Steps to Enable OpenID Authentication in Spring-Security Application
Steps to Enable OpenID Authentication in Spring-Security Application
To enable OpenID authentication along with normal username password login.
Join the DZone community and get the full member experience.
Join For FreeDevOps involves integrating development, testing, deployment and release cycles into a collaborative process. Learn more about the 4 steps to an effective DevSecOps infrastructure.
A) Changes in spring-Security.xml
1. To enable OpenID authentication along with normal username password login, add
<openid-login
authentication-failure-handler-ref="authenticationFailureHandler"
default-target-url="/"
authentication-success-handler-ref="authenticationSuccessHandler"
user-service-ref="customUserDetailsService" >
<attribute-exchange identifier-match="https://www.google.com/.*">
<openid-attribute name="axContactEmail" type="http://axschema.org/contact/email"
required="true"/>
<openid-attribute name="oiContactEmail" type="http://schema.openid.net/contact/email"
required="true"/>
<openid-attribute name="axNamePersonFullname" type="http://axschema.org/namePerson"
required="true"/></attribute-exchange>
</openid-login>to the <http> element where form-login is defined.
2. Add
<authentication-provider user-service-ref="userAuthenticationProvider"/>as child element to <authentication-manager>.
3. Define bean alias
<beans:alias name="customUserDetailsService" alias="userAuthenticationProvider"/>4. Define “authenticationFailureHandler” bean.
<beans:bean id="authenticationFailureHandler"
class="com.hcentive.portal.employer.service.impl.CustomFailureHandler">
<beans:property name="defaultFailureUrl" value="/access-denied"/>
<beans:property name="companyInfoURL" value="/register/companyInformation" />
</beans:bean>5. Define “authenticationSuccessHandler” bean.
(No need to define authenticationSuccessHandler if you have defined
authenticationSuccessHandler for form-login)
<beans:bean id="authenticationSuccessHandler"
class="com.hcentive.portal.employer.service.impl.CustomSuccessHandler">
<beans:property name="companyInfoURL" value="/register/companyInformation"/>
</beans:bean>6. Define customUserDetailsService bean.
<beans:bean id="customUserDetailsService"
class="com.hcentive.portal.employer.service.impl.CustomUserDetailsService"/>B) Sample Implementation of beans defined in config file.
1. CustomUserDetailsService
publicclass CustomUserDetailsService implements UserDetailsService,
{
/**
* Retrieves a user record containing the user's credentials and access.
*/
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
final String userIdentifier = username.split("=")[1];
try{
//provide implementation to search user with username in database and
// return a user of type UserDetails
} catch (Exception e) {
//if user not found in database throw exception
thrownew UsernameNotFoundException("Error in retrieving user");
}
}
}2. AuthenticationFailureHandle
publicclass CustomFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
publicvoid onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
if (exception instanceof UsernameNotFoundException
&& exception.getAuthentication() instanceof
OpenIDAuthenticationToken) {
OpenIDAuthenticationToken token = (OpenIDAuthenticationToken) exception
.getAuthentication();
if (OpenIDAuthenticationStatus.SUCCESS.equals(token.getStatus())) {
// getting attributes passed by google/openID provider
final List<OpenIDAttribute> attrList = token.getAttributes();
String username = (String) token.getPrincipal();
//provide implementation to create user from information passed from
//openID provider and save this user in database
//then redirect to redirectURL.
DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, “redirectURL”);
} else {
super.onAuthenticationFailure(request, response, exception);
}
} 3. AuthenticationSuccessHandler
publicclass CustomSuccessHandler extends
SavedRequestAwareAuthenticationSuccessHandler {
@Override
publicvoid onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws ServletException, IOException {
//provide implementation to set user data in session
//redirecting to landing page
getRedirectStrategy().sendRedirect(request, response, “landingpageURL”);
}
super.onAuthenticationSuccess(request, response, authentication);
}
C) JSP changes.
1) Add following code to login page.
<c:url var="googleLogoUrl" value="/resources/google-logo.png" />
<img src="${googleLogoUrl}"></img>
<form action="j_spring_openid_security_check" method="post">For Google users:
<input name="openid_identifier" type="hidden"
value="https://www.google.com/accounts/o8/id"/>
<input type="submit" value="Sign with Google"/>
</form>D) Steps to Test Application:
1. On click of "Sign with Google" button it should redirect to Google login page.
2. After successful authentication with Google use should come to landing page.
Read the 4-part DevOps testing eBook to learn how to detect problems earlier in your DevOps testing processes.
Like This Article? Read More From DZone
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}