Defining Bean for Specialized OpenID4JavaConsumer in http Namespace

[hooknc]

Hi Everyone,

I've got a dilemma that I'm hoping someone will be able to help me with...

We've been using the security:http namespace to implement our security for our web application.

I've run into a requirement that requires me to extend and specialize the org.springframework.security.openid.OpenID4JavaCon sumer class.

How do I inject this new instance into the org.springframework.security.openid.OpenIDAuthenti cationFilter class that is instanciated by the <security:openid-login> tag?

I know of the following bean names:
org.springframework.security.openid.OpenIDAuthenti cationFilter#0
org.springframework.security.openid.OpenIDAuthenti cationProvider#0

But, for the newly written class that extends OpenID4JavaConsumer I need to pass the different openid attributes that are created using the <security-openid-attribute>?

Even better, where are there resources that explain how the entire security:http namespace is programmed or configured so I can figure this out for myself in the future.

Thank you for your time.

[Luke Taylor]

You'll need to configure the filter as an explicit bean if you want to modify the consumer implementation. Add it to the filter stack using the "custom-bean" element.

[Rob Winch]

Even better, where are there resources that explain how the entire security:http namespace is programmed or configured so I can figure this out for myself in the future.

You can refer to the spring-security-configuration project for how this is done. Luke's blog entry is a good description on what is happening in the namespace configuration.

[hooknc]

Thank you both for your replies. I was able to wire everything up and get things working.

I do wish there was a resourse explaining/showing how all the beans are wired together behind the scenes. That way if a developer, such as myself, was required to hand wire something together we would be sure that we didn't use a wrong class or forget to add something that might be needed.

[Luke Taylor]

I do wish there was a resourse explaining/showing how all the beans are wired together behind the scenes. That way if a developer, such as myself, was required to hand wire something together we would be sure that we didn't use a wrong class or forget to add something that might be needed.

That's kind of what that blog article is intended to do, and the namespace appendix gives an indication of the main classes involved so tat you can check the APIs for them. Anything beyond that would be a bit of a tall order as there are a very large number of possible configurations. You would effectively be reproducing the Javadoc for the beans involved and namespace parsing code in a (very large) document. There comes a point when the code and its APIs is your best (and most up-to-date) reference.

[Rob Winch]

Just so you know all the configuration goes on inside the spring-security-config project's SecurityNamespaceHandler as a starting point. Another option is to use Spring Tool Suite (STS) which can draw a visual Graph of the beans created. You can enter in the configuration and use STS to view what was created. Hover over the items to see what class it created.