OpenID认证并自动登记使用Spring Security 3.0.2 [英] OpenId authentication and automatic registration with Spring Security 3.0.2

问题描述

我实施以Spring Security 3.0.2使用OpenID登录和注册的应用程序。
我可以成功地登录，但如果用户没有登记我想要做的：

I'm implementing an app using spring security 3.0.2 with OpenId login and registration. I can login succesfully, but if the user isn't registered i want to do:

1）获得一些属性的OpenID，如电子邮件和名称。

2）显示给用户的只有这两个字段和URI填充的OpenID登记表。

1) Get some OpenId attributes like email and name.
2) Show to the user a registration form with just these two fields and the OpenId URI filled.

我一直在寻找了很多，但我没有找到这样的ellegant的方式。
我不知道是否有些U能拿出一个解决方案，以实现我的应用程序这一战略。

I've been searching a lot but i didn't find an "ellegant" way of doing this. I wonder if some of u can come out with a solution to implement this strategy in my app.

先谢谢了。

推荐答案

您不能显示电子邮件和名字的用户已注册前/登录自己，因为他必须允许应用程序首先访问他的个人资料。您可以显示他与他的OpenID这个网页，邮件等的之后的他登录。

You can't show the email and name before the user has registered/login himself, since he has to allow the app to access his profile first. You can show him this page with his openid, mail etc after he logged in.

定义要使用的属性：

<openid-login login-page="/openidlogin.jsp" authentication-failure-url="/openidlogin.jsp?login_error=true">
  <attribute-exchange>
    <openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" count="2"/>
    <openid-attribute name="name" type="http://schema.openid.net/namePerson/friendly" />
  </attribute-exchange>
</openid-login>

，然后访问属性，用户登录后：

And then access the attributes, after the user has logged in:

OpenIDAuthenticationToken token = (OpenIDAuthenticationToken)SecurityContextHolder.getContext().getAuthentication();
List<OpenIDAttribute> attributes = token.getAttributes();

有一个看的example从春天库，而<一个href=\"http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-openid\">OpenId支持文档。

这篇关于OpenID认证并自动登记使用Spring Security 3.0.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！