SEC-722: Add Open ID Namespace Support

http://jira.springframework.org/browse/SEC-722. Added OpenIDProvider to bean registry and fixed login page generator to use correct URL for OpenID. Added user-service-ref to namespace element. Changed OpenID sample to use <openid-login />.

core/src/main/java/org/springframework/security/config/BeanIds.java

@@ -32,7 +32,8 @@ public abstract class BeanIds {
 	public static final String FORM_LOGIN_FILTER = "_formLoginFilter";
 	public static final String FORM_LOGIN_ENTRY_POINT = "_formLoginEntryPoint";
 	public static final String OPEN_ID_FILTER = "_openIDFilter";
-	public static final String OPEN_ID_ENTRY_POINT = "_openIDFilterEntryPoint";	
+	public static final String OPEN_ID_ENTRY_POINT = "_openIDFilterEntryPoint";
+    public static final String OPEN_ID_PROVIDER = "_openIDAuthenticationProvider";	
 	public static final String MAIN_ENTRY_POINT = "_mainEntryPoint";	
 	public static final String FILTER_CHAIN_PROXY = "_filterChainProxy";
 	public static final String HTTP_SESSION_CONTEXT_INTEGRATION_FILTER = "_httpSessionContextIntegrationFilter";

core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -83,7 +83,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     static final String ATT_SERVLET_API_PROVISION = "servlet-api-provision";
     static final String DEF_SERVLET_API_PROVISION = "true";
 
-    static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
+    static final String ATT_ACCESS_MGR = "access-decision-manager-ref";    
+    static final String ATT_USER_SERVICE_REF = "user-service-ref";    
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         BeanDefinitionRegistry registry = parserContext.getRegistry();
@@ -279,6 +280,20 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
             openIDFilter = parser.getFilterBean();
             openIDEntryPoint = parser.getEntryPointBean();
             openIDLoginPage = parser.getLoginPage();
+            
+            BeanDefinitionBuilder openIDProviderBuilder = 
+                BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.providers.openid.OpenIDAuthenticationProvider");
+            
+            String userService = openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF);
+            
+            if (StringUtils.hasText(userService)) {
+                openIDProviderBuilder.addPropertyReference("userDetailsService", userService);
+            }
+            
+            BeanDefinition openIDProvider = openIDProviderBuilder.getBeanDefinition();
+            ConfigUtils.getRegisteredProviders(parserContext).add(openIDProvider);
+            
+            parserContext.getRegistry().registerBeanDefinition(BeanIds.OPEN_ID_PROVIDER, openIDProvider);
         }
         
         if (formLoginFilter == null && openIDFilter == null) {

core/src/main/java/org/springframework/security/config/HttpSecurityConfigPostProcessor.java

@@ -43,6 +43,7 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor
     public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
         injectUserDetailsServiceIntoRememberMeServices(beanFactory);
         injectUserDetailsServiceIntoX509Provider(beanFactory);
+        injectUserDetailsServiceIntoOpenIDProvider(beanFactory);
 
         injectAuthenticationEntryPointIntoExceptionTranslationFilter(beanFactory);
 
@@ -80,6 +81,20 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor
             // ignore
         }
     }
+    
+    private void injectUserDetailsServiceIntoOpenIDProvider(ConfigurableListableBeanFactory beanFactory) {
+        try {
+            BeanDefinition openIDProvider = beanFactory.getBeanDefinition(BeanIds.OPEN_ID_PROVIDER);
+            PropertyValue pv = openIDProvider.getPropertyValues().getPropertyValue("userDetailsService");
+
+            if (pv == null) {
+                openIDProvider.getPropertyValues().addPropertyValue("userDetailsService",
+                    ConfigUtils.getUserDetailsService(beanFactory));
+            }
+        } catch (NoSuchBeanDefinitionException e) {
+            // ignore
+        }
+    }    
 
     /**
      * Sets the authentication manager, (and remember-me services, if required) on any instances of

core/src/main/java/org/springframework/security/ui/webapp/DefaultLoginPageGeneratingFilter.java

@@ -63,7 +63,7 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
     	
     	if (openIDFilter != null) {
     		openIdEnabled = true;
-    		openIDauthenticationUrl = openIDFilter.getAuthenticationFailureUrl();
+    		openIDauthenticationUrl = openIDFilter.getDefaultFilterProcessesUrl();
     		openIDusernameParameter = (String) (new BeanWrapperImpl(openIDFilter)).getPropertyValue("claimedIdentityFieldName");
 
 	        if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {

core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc

@@ -165,7 +165,7 @@ annotation-driven.attlist &=
 
 http =
     ## Container element for HTTP security configuration
-   element http {http.attlist, (intercept-url+ & form-login? & x509? & http-basic? & logout? & concurrent-session-control? & remember-me? & anonymous? & port-mappings) }
+   element http {http.attlist, (intercept-url+ & form-login? & openid-login & x509? & http-basic? & logout? & concurrent-session-control? & remember-me? & anonymous? & port-mappings) }
 http.attlist &=
     ## Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false".
     attribute auto-config {"true" | "false" }?
@@ -240,7 +240,7 @@ form-login.attlist &=
 
 openid-login = 
     ## Sets up form login for authentication with an Open ID identity
-    element openid-login {form-login.attlist, empty}
+    element openid-login {form-login.attlist, user-service-ref?, empty}
 
 
 filter-chain-map =

samples/openid/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -15,11 +15,12 @@
     <http>
         <intercept-url pattern="/**" access="ROLE_USER"/>
         <intercept-url pattern="/openidlogin.jsp*" filters="none"/>        
-        <logout/>
+        <logout/>
+        <openid-login />
     </http>
 
     <authentication-manager alias="authenticationManager"/>    
-
+<!-- 
     <b:bean id="openIdFilter" class="org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter">
         <custom-filter />        
         <b:property name="authenticationManager" ref="authenticationManager"/>
@@ -35,7 +36,7 @@
     <b:bean id="entryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
         <b:property name="loginFormUrl" value="/openidlogin.jsp" />
     </b:bean>
-
+-->
     <user-service id="userService">
         <user name="http://luke.taylor.myopenid.com/" password="notused" authorities="ROLE_SUPERVISOR,ROLE_USER" />
         <user name="http://luke.taylor.openid.cn/" password="notused" authorities="ROLE_SUPERVISOR,ROLE_USER" />