Custom UserService for OpenID

**paranoiabla** · Nov 14th, 2009, 06:21 AM

Hi guys,

I am fairly new to Spring, so don't be mad at me. What I want to achieve is a form that allows the user to login with one of these:
- custom username/password stored in my DB
- openid identity.

I already implemented a custom user service for my JDBC login that populates my custom User principal (I need to store some extra fields from the DB), but I have signnificant troubles implementing user-service for the openID authentication provider. For now I have placed this

<user-service id="userService">
<user name="http://user.myopenid.com/" password="notused" authorities="ROLE_USER" />
</user-service>

in my security.xml but as far as I understand this would work only for 1 user called 'user' and it will not populate my custom pruincipal.

If you could point me to an article on how to implement the custom user service for openID that would be great.

Thanks a lot.

**pmularien** · Nov 14th, 2009, 08:10 AM

If you're using Spring Sec 3, OpenID support is built in. Ref: Link.

Typically, OpenID auth doesn't require a different UserService, just keep in mind that the password stored in the user service will never be used.

**paranoiabla** · Nov 14th, 2009, 08:51 AM

Hi and thanks for the reply,

Yes, I am using Spring Security 3.0.RC1. I saw the refence link you pointed. With the jdbc user-details-service i able to put some information, like ranking-points in the custom-principal:

Code:

loadUserByUsername(String username) {
		SimpleJdbcTemplate sjt = new SimpleJdbcTemplate(getDataSource());
		User user = sjt.queryForObject(sql, new UserMapper(), source);
		return user;
}
.......

@Override
public User mapRow(ResultSet rs, int arg1) throws SQLException {
         BeechUserPrincipal principal = new BeechUserPrincipal(rs.getString("username"), rs.getString("password"), true, true, true, true, getAuthorities(rs.getString("authority").equalsIgnoreCase("ROLE_ADMIN")));
         principal.setRankingPoints(rs.getInt("rankingPoints"));
	 return principal;
}

but if I don't implement a user-service how could I achieve this?

**paranoiabla** · Nov 14th, 2009, 02:27 PM

OK, I made it.. here is the code:

Code:

	public UserDetails loadUserByUsername(String openIDURL)
			throws UsernameNotFoundException, DataAccessException {

		String sql = "SELECT username, credit FROM users WHERE open_id=?";

		Integer points = null;
		String username = openIDURL;
		
		try {
			PreparedStatement stmt = ImporterUtil.getJDBCConnection().prepareStatement(sql);
			stmt.setString(1, openIDURL);
			ResultSet rs = stmt.executeQuery();
			if (rs.next()) {
				points = rs.getInt("points");
				username = rs.getString("username");
			} else {
				//not registered
				credit = -1;
			}
			
		} catch (SQLException e) {
			e.printStackTrace();
		}
		
		
		BeechUserPrincipal principal = new BeechUserPrincipal(username, "notused", true, true, true, true, getAuthorities(false));
		principal.setPoints(points);
		
		return principal;
	}

Thread: Custom UserService for OpenID

Thread Tools

Display

Custom UserService for OpenID

Tags for this Thread

Posting Permissions