Search code examples
springsecurityspring-securityopenid

Spring Security openid-login attribute-exchange only call once at first time

I have trouble in spring security 3.1.

I'm going to use spring security openid-login with gmail, and I want to get user information using attribute-exchange. but if I use it, it is always called when user log-in my website.

How can i call only once at user sign-in my website? I managed sign-in at openIdAuthFailureHandler, and I want to get user information in this bean...please help me!

(I found security:remember-me, but it doesn't work..)

security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:global-method-security
    secured-annotations="enabled" proxy-target-class="true" />

<security:http auto-config="true" access-denied-page="/denied/accessDenied">

    <security:intercept-url pattern="/admin/**"
        access="ROLE_ADMIN" />
    <security:intercept-url pattern="/reservation/**"
        access="ROLE_USER, ROLE_ADMIN" />
    <security:intercept-url pattern="/board/**"
        access="ROLE_ADMIN, ROLE_USER" />

    <security:openid-login login-page="/"
        login-processing-url="/j_spring_openid_security_check.do"
        authentication-success-handler-ref="customAuthenticationHandler"
         authentication-failure-handler-ref="openIdAuthFailureHandler">
         <security:attribute-exchange identifier-match="https://www.google.com/.*" >
            <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
            <security:openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" />
         </security:attribute-exchange>
    </security:openid-login>

    <security:logout logout-url="/j_spring_openid_security_logout.do"
        logout-success-url="/" invalidate-session="true" />
    <!-- <security:http-basic /> -->
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <!-- <security:user-service properties="/WEB-INF/resources/users.xml" 
            /> -->
        <security:password-encoder ref="passwordEncoder" />
        <security:jdbc-user-service id="userDetailsService"
            data-source-ref="dataSource"
            users-by-username-query="SELECT id as id, passwd as passwd, 1 as enabled FROM user WHERE id=?"
            authorities-by-username-query="SELECT id as id, power as authority FROM user WHERE id=?" />
<!--            <security:password-encoder hash="sha-256"></security:password-encoder> -->
    </security:authentication-provider>
</security:authentication-manager>

    <bean id="customTokenRepository"   class="com.jinyoung.reservation.openid.CustomTokenRepository" />            
    <bean id="openIdAuthFailureHandler" class="com.jinyoung.reservation.openid.OpenIDAuthenticationFailureHandler"/>
    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" /> 



    </beans>

OpenIDAuthenticationFailureHandler

   public class OpenIDAuthenticationFailureHandler extends
        SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException exception)

                throws IOException, ServletException {

    if (exception instanceof UsernameNotFoundException && exception.getAuthentication() instanceof OpenIDAuthenticationToken && ((OpenIDAuthenticationToken) exception.getAuthentication()).getStatus().equals(OpenIDAuthenticationStatus.SUCCESS)) {

        DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

        request.getSession(true).setAttribute("USER_OPENID_CREDENTIAL", ((UsernameNotFoundException)exception).getExtraInformation());
        OpenIDAuthenticationToken openIdAuth = (OpenIDAuthenticationToken)exception.getAuthentication();
        request.getSession(true).setAttribute("USER_OPENID_CREDENTIAL_EXTRA", openIdAuth);


        for(OpenIDAttribute attr : openIdAuth.getAttributes()) {

            System.out.printf("AX Attribute: %s, Type: %s, Count: %d\n", attr.getName(), attr.getType(), attr.getCount());

            for(String value : attr.getValues()) {
                System.out.printf(" Value: %s\n", value);
            }
        }
        redirectStrategy.sendRedirect(request, response, "/login/registrationOpenid");

        // redirect to create account page
        /*redirectStrategy.sendRedirect(request, response,
                "/?fail=true");*/

    } else {
        super.onAuthenticationFailure(request, response, exception);
    }
    }
      }
Solution

  • -------------------------------I solved!!!------------------------------------------

    I modified spring-security-openid-3.1.1.RELEASE.jar, and I call attribute-change only once at user access my site first time. if one who want to know, give me e-mail kjy30532@gmail.com !