Steps to Enable OpenID Authentication in Spring-Security Application
Steps to Enable OpenID Authentication in Spring-Security Application
To enable OpenID authentication along with normal username password login.
Join the DZone community and get the full member experience.
Join For FreeDo you need to strengthen the security of the mobile apps you build? Discover more than 50 secure mobile development coding practices to make your apps more secure.
A) Changes in spring-Security.xml
1. To enable OpenID authentication along with normal username password login, add
<openid-login
authentication-failure-handler-ref="authenticationFailureHandler"
default-target-url="/"
authentication-success-handler-ref="authenticationSuccessHandler"
user-service-ref="customUserDetailsService" >
<attribute-exchange identifier-match="https://www.google.com/.*">
<openid-attribute name="axContactEmail" type="http://axschema.org/contact/email"
required="true"/>
<openid-attribute name="oiContactEmail" type="http://schema.openid.net/contact/email"
required="true"/>
<openid-attribute name="axNamePersonFullname" type="http://axschema.org/namePerson"
required="true"/></attribute-exchange>
</openid-login>to the <http> element where form-login is defined.
2. Add
<authentication-provider user-service-ref="userAuthenticationProvider"/>as child element to <authentication-manager>.
3. Define bean alias
<beans:alias name="customUserDetailsService" alias="userAuthenticationProvider"/>4. Define “authenticationFailureHandler” bean.
<beans:bean id="authenticationFailureHandler"
class="com.hcentive.portal.employer.service.impl.CustomFailureHandler">
<beans:property name="defaultFailureUrl" value="/access-denied"/>
<beans:property name="companyInfoURL" value="/register/companyInformation" />
</beans:bean>5. Define “authenticationSuccessHandler” bean.
(No need to define authenticationSuccessHandler if you have defined
authenticationSuccessHandler for form-login)
<beans:bean id="authenticationSuccessHandler"
class="com.hcentive.portal.employer.service.impl.CustomSuccessHandler">
<beans:property name="companyInfoURL" value="/register/companyInformation"/>
</beans:bean>6. Define customUserDetailsService bean.
<beans:bean id="customUserDetailsService"
class="com.hcentive.portal.employer.service.impl.CustomUserDetailsService"/>B) Sample Implementation of beans defined in config file.
1. CustomUserDetailsService
publicclass CustomUserDetailsService implements UserDetailsService,
{
/**
* Retrieves a user record containing the user's credentials and access.
*/
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
final String userIdentifier = username.split("=")[1];
try{
//provide implementation to search user with username in database and
// return a user of type UserDetails
} catch (Exception e) {
//if user not found in database throw exception
thrownew UsernameNotFoundException("Error in retrieving user");
}
}
}2. AuthenticationFailureHandle
publicclass CustomFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
publicvoid onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
if (exception instanceof UsernameNotFoundException
&& exception.getAuthentication() instanceof
OpenIDAuthenticationToken) {
OpenIDAuthenticationToken token = (OpenIDAuthenticationToken) exception
.getAuthentication();
if (OpenIDAuthenticationStatus.SUCCESS.equals(token.getStatus())) {
// getting attributes passed by google/openID provider
final List<OpenIDAttribute> attrList = token.getAttributes();
String username = (String) token.getPrincipal();
//provide implementation to create user from information passed from
//openID provider and save this user in database
//then redirect to redirectURL.
DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, “redirectURL”);
} else {
super.onAuthenticationFailure(request, response, exception);
}
} 3. AuthenticationSuccessHandler
publicclass CustomSuccessHandler extends
SavedRequestAwareAuthenticationSuccessHandler {
@Override
publicvoid onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws ServletException, IOException {
//provide implementation to set user data in session
//redirecting to landing page
getRedirectStrategy().sendRedirect(request, response, “landingpageURL”);
}
super.onAuthenticationSuccess(request, response, authentication);
}
C) JSP changes.
1) Add following code to login page.
<c:url var="googleLogoUrl" value="/resources/google-logo.png" />
<img src="${googleLogoUrl}"></img>
<form action="j_spring_openid_security_check" method="post">For Google users:
<input name="openid_identifier" type="hidden"
value="https://www.google.com/accounts/o8/id"/>
<input type="submit" value="Sign with Google"/>
</form>D) Steps to Test Application:
1. On click of "Sign with Google" button it should redirect to Google login page.
2. After successful authentication with Google use should come to landing page.
Check out tips for blazing the way from agile to DevSecOps with security built into your mobile app toolchain.
Like This Article? Read More From DZone
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}