Geek asks and answers

Spring security openId support and user deauthentication

I am trying to cope with a situation where, after successful authentication using the openId provider, I find that my database does not have an account associated with the user's openId.

Can you tell me how I should deal with the situation. Now I show the registration form and ask the user to create an account. However, I have a problem with the user authentication status, now it is considered authenticated by the spring SecurityContext class.

How to disable user authentication in my controller action before redirecting to "Register a new user page"? Is this approach good or should I do it in some other way?

+5
source share
2 answers

Ok, so disabling authentication from authorization, as mentioned in a Samuel post, was really helpful. However, there are still a lot of errors, and I found that deauthentication is still necessary, because in spring there is no easy way to add a user to new roles. Thus, the easiest way is to force the user to log in again and let spring perform role assignment at the time of logging in.

spring , :

SecurityContextHolder.clearContext();

UserDetailsService (. ). , , openid . . , .

(), UserDetailsService, , - , :

public final class MyUserDetailsService implements UserDetailsService {
    private final UsersDao usersDao;

    @Autowired
    public UserDetailsServiceImpl(final UsersDao usersDao) {
        this.usersDao = usersDao;
    }

    @Override
    public UserDetails loadUserByUsername(final String username) {      
            UserEntity user = usersDao.getUserByOpenIdIdentifier(username);
            if (user == null) {
                    // there is no such user in our db, we could here throw
                    // an Exception instead then the user would also be deuthenticated 
                    return new User(username, "", new ArrayList<GrantedAuthority>());
            }

            //here we are granting to users roles based on values from db
            final Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
            authorities.add(new SimpleGrantedAuthority(user.getUserType().toString()));

            final UserDetails result = new User(username, "", authorities);

            return result;
    }
}
+2

, : . - , , - .

spring authentication-manager .

, , : ! beeing . : AuthenticatedVoter.

, - :

  • , , , .
  • , , .

, .

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-access-manager

PS: spring , . - , .

+1

More articles:


All Articles