如何使用Spring Security启用基于表单和OpenID登录?

时间:2014-11-29 12:41:00

标签: java spring jsp spring-security openid

我想允许用户使用标准的用户名/密码方法或使用OpenID提供程序(例如Google)登录我的Spring Web应用程序。我试图在互联网上关注该主题的各种教程,并获得OpenID和数据库用户名/密码auth工作,但从来没有在一起。一旦我添加了传统的用户名/密码登录,OpenID就停止了工作(当我点击OpenID登录按钮时,我再次被重定向到登录页面,好像我被禁止访问/ j_spring_openid_security_check页面一样。)

这是我的春季安全配置页面:

<security:http pattern="/login" security="none"/>
<security:http pattern="/resources/**" security="none"/>
<security:http pattern="/polymer/**" security="none"/>

<security:http>
    <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
    <security:intercept-url pattern="/**" access="ROLE_USER"/>
    <security:form-login default-target-url="/"
                         login-page="/login"
                         authentication-failure-url="/login?error"
                         username-parameter="username"
                         password-parameter="password"/>
    <security:openid-login user-service-ref="userService">
        <security:attribute-exchange identifier-match="https://www.google.com/.*">
            <security:openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/>
            <security:openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" />
            <security:openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true" />
            <security:openid-attribute name="fullname" type="http://axschema.org/namePerson/friendly" required="true" />
        </security:attribute-exchange>
    </security:openid-login>
    <security:logout logout-url="/logout" />
    <security:remember-me token-repository-ref="tokenRepo" user-service-ref="userService" />
</security:http>

<bean id="webexpressionHandler"
      class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

<bean id="tokenRepo" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl" />

<bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userService" />
    <property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <constructor-arg value="11"/>
</bean>

<security:authentication-manager>
    <security:authentication-provider ref="authProvider" />
</security:authentication-manager>

这是我的登录JSP页面:

<%-- Username / password login form, works perfectly --%>
<c:url value="j_spring_security_check" var="targetUrl" />
<form action="${targetUrl}" method="post">
  <div>
    <label><spring:message code="login.username"/> <input type="text" name="username" /></label>
  </div>
  <div>
    <label><spring:message code="login.password"/> <input type="password" name="password" /></label>
  </div>
  <div>
    <button type="submit"><spring:message code="login.submit" /></button>
  </div>
</form>

<%-- OpenID login form, doesn't work --%>
<c:url value='j_spring_openid_security_check' var="targetUrl"/>
<form action="${targetUrl}" method="post" id="openid-form">
  <h1>Sign in with Google</h1>
  <input type="hidden" name="action" value="verify" />
  <input type="hidden" id="openid_identifier" name="openid_identifier" value="https://www.google.com/accounts/o8/id" />
  <input id="openid_submit" type="submit" value="Sign-In"/>
</form>

感谢您的任何建议!

大卫

0 个答案:

没有答案
相关问题
最新问题