I want to implement a new OpenIDConsumer for Spring Security OpenID. I implemented OpenIDConsumer in a class and then added the corresponding configuration to applicationContext-security.xml, but my code doesn’t seems to be executed at all.
This is the relevant part from applicationContext-security.xml:
<http auto-config="false">
<intercept-url pattern="/**" access="ROLE_USER"/>
<openid-login login-page="/auth/login"
authentication-failure-url="/auth/login?login_error=true">
<attribute-exchange>
<openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
</attribute-exchange>
</openid-login>
</http>
<b:bean id="openIdConsumer" class="sample.OpenIDTestConsumer">
<b:property name="email" value="email"/>
</b:bean>
Now, the class sample.OpenIDTestConsumer is initialized but it is not used by Spring Security, and the original class is used instead I think OpenID4JavaConsumer.
The sample.OpenIDTestConsumer class implements the OpenIDConsumer interface and it is initialized and the setEmail method is set, but it doesn’t execute the beginConsumption or endConsumption methods, that’s why I think it is just created because of applicationContext-security.xml bean definition but is not used.
The question is: How can I glue or set a custom class to work as the OpenIDConsumer and not use the Spring implementation?
By default Spring Security registers an OpenIDAuthenticationFilter with an OpenID4JavaConsumer when using the security namespace configuration. You can not define a custom consumer with the namespace. A solution would be to use a custom filter and configure the OpenIDAuthenticationFilter by hand in your
applicationContext-security.xml: