From Ray Krueger on the Spring Security mailing list:
I've pulled the OpenID module out of the sand box, but rather than merging it into core, it is it's own module. Meaning that integrating it into a project will require both the spring-security-core and spring-security-openid jar files. The OpenID module has also been added to the parent pom.xml, which means that when you run "mvn install" on the root project it will install the OpenID module as well. I'd like to bump up the test coverage in some spots and we definitely need to get some documentation going. We should be able to tighten this up by the time Luke releases Spring-Security 2.0.
That being said, I wouldn't call the OpenID support "done". It is out of the sandbox though and that's good news.
So pull down the code and have a look see...
To see what's happened with OpenID support in Spring Security recently, see Ray Krueger's blog post.
Has anyone had a chance to test this in their applications? I'd love to see an example of using OpenID with SS 2's simplified syntax.