Spring Security, OpenID, Wicket Demo

I completed the setup of a small application that use Spring Security to perform an OpenID authentication. The application integrates also SpringSecurity and Wicket Security. Follows some details.

The demo conatains two different solutions, one uses the spring namespace, the other configures explicilty Spring security filters and providers.

The main issue to solve is how store the OpenID attributes returned from the OpenID provider to the Sprin UserDetails object.

Spring Security Name Space OpenID Setup

Through the element <openid-login/> Spring  auto-configures an OpenIDAuthenticationFilter and an OpenIDAuthenticationProvider. The element <attribute-exchange/> contains all the  OpenId attribute element to ask to the provider.

<security:http>
 <security:anonymous enabled="false" />
 <security:logout />
 <security:openid -login authentication-success-handler-ref="authenticationSuccessHandler" login-page="/login" authentication-failure-url="/?login_error=true" >
 <security:attribute -exchange>
 <security:openid -attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
 <security:openid -attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
 <security:openid -attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
 <security:openid -attribute name="language" type="http://axschema.org/pref/language" required="true" />
 </security:attribute>
 </security:openid>
 <security:remember -me key="alessandro-vincelli-openid" />
</security:http>

To be continue…

DEMO: http://demo.alessandro.vincelli.name/openid/

Source: http://youeat.googlecode.com/svn/spring-security-open-id