Spring Security, OpenID, Wicket Demo

I completed the setup of a small application that use Spring Security to perform an OpenID authentication. The application integrates also SpringSecurity and Wicket Security. Follows some details.

The demo conatains two different solutions, one uses the spring namespace, the other configures explicilty Spring security filters and providers.

The main issue to solve is how store the OpenID attributes returned from the OpenID provider to the Sprin UserDetails object.

Spring Security Name Space OpenID Setup

Through the element <openid-login/> Spring  auto-configures an OpenIDAuthenticationFilter and an OpenIDAuthenticationProvider. The element <attribute-exchange/> contains all the  OpenId attribute element to ask to the provider.

 <security:anonymous enabled="false" />
 <security:logout />
 <security:openid -login authentication-success-handler-ref="authenticationSuccessHandler" login-page="/login" authentication-failure-url="/?login_error=true" >
 <security:attribute -exchange>
 <security:openid -attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
 <security:openid -attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
 <security:openid -attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
 <security:openid -attribute name="language" type="http://axschema.org/pref/language" required="true" />
 <security:remember -me key="alessandro-vincelli-openid" />

To be continue…

DEMO: http://demo.alessandro.vincelli.name/openid/

Source: http://youeat.googlecode.com/svn/spring-security-open-id

YouEat techs

YouEat is an open source application. You can check the code at http://code.google.com/p/youeat/.

YouEat is a Java application built only with open-source software:

  • Apache Wicket, for the web interface
  • Spring Framework is the glue for all the components
  • Hibernate is the JPA implementation
  • Apache Lucene to implement the internal search engine
  • Apache Maven is the dev manager
  • JUnit is test suite
  • PostgreSQL is the database engine

My idea is create an easy to read application… therefore any feedback is well accepted ;-)

JackWicket improvements

ImprovementsI changed a lot on the core of jackwicket.
Pricincipally I moved from the jcr-spring-modules to the new org.springframework.se-jcr.

I also removed the DAO infrastucre and I simplified the implemetation of the service layer. To rebuild the Service Layer I used basically the JcrMappingTemplate, but in order to have a Generic interface I extended this class with JcrMappingTemplateGeneric that offers a type safe implementation of the super class.

You can find some samples in the implementation of the  service layer in JackWicket.

Project website
Continuous integration (not available)
Code Quality(not available)

Thanks Salvo for the technical advice :)