Integrating Web Application with OpenID using Spring Security

>> Apr 17, 2013

During the course of this article, I will try to put steps for integrating web application with Spring Security using OpenID as authentication medium and using Spring MVC. (This article expects that user has some knowledge of Spring MVC, Spring Security, Maven and Tomcat.) In detail Step1: Create a Web Application I have used NetBeans IDE 7.3, Tomcat7. To create a project, Choose File -New Project - Java Web - Web Application - ProjectName - Server - Spring MVC. Since I am using maven, add a pom file in the project. Make sure you have a basic structure of application before moving ahead. You can create a web application based on framework of your choice. Step2: Add Spring Security to it I have three pages 1. Login - open for all 2. landing - user with ROLE_USER access 3. Admin - User with ROLE_ADMIN access In Spring-Security.xml




Step3:Change web.xml


Step4: Add controller code to handle request 
public class AppController {

    @RequestMapping(value = "/landing", method = RequestMethod.GET)
    public String getCommonPage() {
        return "landingpage";

    @RequestMapping(value = "/admin", method = RequestMethod.GET)
    public String getAdminPage() {
        return "adminpage";
public class SecuritytController {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String getLoginPage(@RequestParam(value = "error", required = false) boolean error,
            ModelMap model) {
        if (error == true) {
            model.put("error", "Please enter valid username or password!");
        } else {
            model.put("error", "");

        return "loginpage";
Step5: Add code to AppSecurityDis-servlet


Step6: Add Controller package to ApplicationContect.xml
Step7 : Add code to loginpage.jsp

Welcome to App Security

Login to AppSecurity

For Google users:

OR If you have OpenID Login with OpenID:
and for adminpage.jsp and landingpage.jsp, you can add code as per your requirements 
Step8: Compile and Deploy it. 
Once deployed access it at "http://localhost:8080/AppSecurity/apps/secure/login". You will get two options to login. If valid credentials and match with username value, you should be able to view landing page. Step9: Moving it to database Create follwing tables in mySQL database.
CREATE TABLE `users` (
  `USER_ID` int(10) unsigned NOT NULL,
  `USERNAME` varchar(145) NOT NULL,  
  `PASSWORD` varchar(45) DEFAULT NULL,
  `ENABLED` tinyint(1) NOT NULL

CREATE TABLE `user_roles` (
  `USER_ROLE_ID` int(10) unsigned NOT NULL,
  `USER_ID` int(10) NOT NULL,
  `AUTHORITY` varchar(45) NOT NULL,
  KEY `FK_user_roles` (`USER_ID`)

Add these records in Users and user_role tables

101,, , 1

1, 101, ROLE_USER
2, 101, ROLE_ADMIN
BTW, this username "" is mine. you need to change it with your id and you can it track it as written above. Add spring-database.xml in WEB-INF folder


Add this in web.xml as well.
Step10/Step2a: Make changes in spring-security file.
Although this is still a work around and should be part of UserDetailsService class. Which I will implement in next blog. Make sure you comment code written in step 2 and replace it with new one.

Recompile and run it again. You should be able to login using new changes in database.


Abhishek Chavan Apr 18, 2013, 9:44:00 AM  

Would love to get my hands on the Code. Maybe on Github I hope.

Sandeep Gupta Apr 18, 2013, 10:36:00 AM  

My next target is to integrate with other ID providers like yahoo. wordpress. I have tested it with MyOpenId and google

Adil Sandalwala Sep 19, 2013, 3:39:00 AM  

Thanks for the post. It helped a lot. I was wondering how do you get to know the OpenId that you have registered in the user-service section in spring-security.xml?
In my webapp, I want to use the gmail authentication but want to allow only a few users. So I am planning to add all the allowed users to the xml file. The issue is in getting the OpenId. In your case:"AItxxioJSDLFJLjxcksdfjOpAASDFosSSoJ0E".
How do you get your hands on this id?

Post a Comment