Dealing with OpenId(4)Spring Security 3.1.M2
Only configure openid in spring security.
1. Security configuration file security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:authentication-manager alias="openIDAuthenticationManager" />
<security:http pattern="/openidlogin.jsp*" security="none"/>
<security:http pattern="/images/*" security="none" />
<security:http pattern="/css/*" security="none" />
<security:http pattern="/js/*" security="none" />
<security:debug />
<security:http auto-config="true" access-denied-page="/denied.jsp" use-expressions="true">
<security:form-login login-processing-url="/j_spring_security_check" login-page="/openidlogin.jsp" authentication-failure-url="/openidlogin.jsp?login_error=true"/>
<security:intercept-url pattern="/index.jsp" access="permitAll" />
<security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/super/**" access="hasRole('ROLE_SUPERVISOR')" />
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/**" access="denyAll" />
<security:logout
invalidate-session="true"
logout-success-url="/openidlogin.jsp"
logout-url="/j_spring_security_logout"/>
<security:openid-login
user-service-ref="registeringUserService"
login-page="/openidlogin.jsp"
authentication-failure-url="/openidlogin.jsp?login_error=true"
default-target-url="/index.jsp">
<security:attribute-exchange identifier-match="https://www.google.com/.*">
<security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
<security:openid-attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
<security:openid-attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
</security:attribute-exchange>
<security:attribute-exchange identifier-match=".*yahoo.com.*">
<security:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
<security:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true" />
</security:attribute-exchange>
<security:attribute-exchange identifier-match=".*myopenid.com.*">
<security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
<security:openid-attribute name="fullname" type="http://schema.openid.net/namePerson" required="true" />
</security:attribute-exchange>
</security:openid-login>
</security:http>
<bean id="registeringUserService" class="com.sillycat.easyopenidgoogle.service.OpenIdUserDetailsService" />
<!--
<security:user-service id="userService">
<security:user name="
[email protected]" authorities="ROLE_ADMIN,ROLE_USER" />
<security:user name="
[email protected]" authorities="ROLE_SUPERVISOR,ROLE_USER" />
<security:user name="
[email protected]" authorities="ROLE_USER" />
</security:user-service>
-->
</beans>
<security:debug /> is debug switch in my configuration file.
2. My openidlogin.jsp file:
<html>
<head>
<title>Open ID Login</title>
</head>
<body>
<br />
<p>Your principal object is....: <%= request.getUserPrincipal() %></p><br />
<h3>Please Enter Your OpenID Identity</h3>
<form name="f1" action="j_spring_openid_security_check" method="POST">
<table>
<tr>
<td>OpenID Identity:</td>
<td><input type='text' name='openid_identifier' value='https://www.google.com/accounts/o8/id'/></td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
<br />
<br />
<h3>Please Enter Your System User Name</h3>
<form name="f2" action="j_spring_security_check" method="POST">
<table>
<tr>
<td>User Name:</td>
<td><input id="j_username" type='text' name='j_username' style="width:150px" /></td>
</tr>
<tr>
<td>Password: </td>
<td><input id="j_password" type='password' name='j_password' style="width:150px" /></td>
</tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
</body>
</html>
3. pom.xml dependency:
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.10</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.expressme</groupId>
<artifactId>JOpenId</artifactId>
<version>1.08</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.openid4java</groupId>
<artifactId>openid4java-nodeps</artifactId>
<version>0.9.6</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy</artifactId>
<version>2.0.0-beta-2</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<version>1.7</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-tools</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.0.M2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.0.M2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.0.M2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.0.M2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>3.1.0.M2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>3.1.0.M2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.2-beta1</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>
...snip...
<repository>
<id>org.springframework.maven.milestone</id>
<name>Spring Maven Milestone Repository</name>
<url>http://maven.springframework.org/milestone</url>
</repository>
...snip...
