OpenID认证并自动登记使用Spring Security 3.0.2 [英] OpenId authentication and automatic registration with Spring Security 3.0.2
问题描述
我实施以Spring Security 3.0.2使用OpenID登录和注册的应用程序。
我可以成功地登录,但如果用户没有登记我想要做的:
I'm implementing an app using spring security 3.0.2 with OpenId login and registration. I can login succesfully, but if the user isn't registered i want to do:
1)获得一些属性的OpenID,如电子邮件和名称。
2)显示给用户的只有这两个字段和URI填充的OpenID登记表。
1) Get some OpenId attributes like email and name.
2) Show to the user a registration form with just these two fields and the OpenId URI filled.
我一直在寻找了很多,但我没有找到这样的ellegant的方式。
我不知道是否有些U能拿出一个解决方案,以实现我的应用程序这一战略。
I've been searching a lot but i didn't find an "ellegant" way of doing this. I wonder if some of u can come out with a solution to implement this strategy in my app.
先谢谢了。
推荐答案
您不能显示电子邮件和名字的用户已注册前/登录自己,因为他必须允许应用程序首先访问他的个人资料。您可以显示他与他的OpenID这个网页,邮件等的之后的他登录。
You can't show the email and name before the user has registered/login himself, since he has to allow the app to access his profile first. You can show him this page with his openid, mail etc after he logged in.
定义要使用的属性:
<openid-login login-page="/openidlogin.jsp" authentication-failure-url="/openidlogin.jsp?login_error=true">
<attribute-exchange>
<openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" count="2"/>
<openid-attribute name="name" type="http://schema.openid.net/namePerson/friendly" />
</attribute-exchange>
</openid-login>
,然后访问属性,用户登录后:
And then access the attributes, after the user has logged in:
OpenIDAuthenticationToken token = (OpenIDAuthenticationToken)SecurityContextHolder.getContext().getAuthentication();
List<OpenIDAttribute> attributes = token.getAttributes();
有一个看的example从春天库,而<一个href=\"http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-openid\">OpenId支持文档。
这篇关于OpenID认证并自动登记使用Spring Security 3.0.2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!