Home/ Questions/Q 8081369
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T16:42:36+00:00

Trying to understand what’s the correct way of implementing OpenID authentication with Spring Security.

  • 0

Trying to understand what’s the correct way of implementing OpenID authentication with Spring Security.

public class OpenIDUserDetailsService implements 
  UserDetailsService, 
  AuthenticationUserDetailsService {

  @Override
  public UserDetails loadUserByUsername(String openId) throws
    UsernameNotFoundException, DataAccessException {

    // I either want user email here
    // or immediately delegate the request to loadUserDetails

  }

  @Override
  public UserDetails loadUserDetails(Authentication token) throws
    UsernameNotFoundException {

    // This never gets called if I throw from loadUserByUsername()

  }

  private MyCustomUserDetails registerUser(String openId, String email) {
    ...
  }
}

I’m considering the scenario when user is not yet registered within my application. To register the user, I need to know its OpenID and email.

When OpenID provider redirects the user back to my application, loadUserByUsername() is called, but in this case I’m only aware about user’s OpenID. So, I’m throwing UsernameNotFoundException and then loadUserDetails() never gets called, so I can’t register user.

What’s the common solution here? What if I return something like FakePartialUserDetails from loadUserByUsername() and then, when loadUserDetails() is called, I register the user and then return the real MyCustomUserDetails?

I’m using Spring Security 3.0.7.RELEASE

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    That’s funny, but managed to resolve it by moving to Spring Security 3.1.0.RELEASE.

    For the same scenario, behavior is absolutely differentloadUserByUsername() is not called and loadUserDetails() is called instead.

    • 0