私はSpringMVCとSpringSecurity(バージョン3.1)を使用しています。Webアプリケーションは、ログインにgoogle/gmailアカウントを使用して登録するオプションをユーザーに提供します。これは私の開発環境では正常に機能しますが、本番サーバーにデプロイすると、正しいgoogle資格情報が提供されたときにBad Credentials例外が表示されるため、登録プロセスが失敗します。これが私のspring-security.xml設定のopenid設定です:
<openid-login
login-processing-url="/j_spring_openid_security_check"
default-target-url="/home"
user-service-ref="userOpenIdDetailsService"
authentication-failure-handler-ref="openIdAuthFailureHandler"/>
<logout logout-success-url="/login?rc=2" />
<beans:bean id="userOpenIdDetailsService" class="com.xxx.service.OpenIdUserDetailsServiceImpl"/>
<beans:bean id="openIdAuthFailureHandler" class="com.xxx.controllers.OpenIDAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login?rc=6"/>
</beans:bean>
openid IDが返されたがデータベースに登録されていない場合に、登録プロセスを処理するための認証失敗ハンドラーを実装しました。
public class OpenIDAuthenticationFailureHandler extends
SimpleUrlAuthenticationFailureHandler {
private static Logger logger = Logger.getLogger(OpenIDAuthenticationFailureHandler.class);
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, org.springframework.security.core.AuthenticationException exception)
throws IOException, ServletException {
if(exception instanceof UsernameNotFoundException
&& exception.getAuthentication() instanceof OpenIDAuthenticationToken
&& ((OpenIDAuthenticationToken)exception.getAuthentication()).
getStatus().equals(OpenIDAuthenticationStatus.SUCCESS)) {
DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
OpenIDAuthenticationToken token = (OpenIDAuthenticationToken)exception.getAuthentication();
String url = token.getIdentityUrl();
request.getSession(true).setAttribute("USER_OPENID_CREDENTIAL", url);
String inviteId = (String)request.getSession().getAttribute("INVITE_ID");
if (inviteId != null) {
redirectStrategy.sendRedirect(request, response, "/setup/invite/" + inviteId + "/complete");
} else {
//redirect to create account page
redirectStrategy.sendRedirect(request, response, "/setup/openid/complete");
}
} else {
OpenIDAuthenticationToken token = (OpenIDAuthenticationToken)exception.getAuthentication();
logger.debug("Token Identity: " + token.getIdentityUrl());
logger.debug("Open ID authentication failure: " + exception.getMessage());
logger.debug("Auth Exception: " + exception.toString());
super.onAuthenticationFailure(request, response, exception);
}
}
}
したがって、登録のために上記のハンドラーで処理されるUsernameNotFoundExceptionを期待していますが、org.springframework.security.authentication.BadCredentialsExceptionが発生しています。ログから:
Log --> 10:19:17 DEBUG org.springframework.security.openid.OpenIDAuthenticationFilter - Supplied OpenID identity is https://www.google.com/accounts/o8/id?id=open-id-token-here
Log --> 10:19:17 DEBUG org.springframework.security.openid.OpenIDAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Log in failed - identity could not be verified
Log --> 10:19:17 DEBUG org.springframework.security.openid.OpenIDAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
Log --> 10:19:17 DEBUG org.springframework.security.openid.OpenIDAuthenticationFilter - Delegating to authentication failure handlercom.xxx.controllers.OpenIDAuthenticationFailureHandler@435fef7d
Log --> 10:19:17 DEBUG com.xxx.controllers.OpenIDAuthenticationFailureHandler - Token Identity: Unknown
Log --> 10:19:17 DEBUG com.xxx.controllers.OpenIDAuthenticationFailureHandler - Open ID authentication failure: Log in failed - identity could not be verified
Log --> 10:19:17 DEBUG com.xxx.controllers.OpenIDAuthenticationFailureHandler - Auth Exception: org.springframework.security.authentication.BadCredentialsException: Log in failed - identity could not be verified