I am using Spring Security in our application
My requirement intially was to allow a user to login to our application using open id. I was able to do so referring to online tutorials on using open id in Spring sercurity.
eg:
...
<http auto-config="false">
...
<openid-login authentication-failure-url="/FailurePage.jsp" default-target-url="/SuccessPage.jsp" user-service-ref="openIdUserService"/>
...
</http>
...
<beans:bean id="openIdAuthenticationProvider" class="org.springframework.security.providers.openid.OpenIDAuthenticationProvider">
...
</beans:bean>
<beans:bean id="openIdUserService" class="com.capgent.cpt.server.services.auth.OpenIDUserDetailsService">
...
</beans:bean>
...
and a class as:
public class OpenIDUserDetailsService implements UserDetailsService
{
public UserDetails loadUserByUsername(String openIdUrl) throws UsernameNotFoundException, DataAccessException
{
//Validate the openid from our database here ...
}
}
I now have a requirement to allow an existing user to "attach" his open id to our application. meaning that a user that is logged in, will add his open id into the system so that next time he can login using that open id.
So, given that i know the open id url eg: https://www.google.com/accounts/o8/id
How do I prompt user to login to the third party such as google and then return to our app and extract the open id url?
Will roles help me here ?