attribute-exchange>

</security:openid-login>

</security:http>

<beanid="registeringUserService"class="com.sillycat.easyopenidgoogle.service.OpenIdUserDetailsService"/>

3.Myjavasourcecodeforloadtheuserdetailbyusernameandemailfromopenid

Ijustaddsomemockcodeshere,ifIwant,IcangettoadatabaseorXMLfiletodothat.

packagecom.sillycat.easyopenidgoogle.service;

importjava.util.HashMap;

importjava.util.List;

importjava.util.Map;

importorg.springframework.security.core.userdetails.AuthenticationUserDetailsService;

importorg.springframework.security.core.userdetails.UserDetails;

importorg.springframework.security.core.userdetails.UserDetailsService;

importorg.springframework.security.core.userdetails.UsernameNotFoundException;

importorg.springframework.security.openid.OpenIDAttribute;

importorg.springframework.security.openid.OpenIDAuthenticationToken;

importcom.sillycat.easyopenidgoogle.model.GoogleUser;

importcom.sillycat.easyopenidgoogle.model.UserAuthority;

importcom.sillycat.easyopenidgoogle.model.UserRole;

publicclassOpenIdUserDetailsServiceimplementsUserDetailsService,

AuthenticationUserDetailsService<OpenIDAuthenticationToken>{

privatefinalMap<String,GoogleUser>registeredUsers=newHashMap<String,GoogleUser>();

publicUserDetailsloadUserDetails(OpenIDAuthenticationTokenopenIDToken)

throwsUsernameNotFoundException{

Stringid=openIDToken.getIdentityUrl();

System.out.println("identy="+id);

Stringemail=null;

StringfirstName=null;

StringlastName=null;

StringfullName=null;

List<OpenIDAttribute>attributes=openIDToken.getAttributes();

for(OpenIDAttributeattribute:attributes){

if(attribute.getName().equals("email")){

email=attribute.getValues().get(0);

System.out.println("email="+email);

}

if(attribute.getName().equals("firstName")){

firstName=attribute.getValues().get(0);

System.out.println("firstname="+firstName);

}

if(attribute.getName().equals("lastName")){

lastName=attribute.getValues().get(0);

System.out.println("lastname="+lastName);

}

if(attribute.getName().equals("fullname")){

fullName=attribute.getValues().get(0);

System.out.println("fullname="+fullName);

}

}

GoogleUseruser=newGoogleUser();

user.setUsername(email);

UserRoleuserRole=newUserRole();

UserAuthorityuserAuthority=newUserAuthority();

userAuthority.setAuthorityAlias("Accessthemainpage!");

userAuthority.setAuthorityName("ROLE_USER");

userRole.getRoleAuthorities().add(userAuthority);

user.getUserRoles().add(userRole);

registeredUsers.put(id,user);

returnuser;

}

publicUserDetailsloadUserByUsername(Stringid)

throwsUsernameNotFoundException{

GoogleUseruser=registeredUsers.get(id);

if(id==null){

thrownewUsernameNotFoundException(id);

}

if(user==null){

user=newGoogleUser();

user.setUsername(id);

user.setPassword("111111");

UserRoleuserRole=newUserRole();

UserAuthorityuserAuthority=newUserAuthority();

userAuthority.setAuthorityAlias("Accessthemainpage!");

userAuthority.setAuthorityName("ROLE_USER");

userRole.getRoleAuthorities().add(userAuthority);

user.getUserRoles().add(userRole);

}

returnuser;

}

}

Thatisit.Ionlyneed2formstologin:

<formname="f1"action="j_spring_openid_security_check"method="POST">

<table>

<tr>

<td>OpenIDIdentity:</td>

<td><inputtype='text'name='openid_identifier'value='https://www.google.com/accounts/o8/id'/></td></tr>

<tr><tdcolspan='2'><inputname="submit"type="submit"></td></tr>

<tr><tdcolspan='2'><inputname="reset"type="reset"></td></tr>

</table>

</form>

<formname="f2"action="j_spring_security_check"method="POST">

<table>

<tr>

<td>UserName:</td>

<td><inputid="j_username"type='text'name='j_username'style="width:150px"/></td>

</tr>

<tr>

<td>Password:</td>

<td><inputid="j_password"type='password'name='j_password'style="width:150px"/></td>

</tr>

<tr><tdcolspan='2'><inputname="submit"type="submit"></td></tr>

<tr><tdcolspan='2'><inputname="reset"type="reset"></td></tr>

</table>

</form>

references:

http://http.git.springsource.org/greenhouse/greenhouse.git

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#ns-openid

http://forum.springsource.org/showthread.php?113699-How-to-have-both-an-openid-login-and-a-form-login-side-by-side