Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-1460: Documentation of changes.

Luke Taylor 15 years ago
parent
dada047e04
commit
82bbd09b71
2 changed files with 29 additions and 11 deletions
Split View Show Diff Stats
  1. 13 4
      docs/manual/src/docbook/appendix-namespace.xml
  2. 16 7
      docs/manual/src/docbook/namespace-config.xml

+ 13 - 4
docs/manual/src/docbook/appendix-namespace.xml
View File 

@@ -431,11 +431,20 @@
 
             <para> Similar to <literal>&lt;form-login&gt;</literal> and has the same attributes. The
 
                 default value for <literal>login-processing-url</literal> is
 
                 "/j_spring_openid_security_check". An
 
-                <classname>OpenIDAuthenticationFilter</classname> and
 
-                <classname>OpenIDAuthenticationProvider</classname> will be registered. The latter
 
-                requires a reference to a <interfacename>UserDetailsService</interfacename>. Again,
 
-                this can be specified by Id, using the <literal>user-service-ref</literal>
 
+                    <classname>OpenIDAuthenticationFilter</classname> and
 
+                    <classname>OpenIDAuthenticationProvider</classname> will be registered. The
 
+                latter requires a reference to a <interfacename>UserDetailsService</interfacename>.
 
+                Again, this can be specified by Id, using the <literal>user-service-ref</literal>
 
                 attribute, or will be located automatically in the application context. </para>
 
+            <section>
 
+                <title>The <literal>&lt;attribute-exchange></literal> Element</title>
 
+                <para>The <literal>attribute-exchange</literal> element defines the list of
 
+                    attributes which should be requested from the identity provider. More than one
 
+                    can be used, in which case each must have an <literal>identifier-match</literal>
 
+                    attribute, containing a regular expression which is matched against the supplied
 
+                    OpenID identifer. This allows different attribute lists to be fetched from
 
+                    different providers (Google, Yahoo etc).</para>
 
+            </section>
 
         </section>
 
         <section xml:id="nsa-logout">
 
             <title>The <literal>&lt;logout&gt;</literal> Element</title>

+ 16 - 7
docs/manual/src/docbook/namespace-config.xml
View File 

@@ -548,20 +548,29 @@
 
   </attribute-exchange>
 
  </openid-login>]]></programlisting>The <quote>type</quote> of each OpenID attribute is a URI,
 
                     determined by a particular schema, in this case <link
 
-                    xlink:href="http://axschema.org/">http://axschema.org/</link>. If an attribute
 
-                    must be retrieved for successful authentication, the <literal>required</literal>
 
-                    attribute can be set. The exact schema and attributes supported will depend on
 
-                    your OpenID provider. The attribute values are returned as part of the
 
-                    authentication process and can be accessed afterwards using the following code:
 
+                        xlink:href="http://axschema.org/">http://axschema.org/</link>. If an
 
+                    attribute must be retrieved for successful authentication, the
 
+                        <literal>required</literal> attribute can be set. The exact schema and
 
+                    attributes supported will depend on your OpenID provider. The attribute values
 
+                    are returned as part of the authentication process and can be accessed
 
+                    afterwards using the following code:
 
                     <programlisting language="java">
 
 OpenIDAuthenticationToken token = 
     (OpenIDAuthenticationToken)SecurityContextHolder.getContext().getAuthentication();
 
 List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
 
-                    <classname>OpenIDAttribute</classname> contains the attribute type and the
 
+                        <classname>OpenIDAttribute</classname> contains the attribute type and the
 
                     retrieved value (or values in the case of multi-valued attributes). We'll see
 
                     more about how the <classname>SecurityContextHolder</classname> class is used
 
                     when we look at core Spring Security components in the <link
 
-                    xlink:href="core-components">technical overview</link> chapter.</para>
 
+                        xlink:href="core-components">technical overview</link> chapter. Multiple
 
+                    attribute exchange configurations are also be supported, if you wish to use
 
+                    multiple identity providers. You can supply multiple
 
+                        <literal>attribute-exchange</literal> elements, using an
 
+                        <literal>identifier-matcher</literal> attribute on each. This contains a
 
+                    regular expression which will be matched against the OpenID identifier supplied
 
+                    by the user. See the OpenID sample application in the codebase for an example
 
+                    configuration, providing different attribute lists for the Google, Yahoo and
 
+                    MyOpenID providers.</para>
 
             </section>
 
         </section>
 
         <section xml:id="ns-custom-filters">