SEC-1460: Documentation of changes.

2025-06-29 15:22:15 +00:00 · 2010-04-22 16:15:43 +01:00 · 2010-04-22 16:15:43 +01:00 · 82bbd09b71
commit 82bbd09b71
parent dada047e04
2 changed files with 29 additions and 11 deletions
--- a/docs/manual/src/docbook/appendix-namespace.xml
+++ b/docs/manual/src/docbook/appendix-namespace.xml
@ -431,11 +431,20 @@
            <para> Similar to <literal>&lt;form-login&gt;</literal> and has the same attributes. The
                default value for <literal>login-processing-url</literal> is
                "/j_spring_openid_security_check". An
-                <classname>OpenIDAuthenticationFilter</classname> and
-                <classname>OpenIDAuthenticationProvider</classname> will be registered. The latter
-                requires a reference to a <interfacename>UserDetailsService</interfacename>. Again,
-                this can be specified by Id, using the <literal>user-service-ref</literal>
+                    <classname>OpenIDAuthenticationFilter</classname> and
+                    <classname>OpenIDAuthenticationProvider</classname> will be registered. The
+                latter requires a reference to a <interfacename>UserDetailsService</interfacename>.
+                Again, this can be specified by Id, using the <literal>user-service-ref</literal>
                attribute, or will be located automatically in the application context. </para>
+            <section>
+                <title>The <literal>&lt;attribute-exchange></literal> Element</title>
+                <para>The <literal>attribute-exchange</literal> element defines the list of
+                    attributes which should be requested from the identity provider. More than one
+                    can be used, in which case each must have an <literal>identifier-match</literal>
+                    attribute, containing a regular expression which is matched against the supplied
+                    OpenID identifer. This allows different attribute lists to be fetched from
+                    different providers (Google, Yahoo etc).</para>
+            </section>
        </section>
        <section xml:id="nsa-logout">
            <title>The <literal>&lt;logout&gt;</literal> Element</title>
--- a/docs/manual/src/docbook/namespace-config.xml
+++ b/docs/manual/src/docbook/namespace-config.xml
@ -548,20 +548,29 @@
  </attribute-exchange>
 </openid-login>]]></programlisting>The <quote>type</quote> of each OpenID attribute is a URI,
                    determined by a particular schema, in this case <link
-                    xlink:href="http://axschema.org/">http://axschema.org/</link>. If an attribute
-                    must be retrieved for successful authentication, the <literal>required</literal>
-                    attribute can be set. The exact schema and attributes supported will depend on
-                    your OpenID provider. The attribute values are returned as part of the
-                    authentication process and can be accessed afterwards using the following code:
+                        xlink:href="http://axschema.org/">http://axschema.org/</link>. If an
+                    attribute must be retrieved for successful authentication, the
+                        <literal>required</literal> attribute can be set. The exact schema and
+                    attributes supported will depend on your OpenID provider. The attribute values
+                    are returned as part of the authentication process and can be accessed
+                    afterwards using the following code:
                    <programlisting language="java">
 OpenIDAuthenticationToken token = 
    (OpenIDAuthenticationToken)SecurityContextHolder.getContext().getAuthentication();
 List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
-                    <classname>OpenIDAttribute</classname> contains the attribute type and the
+                        <classname>OpenIDAttribute</classname> contains the attribute type and the
                    retrieved value (or values in the case of multi-valued attributes). We'll see
                    more about how the <classname>SecurityContextHolder</classname> class is used
                    when we look at core Spring Security components in the <link
-                    xlink:href="core-components">technical overview</link> chapter.</para>
+                        xlink:href="core-components">technical overview</link> chapter. Multiple
+                    attribute exchange configurations are also be supported, if you wish to use
+                    multiple identity providers. You can supply multiple
+                        <literal>attribute-exchange</literal> elements, using an
+                        <literal>identifier-matcher</literal> attribute on each. This contains a
+                    regular expression which will be matched against the OpenID identifier supplied
+                    by the user. See the OpenID sample application in the codebase for an example
+                    configuration, providing different attribute lists for the Google, Yahoo and
+                    MyOpenID providers.</para>
            </section>
        </section>
        <section xml:id="ns-custom-filters">