Announcement Announcement Module
No announcement yet.
Custom UserService for OpenID Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom UserService for OpenID

    Hi guys,

    I am fairly new to Spring, so don't be mad at me. What I want to achieve is a form that allows the user to login with one of these:
    - custom username/password stored in my DB
    - openid identity.

    I already implemented a custom user service for my JDBC login that populates my custom User principal (I need to store some extra fields from the DB), but I have signnificant troubles implementing user-service for the openID authentication provider. For now I have placed this

    <user-service id="userService">
    <user name="" password="notused" authorities="ROLE_USER" />

    in my security.xml but as far as I understand this would work only for 1 user called 'user' and it will not populate my custom pruincipal.

    If you could point me to an article on how to implement the custom user service for openID that would be great.

    Thanks a lot.

  • #2
    If you're using Spring Sec 3, OpenID support is built in. Ref: Link.

    Typically, OpenID auth doesn't require a different UserService, just keep in mind that the password stored in the user service will never be used.


    • #3
      Hi and thanks for the reply,

      Yes, I am using Spring Security 3.0.RC1. I saw the refence link you pointed. With the jdbc user-details-service i able to put some information, like ranking-points in the custom-principal:

      loadUserByUsername(String username) {
      		SimpleJdbcTemplate sjt = new SimpleJdbcTemplate(getDataSource());
      		User user = sjt.queryForObject(sql, new UserMapper(), source);
      		return user;
      public User mapRow(ResultSet rs, int arg1) throws SQLException {
               BeechUserPrincipal principal = new BeechUserPrincipal(rs.getString("username"), rs.getString("password"), true, true, true, true, getAuthorities(rs.getString("authority").equalsIgnoreCase("ROLE_ADMIN")));
      	 return principal;
      but if I don't implement a user-service how could I achieve this?


      • #4
        OK, I made it.. here is the code:

        	public UserDetails loadUserByUsername(String openIDURL)
        			throws UsernameNotFoundException, DataAccessException {
        		String sql = "SELECT username, credit FROM users WHERE open_id=?";
        		Integer points = null;
        		String username = openIDURL;
        		try {
        			PreparedStatement stmt = ImporterUtil.getJDBCConnection().prepareStatement(sql);
        			stmt.setString(1, openIDURL);
        			ResultSet rs = stmt.executeQuery();
        			if ( {
        				points = rs.getInt("points");
        				username = rs.getString("username");
        			} else {
        				//not registered
        				credit = -1;
        		} catch (SQLException e) {
        		BeechUserPrincipal principal = new BeechUserPrincipal(username, "notused", true, true, true, true, getAuthorities(false));
        		return principal;