Spring Security OpenID-UserDetailsS​​ervice，AuthenticationUserDetailsS​​ervice [英] Spring Security OpenID - UserDetailsService, AuthenticationUserDetailsService

问题描述

试图了解使用Spring Security实施OpenID身份验证的正确方法.

Trying to understand what's the correct way of implementing OpenID authentication with Spring Security.

public class OpenIDUserDetailsService implements 
  UserDetailsService, 
  AuthenticationUserDetailsService {

  @Override
  public UserDetails loadUserByUsername(String openId) throws
    UsernameNotFoundException, DataAccessException {

    // I either want user email here
    // or immediately delegate the request to loadUserDetails

  }

  @Override
  public UserDetails loadUserDetails(Authentication token) throws
    UsernameNotFoundException {

    // This never gets called if I throw from loadUserByUsername()

  }

  private MyCustomUserDetails registerUser(String openId, String email) {
    ...
  }
}

我正在考虑用户尚未在我的应用程序中注册的情况.要注册用户，我需要知道其OpenID和电子邮件.

I'm considering the scenario when user is not yet registered within my application. To register the user, I need to know its OpenID and email.

当OpenID提供程序将用户重定向回我的应用程序时，将调用loadUserByUsername()，但是在这种情况下，我只知道用户的OpenID.因此，我抛出UsernameNotFoundException，然后再未调用loadUserDetails()，因此无法注册用户.

When OpenID provider redirects the user back to my application, loadUserByUsername() is called, but in this case I'm only aware about user's OpenID. So, I'm throwing UsernameNotFoundException and then loadUserDetails() never gets called, so I can't register user.

这里的常见解决方案是什么?如果我从loadUserByUsername()返回类似FakePartialUserDetails的东西，然后在调用loadUserDetails()时，我注册了用户然后返回了真实的MyCustomUserDetails，该怎么办?

What's the common solution here? What if I return something like FakePartialUserDetails from loadUserByUsername() and then, when loadUserDetails() is called, I register the user and then return the real MyCustomUserDetails?

我正在使用Spring Security 3.0.7.RELEASE

I'm using Spring Security 3.0.7.RELEASE

推荐答案

这很有趣，但是设法通过移动到 Spring Security 3.1.0.RELEASE 来解决了这个问题.

That's funny, but managed to resolve it by moving to Spring Security 3.1.0.RELEASE.

对于相同的情况，行为是完全不同的-不调用loadUserByUsername()，而是调用loadUserDetails().

For the same scenario, behavior is absolutely different - loadUserByUsername() is not called and loadUserDetails() is called instead.

这篇关于Spring Security OpenID-UserDetailsS​​ervice，AuthenticationUserDetailsS​​ervice的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！