How can I get a hold of OpenID attributes in UserDetailsService?

**kdekooter** · Mar 22nd, 2011, 04:14 PM

I am trying to get to them by calling SecurityContextHolder.getContext().getAuthenticati on() but apparently the Authentication is empty at this point.

**blaine** · Mar 22nd, 2011, 07:24 PM

Originally Posted by kdekooter

I am trying to get to them by calling SecurityContextHolder.getContext().getAuthenticati on() but apparently the Authentication is empty at this point.

Your AuthenticationUserDetailsService.loadUserDetails() implementation gets an OpenIDAuthenticationToken as input param. Run .getAttributes() on that.

**pmularien** · Mar 22nd, 2011, 09:44 PM

Also, make sure that you check after the user has returned from the OpenID provider. Also note that the actual availability of attributes varies widely by provider, so depending on the provider the user is authenticating with, you may or may not get attributes you want (e.g. email).

**blaine** · Mar 23rd, 2011, 06:18 AM

Originally Posted by pmularien

Also, make sure that you check after the user has returned from the OpenID provider...

I don't know what you mean. Unless I'm misunderstanding the process, loadUserDetails is only ever called after the user has returned from the OpenID provider. How else could the provider-supplied attribute list be provided for examination?

**Kees de Kooter** · Mar 23rd, 2011, 09:07 AM

That sounds promising! How would I have to configure this?

This is a snippet of my current context:

Code:

    <authentication-manager>
        <authentication-provider user-service-ref="combinedUserDetailsService"/>
    </authentication-manager>

An implentation of AuthenticationUserDetailsService is not accepted as an authentication provider.

**blaine** · Mar 23rd, 2011, 10:47 AM

Originally Posted by Kees de Kooter

That sounds promising! How would I have to configure this?

Study the openid sample webapp.

**Kees de Kooter** · Mar 23rd, 2011, 03:04 PM

Thanks Blaine,

I agree that I should do my own homework ;-). However the openid sample app does not give me a clue of how to configure this. No AuthenticationUserDetailsService in sight.

Please note that I am using Spring Security 3.0.5.

**blaine** · Mar 23rd, 2011, 03:20 PM

Originally Posted by Kees de Kooter

Thanks Blaine,

I agree that I should do my own homework ;-). However the openid sample app does not give me a clue of how to configure this. No AuthenticationUserDetailsService in sight.

Please note that I am using Spring Security 3.0.5.

Giving you the benefit of the doubt-- get the sample from the tip of the master branch. Not 100% that everything will work like in 3.0.5, but I suspect it's very close. If you still say it doesn't show how to configure and you don't see an AuthenticationUserDetailsService, you are not expending as much effort as I have expended in answering you.

Thread: How can I get a hold of OpenID attributes in UserDetailsService?

Thread Tools

Display

How can I get a hold of OpenID attributes in UserDetailsService?

Posting Permissions