Platinum Partner
java,devops,security,spring,tips and tricks,openid

Steps to Enable OpenID Authentication in Spring-Security Application

To enable OpenID authentication along with normal username password login.

A) Changes in spring-Security.xml

1. To enable OpenID authentication along with normal username password login, add

  <openid-login

    authentication-failure-handler-ref="authenticationFailureHandler"

    default-target-url="/"

    authentication-success-handler-ref="authenticationSuccessHandler"

    user-service-ref="customUserDetailsService" >

  <attribute-exchange identifier-match="https://www.google.com/.*">

  <openid-attribute name="axContactEmail" type="http://axschema.org/contact/email" 

  required="true"/>

  <openid-attribute name="oiContactEmail" type="http://schema.openid.net/contact/email"

  required="true"/>

  <openid-attribute name="axNamePersonFullname" type="http://axschema.org/namePerson"

  required="true"/></attribute-exchange>

  </openid-login>

to the  <http> element where form-login is defined.

2. Add

<authentication-provider user-service-ref="userAuthenticationProvider"/>

as child element to <authentication-manager>.

3. Define bean alias

<beans:alias name="customUserDetailsService" alias="userAuthenticationProvider"/>

4. Define “authenticationFailureHandler” bean.

<beans:bean id="authenticationFailureHandler"

  class="com.hcentive.portal.employer.service.impl.CustomFailureHandler"> 

  <beans:property name="defaultFailureUrl" value="/access-denied"/>

  <beans:property name="companyInfoURL" value="/register/companyInformation" />

</beans:bean>

5.  Define  “authenticationSuccessHandler” bean.

  (No need to define authenticationSuccessHandler if you have defined 

  authenticationSuccessHandler for form-login)

<beans:bean id="authenticationSuccessHandler"

    class="com.hcentive.portal.employer.service.impl.CustomSuccessHandler">

    <beans:property name="companyInfoURL" value="/register/companyInformation"/>

</beans:bean>

6. Define customUserDetailsService bean.

<beans:bean id="customUserDetailsService" 

  class="com.hcentive.portal.employer.service.impl.CustomUserDetailsService"/>

B) Sample Implementation of beans defined in config file.

1.  CustomUserDetailsService

publicclass CustomUserDetailsService implements UserDetailsService,

   {

  /**

   * Retrieves a user record containing the user's credentials and access.

   */

  @Override

  public UserDetails loadUserByUsername(String username)

  throws UsernameNotFoundException, DataAccessException {

  final String userIdentifier = username.split("=")[1];

    try{ 

  //provide implementation to search user with username in database and

  //  return a user of type  UserDetails

  } catch (Exception e) {

  //if user not found in database throw exception

  thrownew UsernameNotFoundException("Error in retrieving user");

  }

  }

}

2.  AuthenticationFailureHandle

publicclass CustomFailureHandler extends SimpleUrlAuthenticationFailureHandler {

  @Override

  publicvoid onAuthenticationFailure(HttpServletRequest request,

  HttpServletResponse response, AuthenticationException exception)

  throws IOException, ServletException {

  if (exception instanceof UsernameNotFoundException

  && exception.getAuthentication() instanceof 

  OpenIDAuthenticationToken) {

  OpenIDAuthenticationToken token = (OpenIDAuthenticationToken) exception

  .getAuthentication();

    if (OpenIDAuthenticationStatus.SUCCESS.equals(token.getStatus())) {

    // getting attributes passed by google/openID provider

    final List<OpenIDAttribute> attrList = token.getAttributes();

  String username = (String) token.getPrincipal();

  //provide implementation to create user from information passed from 

  //openID provider and save this user in database

  //then redirect to redirectURL.

    DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    redirectStrategy.sendRedirect(request, response, “redirectURL”);

   } else {

  super.onAuthenticationFailure(request, response, exception);

  }

} 

3. AuthenticationSuccessHandler

  publicclass CustomSuccessHandler extends

  SavedRequestAwareAuthenticationSuccessHandler {

  @Override

  publicvoid onAuthenticationSuccess(HttpServletRequest request,

  HttpServletResponse response, Authentication authentication)

  throws ServletException, IOException {

  //provide implementation to set user data in session

  //redirecting to landing page

  getRedirectStrategy().sendRedirect(request, response, “landingpageURL”);

  }

  super.onAuthenticationSuccess(request, response, authentication);

  }

C) JSP changes.

1) Add following code to login page.

 <c:url var="googleLogoUrl" value="/resources/google-logo.png" />

  <img src="${googleLogoUrl}"></img>

  <form action="j_spring_openid_security_check" method="post">

  For Google users:

    <input name="openid_identifier" type="hidden"

  value="https://www.google.com/accounts/o8/id"/>

  <input type="submit" value="Sign with Google"/>

  </form>

D) Steps to Test Application:

1. On click of "Sign with Google" button it should redirect to Google login page.

2. After successful authentication with Google use should come to landing page.

 

{{ tag }}, {{tag}},

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}
{{ parent.authors[0].realName || parent.author}}

{{ parent.authors[0].tagline || parent.tagline }}

{{ parent.views }} ViewsClicks
Tweet

{{parent.nComments}}