Spring Security OpenID вход на страницу входа скрытая форма ввода значения с помощью CustomOpenIDAuthenticationFilter

Question

Согласно API , аутентификация OpenID состоит из двух этапов:

Отправка идентификатора OpenID Обработка перенаправления с сервера OpenID Моя задача - захватитьПервый этап и извлечение дополнительной информации из представления.

После некоторого расследования я получил следующее:

Spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/context/spring-context-3.0.xsd
                           http://www.springframework.org/schema/security 
                           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:http pattern="/myapp/auth/login" security="none"/>
    <security:http pattern="/myapp/auth/logout" security="none"/>
    <security:http entry-point-ref="entryPoint">
        <security:intercept-url pattern="/myapp/main/*" access="ROLE_USER"/>
        <security:logout invalidate-session="true"
            logout-success-url="/myapp/auth/login"
            logout-url="/myapp/auth/logout"/>  
        <security:custom-filter position="OPENID_FILTER" ref="openIdAuthFilter"/>
    </security:http>

  <bean id="openIdAuthFilter" class="org.myorg.openid.filter.CustomOpenIDAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
    <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
    <property name="consumer">
      <bean class="org.springframework.security.openid.OpenID4JavaConsumer">
        <constructor-arg index="0">
          <bean class="org.openid4java.consumer.ConsumerManager"/>
        </constructor-arg>
        <constructor-arg index="1">
          <list value-type="org.springframework.security.openid.OpenIDAttribute">
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="email"/>
              <constructor-arg index="1" value="http://schema.openid.net/contact/email"/>
              <property name="required" value="true"/>
              <property name="count" value="1"/>           
            </bean>
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="firstName"/>
              <constructor-arg index="1" value="http://axschema.org/namePerson/first" />
              <property name="required" value="true"/>
              <property name="count" value="1"/>     
            </bean>
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="lastName"/>
              <constructor-arg index="1" value="http://axschema.org/namePerson/last" />
              <property name="required" value="true"/>
              <property name="count" value="1"/>     
            </bean>
          </list>
        </constructor-arg>
      </bean>
    </property>
  </bean>  
    <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="openIdAuthProvider"/>
    </security:authentication-manager>
  <bean id="openIdAuthProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">
    <property name="authenticationUserDetailsService" ref="registeringUserService"/>
  </bean>

    <bean id="authenticationSuccessHandler"
        class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/myapp/main/translationpage.jsp" />
    </bean>

    <bean id="authenticationFailureHandler"
        class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
         <property name="defaultFailureUrl" value="/myapp/auth/login?error=true" />
    </bean>
<!--
    A custom UserDetailsService which will allow any user to authenticate and "register" their IDs in an internal map
    for use if they return to the site. This is the most common usage pattern for sites which use OpenID.
 -->
    <bean id="registeringUserService" class="org.myorg.openid.service.CustomUserDetailsService" />

  <bean id="entryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/myapp/auth/login"/>
  </bean>
</beans>

CustomOpenIDAuthenticationFilter.java, который пытается извлечь дополнительную информацию из login.jsp

protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) 
    throws IOException,ServletException{
        System.out.println("==before login==");
        String language = request.getParameter("language");
        System.out.println("language= " + language);
        super.successfulAuthentication(request, response, authResult);
        System.out.println("==after login==");
    }

. Login.jsp выводит «language = null».Я очень новичок в Spring MVC и безопасности, я что-то пропустил?Благодарю.Хорошо, наконец, я думаю, что получил его.

В http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.html#doFilter%28javax.servlet.ServletRequest,%20javax.servlet.ServletResponse,%20javax.servlet.FilterChain%29, говорится, что «Возвращает ноль, указывая, что процесс аутентификации все еще продолжается. Перед возвратом реализация должна выполнить любую дополнительную требуемую работузавершить процесс.Но я пытался распечатать его.

Конечный CustomOpenIDAuthenticationFilter:

public class CustomOpenIDAuthenticationFilter extends OpenIDAuthenticationFilter{

public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException {
    System.out.println("==attemptAuthentication==");
    String language = request.getParameter("language");
    System.out.println("language= " + language);
    Authentication au = super.attemptAuthentication(request, response);
    //System.out.println(au.getPrincipal());
    return au;
}
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) 
throws IOException,ServletException{
    System.out.println("==before login==");
    super.successfulAuthentication(request, response, authResult);
    System.out.println("==after login==");
}

protected void unsuccessfulAuthentication(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException failed)
throws IOException,ServletException{
    System.out.println("==before failed login==");
    super.unsuccessfulAuthentication(request, response, failed);
    System.out.println("==after failed login==");
}

}