Menu
Trying to understand what's the correct way of implementing OpenID authentication with Spring Security.
public class OpenIDUserDetailsService implements
UserDetailsService,
AuthenticationUserDetailsService {
@Override
public UserDetails loadUserByUsername(String openId) throws
UsernameNotFoundException, DataAccessException {
// I either want user email here
// or immediately delegate the request to loadUserDetails
}
@Override
public UserDetails loadUserDetails(Authentication token) throws
UsernameNotFoundException {
// This never gets called if I throw from loadUserByUsername()
}
private MyCustomUserDetails registerUser(String openId, String email) {
...
}
}
I'm considering the scenario when user is not yet registered within my application. To register the user, I need to know its OpenID and email.
When OpenID provider redirects the user back to my application, loadUserByUsername() is called, but in this case I'm only aware about user's OpenID. So, I'm throwing UsernameNotFoundException and then loadUserDetails() never gets called, so I can't register user.
What's the common solution here? What if I return something like FakePartialUserDetails from loadUserByUsername() and then, when loadUserDetails() is called, I register the user and then return the real MyCustomUserDetails?
I'm using Spring Security 3.0.7.RELEASE
501
That's funny, but managed to resolve it by moving to Spring Security 3.1.0.RELEASE.
For the same scenario, behavior is absolutely different - loadUserByUsername() is not called and loadUserDetails() is called instead.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
