Results 1 to 2 of 2

Thread: OpenID Integration [newbie here]

  1. Feb 11th, 2010, 11:54 AM #1
    logjam
    logjam is offline Junior Member
    Join Date
    Feb 2010
    Posts
    3

    Default OpenID Integration [newbie here]

    Hey all,

    Ok, so what I want is exactly what this blog is describing: http://hillert.blogspot.com/2010/01/...s-with_27.html. Basically, a normal login along with the choice of an OpenID -- however, if the OpenID is not recognized then redirect the user to a registration page (attributes supplied or not). I will describe what I've done so far, and hopefully get some feedback from you good people

    First, I understand that there is an <openid-login />, which is described by Spring Docs:
    "Similar to <form-login> and has the same attributes. The default value for login-processing-url is "/j_spring_openid_security_check". An OpenIDAuthenticationFilter and OpenIDAuthenticationProvider will be registered. The latter requires a reference to a UserDetailsService. Again, this can be specified by Id, using the user-service-ref attribute, or will be located automatically in the application context."

    Well, OK, this sounds like a starting place, so I added this to my applicationContext.xml:
    Code:
    <http auto-config="true" access-denied-page="/unauthorized">
        <form-login login-page="/login" login-processing-url="/login/process" default-target-url="/"
                    authentication-failure-url="/login?login_failed=1" />
        <logout logout-url="/logout" logout-success-url="/" />
        <intercept-url pattern="/admin/**" access="ROLE_admin" />
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_user"/>
        <anonymous />
        <http-basic />
        <openid-login user-service-ref="userDetailsServiceOpenID" />
        <remember-me/>
        <logout />
    </http>
    And added this bean:
    Code:
    <beans:bean id="userDetailsServiceOpenID" class="com.mycompany.authopenid" />
    In my authopenid namespace, I've implemented the UserDetailsService class: UserDetails(), loadUserByUsername(..)
    From within this namespace, I attempt to load a user who is associated with this token (from a couchdb db) and return that info as a UserDetails object via loadUserByUsername()...

    Where is this object going?? My guess is to OpenIDAuthenticationProvider, since it requires a reference to a UserDetailsService object.

    After that, I'm fuzzy about what happens -- if anyone can give me a high-level view of what I'm doing as opposed to what I *want*, I would be extremely grateful!

    Lastly, I know what I'm doing is unlike what the author of the blog post does -- so that's my other question, is my way even going to work, or am I going to have to extend some classes the way he does to get the behavior I want?

    Thanks so much for reading!
    Log
  2. Feb 11th, 2010, 04:08 PM #2
    logjam
    logjam is offline Junior Member
    Join Date
    Feb 2010
    Posts
    3

    Default

    All right, so no luck so far -- I've decided to fool around and try to emulate as much from the blog post (http://hillert.blogspot.com/2010/01/...s-with_27.html) as possible. Initially, I have this:

    Code:
    <security:http  ......<edit for brevity> 
       .
       .
       .
  <security:custom-filter ref="openIDFilter" position="OPENID_FILTER" />
</security:http>

<bean id="openIDFilter" class="org.jrecruiter.web.security.RegistrationAwareOpenIDAuthenticationFilter">
  <property name="authenticationManager"               ref="authenticationManager"/>
  <property name="consumer" 			               ref="attributeAwareOpenIDConsumer"/>
  <property name="authenticationSuccessHandler"        ref="openIDFilterSuccess"/>
  <property name="authenticationFailureHandler"        ref="openIDFilterFailure"/>
  <property name="registrationTargetUrlRequestHandler" ref="openIDFilterRedirectToRegistration"/>
</bean>

<bean id="openIDFilterRedirectToRegistration" class="org.jrecruiter.web.security.RegistrationTargetUrlRequestHandler">
  <property name="defaultTargetUrl" value="/registration/signup.html"/>
</bean>
<bean id="openIDFilterSuccess" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
  <property name="defaultTargetUrl" value="/admin/index.html"/>
</bean>
 
<bean id="openIDFilterFailure" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
  <property name="defaultFailureUrl" value="/login.html?status=error"/>
</bean>

<bean id="attributeAwareOpenIDProvider" class="org.jrecruiter.web.security.AttributeAwareOpenIDProvider" scope="prototype">
  <constructor-arg ref="userService"/>
</bean>

<bean id="attributeAwareOpenIDConsumer" class="org.jrecruiter.web.security.AttributeAwareOpenIDConsumer"/>
    Ok, so it looks like I have some customization to do -- fine and good -- however, notice towards the bottom there is a "userService" ref being passed into the constructor for the AttributeAwareOpenIDProvider: I'm assuming this is the UserDetailsService the blog author refers to in his post. So how would declare this "userService" object in my context file?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules