views:

23

answers:

0

I am using Spring Security in our application

My requirement intially was to allow a user to login to our application using open id. I was able to do so referring to online tutorials on using open id in Spring sercurity.

eg:

...
<http auto-config="false">
        ...
        <openid-login authentication-failure-url="/FailurePage.jsp" default-target-url="/SuccessPage.jsp" user-service-ref="openIdUserService"/>
        ...
</http>
...
<beans:bean id="openIdAuthenticationProvider" class="org.springframework.security.providers.openid.OpenIDAuthenticationProvider">
    ...
</beans:bean>
<beans:bean id="openIdUserService" class="com.capgent.cpt.server.services.auth.OpenIDUserDetailsService">
    ...
</beans:bean>
...

and a class as:

public class OpenIDUserDetailsService implements UserDetailsService
{
    public UserDetails loadUserByUsername(String openIdUrl) throws UsernameNotFoundException, DataAccessException
    {
        //Validate the openid from our database here ...
    }
}

I now have a requirement to allow an existing user to "attach" his open id to our application. meaning that a user that is logged in, will add his open id into the system so that next time he can login using that open id.

So, given that i know the open id url eg: https://www.google.com/accounts/o8/id

How do I prompt user to login to the third party such as google and then return to our app and extract the open id url?

Will roles help me here ?