<build>
<finalName>easyopenidgoogle</finalName>
<plugins>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.10</version>
<configuration>
<scanIntervalSeconds>10</scanIntervalSeconds>
<connectors>
<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>8080</port>
<maxIdleTime>60000</maxIdleTime>
</connector>
</connectors>
<contextPath>/easyopenidgoogle</contextPath>
</configuration>
</plugin>
</plugins>
</build>
4. My javqa class are as follow:
package com.sillycat.easyopenidgoogle.service;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.openid.OpenIDAttribute;
import org.springframework.security.openid.OpenIDAuthenticationToken;
import com.sillycat.easyopenidgoogle.model.GoogleUser;
import com.sillycat.easyopenidgoogle.model.UserAuthority;
import com.sillycat.easyopenidgoogle.model.UserRole;
public class OpenIdUserDetailsService implements UserDetailsService,
AuthenticationUserDetailsService<OpenIDAuthenticationToken> {
private final Map<String, GoogleUser> registeredUsers = new HashMap<String, GoogleUser>();
//private static final List<GrantedAuthority> DEFAULT_AUTHORITIES = AuthorityUtils
// .createAuthorityList("ROLE_USER");
public UserDetails loadUserDetails(OpenIDAuthenticationToken openIDToken)
throws UsernameNotFoundException {
String id = openIDToken.getIdentityUrl();
System.out.println("identy = " + id);
String email = null;
String firstName = null;
String lastName = null;
String fullName = null;
List<OpenIDAttribute> attributes = openIDToken.getAttributes();
for (OpenIDAttribute attribute : attributes) {
if (attribute.getName().equals("email")) {
email = attribute.getValues().get(0);
System.out.println("email = " + email);
}
if (attribute.getName().equals("firstName")) {
firstName = attribute.getValues().get(0);
System.out.println("firstName = " + firstName);
}
if (attribute.getName().equals("lastName")) {
lastName = attribute.getValues().get(0);
System.out.println("lastName = " + lastName);
}
if (attribute.getName().equals("fullname")) {
fullName = attribute.getValues().get(0);
System.out.println("fullName = " + fullName);
}
}
GoogleUser user = new GoogleUser();
user.setUsername(email);
UserRole userRole = new UserRole();
UserAuthority userAuthority = new UserAuthority();
userAuthority.setAuthorityAlias("Access the main page!");
userAuthority.setAuthorityName("ROLE_USER");
userRole.getRoleAuthorities().add(userAuthority);
user.getUserRoles().add(userRole);
registeredUsers.put(id, user);
return user;
}
public UserDetails loadUserByUsername(String id)
throws UsernameNotFoundException {
UserDetails user = registeredUsers.get(id);
if (user == null) {
throw new UsernameNotFoundException(id);
}
return user;
}
}
references:
http://www.packtpub.com/article/opening-up-to-openid-with-spring-security
http://repo1.maven.org/maven2/org/springframework/security/spring-security-samples-openid/3.0.7.RELEASE/
http://bsgdev.wordpress.com/2011/01/18/exploring-google-and-openid-login-with-spring-security-and-spring-roo/
http://www.springsource.org/download/community
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/sample-apps.html
https://fisheye.springsource.org/browse/spring-security/samples/openid
http://stackoverflow.com/questions/7309133/spring-security-with-openid-and-database-integration
http://krams915.blogspot.com/2011/02/spring-security-3-openid-login-with_13.html
http://forum.springsource.org/showthread.php?53230-Multiple-providers-with-AuthenticationManager
http://stackoverflow.com/questions/8306063/multiple-login-forms-different-authentication-managers-latest-spring-security
https://open.jira.com/svn/PEBBLE/trunk/src/main/webapp/WEB-INF/applicationContext-security.xml
http://forum.springsource.org/showthread.php?123956-Multiple-authentication-managers-Defined-But-Only-the-Last-One-Is-Applied
https://github.com/monger/Spring-Security-Multi-Auth-Manager-Test
http://lengyun3566.iteye.com/blog/1356124
https://open.jira.com/svn/PEBBLE/trunk/
http://my.safaribooksonline.com/book/programming/java/9781847199744/additional-reference-material/ch13lvl1sec08