Dealing with OpenId(5)Spring Security and OpenId Work together
Dealing with OpenId(5)Spring Security and OpenId Work together
1. The Spring Security Version
<properties>
<spring.version>3.1.1.RELEASE</spring.version>
<spring-security.version>3.1.0.M2</spring-security.version>
</properties>
...snip...
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency>
<groupId>org.openid4java</groupId>
<artifactId>openid4java-nodeps</artifactId>
<version>0.9.6</version>
</dependency>
2. My spring security configuration file security-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:authentication-manager>
<security:authentication-provider ref="openidAuthenticationProvider" />
<security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>
<bean id="openidAuthenticationProvider" ref="registeringUserService" />
</bean>
<bean id="authenticationProvider" ref="registeringUserService" />
</bean>
<security:http pattern="/openidlogin.jsp*" security="none"/>
<security:http pattern="/images/*" security="none" />
<security:http pattern="/css/*" security="none" />
<security:http pattern="/js/*" security="none" />
<security:debug />
<security:http access-denied-page="/denied.jsp" use-expressions="true">
<security:form-login login-processing-url="/j_spring_security_check" login-page="/openidlogin.jsp" authentication-failure-url="/openidlogin.jsp?login_error=true"/>
<security:intercept-url pattern="/index.jsp" access="permitAll" />
<security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/super/**" access="hasRole('ROLE_SUPERVISOR')" />
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/**" access="denyAll" />
<security:logout
invalidate-session="true"
logout-success-url="/openidlogin.jsp"
logout-url="/j_spring_security_logout"/>
<security:openid-login
user-service-ref="registeringUserService"
authentication-failure-url="/openidlogin.jsp?login_error=true"
default-target-url="/index.jsp">
<security:attribute-exchange identifier-match="https://www.google.com/.*">
<security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
<security:openid-attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
<security:openid-attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
</security:attribute-exchange>
<security:attribute-exchange identifier-match=".*yahoo.com.*">
<security:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
<security:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true" />
</security:attribute-exchange>
<security:attribute-exchange identifier-match=".*myopenid.com.*">
<security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
<security:openid-attribute name="fullname" type="http://schema.openid.net/namePerson" required="true" />
</security:attribute-exchange>
</security:openid-login>
</security:http>
<bean id="registeringUserService" />
3. My java source code for load the userdetail by username and email from openid
I just add some mock codes here, if I want, I can get to a database or XML file to do that.
package com.sillycat.easyopenidgoogle.service;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.openid.OpenIDAttribute;
import org.springframework.security.openid.OpenIDAuthenticationToken;
import com.sillycat.easyopenidgoogle.model.GoogleUser;
import com.sillycat.easyopenidgoogle.model.UserAuthority;
import com.sillycat.easyopenidgoogle.model.UserRole;
public class OpenIdUserDetailsService implements UserDetailsService,
AuthenticationUserDetailsService<OpenIDAuthenticationToken> {
private final Map<String, GoogleUser> registeredUsers = new HashMap<String, GoogleUser>();
public UserDetails loadUserDetails(OpenIDAuthenticationToken openIDToken)
throws UsernameNotFoundException {
String id = openIDToken.getIdentityUrl();
System.out.println("identy = " + id);
String email = null;
String firstName = null;
String lastName = null;
String fullName = null;
List<OpenIDAttribute> attributes = openIDToken.getAttributes();
for (OpenIDAttribute attribute : attributes) {
if (attribute.getName().equals("email")) {
email = attribute.getValues().get(0);
System.out.println("email = " + email);
}
if (attribute.getName().equals("firstName")) {
firstName = attribute.getValues().get(0);
System.out.println("firstName = " + firstName);
}
if (attribute.getName().equals("lastName")) {
lastName = attribute.getValues().get(0);
System.out.println("lastName = " + lastName);
}
if (attribute.getName().equals("fullname")) {
fullName = attribute.getValues().get(0);
System.out.println("fullName = " + fullName);
}
}
GoogleUser user = new GoogleUser();
user.setUsername(email);
UserRole userRole = new UserRole();
UserAuthority userAuthority = new UserAuthority();
userAuthority.setAuthorityAlias("Access the main page!");
userAuthority.setAuthorityName("ROLE_USER");
userRole.getRoleAuthorities().add(userAuthority);
user.getUserRoles().add(userRole);
registeredUsers.put(id, user);
return user;
}
public UserDetails loadUserByUsername(String id)
throws UsernameNotFoundException {
GoogleUser user = registeredUsers.get(id);
if (id == null) {
throw new UsernameNotFoundException(id);
}
if (user == null) {
user = new GoogleUser();
user.setUsername(id);
user.setPassword("111111");
UserRole userRole = new UserRole();
UserAuthority userAuthority = new UserAuthority();
userAuthority.setAuthorityAlias("Access the main page!");
userAuthority.setAuthorityName("ROLE_USER");
userRole.getRoleAuthorities().add(userAuthority);
user.getUserRoles().add(userRole);
}
return user;
}
}
That is it. I only need 2 forms to login:
<form name="f1" action="j_spring_openid_security_check" method="POST">
<table>
<tr>
<td>OpenID Identity:</td>
<td><input type='text' name='openid_identifier' value='https://www.google.com/accounts/o8/id'/></td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
<form name="f2" action="j_spring_security_check" method="POST">
<table>
<tr>
<td>User Name:</td>
<td><input id="j_username" type='text' name='j_username' style="width:150px" /></td>
</tr>
<tr>
<td>Password: </td>
<td><input id="j_password" type='password' name='j_password' style="width:150px" /></td>
</tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
references:
http://http.git.springsource.org/greenhouse/greenhouse.git
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#ns-openid
http://forum.springsource.org/showthread.php?113699-How-to-have-both-an-openid-login-and-a-form-login-side-by-side
