Dealing with OpenId(5)Spring Security and OpenId Work together

Dealing with OpenId(5)Spring Security and OpenId Work together

1. The Spring Security Version
<properties>
<spring.version>3.1.1.RELEASE</spring.version>
<spring-security.version>3.1.0.M2</spring-security.version>
</properties>
...snip...
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency>
<groupId>org.openid4java</groupId>
<artifactId>openid4java-nodeps</artifactId>
<version>0.9.6</version>
</dependency>

2. My spring security configuration file security-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
           http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:authentication-manager>
<security:authentication-provider ref="openidAuthenticationProvider" />
<security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>
    <bean id="openidAuthenticationProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">
        <property name="userDetailsService" ref="registeringUserService" />
    </bean>
    <bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="registeringUserService" />
    </bean>
    <security:http pattern="/openidlogin.jsp*" security="none"/>
   <security:http pattern="/images/*" security="none" />
   <security:http pattern="/css/*" security="none" />
   <security:http pattern="/js/*" security="none" />   
    <security:debug />
    <security:http access-denied-page="/denied.jsp" use-expressions="true">
    <security:form-login login-processing-url="/j_spring_security_check" login-page="/openidlogin.jsp" authentication-failure-url="/openidlogin.jsp?login_error=true"/>
    <security:intercept-url pattern="/index.jsp" access="permitAll" />
        <security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
        <security:intercept-url pattern="/super/**" access="hasRole('ROLE_SUPERVISOR')" />
        <security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
        <security:intercept-url pattern="/**" access="denyAll" />
        <security:logout
            invalidate-session="true"
            logout-success-url="/openidlogin.jsp"
            logout-url="/j_spring_security_logout"/>
        <security:openid-login
            user-service-ref="registeringUserService"
            authentication-failure-url="/openidlogin.jsp?login_error=true"
            default-target-url="/index.jsp">
            <security:attribute-exchange identifier-match="https://www.google.com/.*">
                <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
                <security:openid-attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
                <security:openid-attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
            </security:attribute-exchange>
            <security:attribute-exchange identifier-match=".*yahoo.com.*">
                <security:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
                <security:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true" />
            </security:attribute-exchange>
            <security:attribute-exchange identifier-match=".*myopenid.com.*">
               <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
               <security:openid-attribute name="fullname" type="http://schema.openid.net/namePerson" required="true" />
            </security:attribute-exchange>
        </security:openid-login>
    </security:http>
   
   <bean id="registeringUserService" class="com.sillycat.easyopenidgoogle.service.OpenIdUserDetailsService" />

3. My java source code for load the userdetail by username and email from openid
I just add some mock codes here, if I want, I can get to a database or XML file to do that.
package com.sillycat.easyopenidgoogle.service;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.openid.OpenIDAttribute;
import org.springframework.security.openid.OpenIDAuthenticationToken;

import com.sillycat.easyopenidgoogle.model.GoogleUser;
import com.sillycat.easyopenidgoogle.model.UserAuthority;
import com.sillycat.easyopenidgoogle.model.UserRole;

public class OpenIdUserDetailsService implements UserDetailsService,
AuthenticationUserDetailsService<OpenIDAuthenticationToken> {

private final Map<String, GoogleUser> registeredUsers = new HashMap<String, GoogleUser>();

public UserDetails loadUserDetails(OpenIDAuthenticationToken openIDToken)
throws UsernameNotFoundException {
String id = openIDToken.getIdentityUrl();
System.out.println("identy = " + id);
String email = null;
String firstName = null;
String lastName = null;
String fullName = null;
List<OpenIDAttribute> attributes = openIDToken.getAttributes();
for (OpenIDAttribute attribute : attributes) {
if (attribute.getName().equals("email")) {
email = attribute.getValues().get(0);
System.out.println("email = " + email);
}
if (attribute.getName().equals("firstName")) {
firstName = attribute.getValues().get(0);
System.out.println("firstName = " + firstName);
}
if (attribute.getName().equals("lastName")) {
lastName = attribute.getValues().get(0);
System.out.println("lastName = " + lastName);
}
if (attribute.getName().equals("fullname")) {
fullName = attribute.getValues().get(0);
System.out.println("fullName = " + fullName);
}
}
GoogleUser user = new GoogleUser();
user.setUsername(email);

UserRole userRole = new UserRole();
UserAuthority userAuthority = new UserAuthority();
userAuthority.setAuthorityAlias("Access the main page!");
userAuthority.setAuthorityName("ROLE_USER");
userRole.getRoleAuthorities().add(userAuthority);
user.getUserRoles().add(userRole);
registeredUsers.put(id, user);
return user;
}

public UserDetails loadUserByUsername(String id)
throws UsernameNotFoundException {
GoogleUser user = registeredUsers.get(id);
if (id == null) {
throw new UsernameNotFoundException(id);
}
if (user == null) {
user = new GoogleUser();
user.setUsername(id);
user.setPassword("111111");

UserRole userRole = new UserRole();
UserAuthority userAuthority = new UserAuthority();
userAuthority.setAuthorityAlias("Access the main page!");
userAuthority.setAuthorityName("ROLE_USER");
userRole.getRoleAuthorities().add(userAuthority);
user.getUserRoles().add(userRole);
}
return user;
}
}

That is it. I only need 2 forms to login:
<form name="f1" action="j_spring_openid_security_check" method="POST">
<table>
        <tr>
        <td>OpenID Identity:</td>
        <td><input type='text' name='openid_identifier' value='https://www.google.com/accounts/o8/id'/></td></tr>
        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
      </table>
</form>

<form name="f2" action="j_spring_security_check" method="POST">
      <table>
        <tr>
        <td>User Name:</td>
        <td><input id="j_username" type='text' name='j_username' style="width:150px" /></td>
        </tr>
        <tr>
        <td>Password: </td>
        <td><input id="j_password" type='password' name='j_password' style="width:150px" /></td>
        </tr>
        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
      </table>
</form>

references:
http://http.git.springsource.org/greenhouse/greenhouse.git
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#ns-openid
http://forum.springsource.org/showthread.php?113699-How-to-have-both-an-openid-login-and-a-form-login-side-by-side


你可能感兴趣的:(Spring Security)