OpenID

Had the pleasure of using the spring support for OpenID to intergrate security into a simple webapp. OpenID basically is a decentralized single sign-on based protocal over the internet. I used a custom UserDetailsService implementation of my own to create a UserDetails from my defined tables. The UserDetails needs username/password and a list of authenticated roles. These role have to be prefixed with ‘ROLE_’ e.g. ROLE_ADMIN, ROLE_SUPERVISOR.

Once a custom UserService has been provided via the AuthenicationProvider tag and also plugged in the relevant security web filter in web.xml, you can then specify a tag which tells spring to enable OpenID as an alternative to the conventional form login (username & password) security. The user will then additionally be presented with a login section to provide a OpenID identity url (http://openid.net/get/) which will then forward to the provider to verify the user with their relevant details. Once successful, spring security will attempt to find the user via the UserDetailsService implementation using the resulting identity url e.g. http://www.myspace.com/username as the username. If found then user is successfully authenticated into system.

There is not much documentation on how to use this out there, let me know if you need anymore d3tails.