Status | Proposal under development |
Special Note | Google Summer of Code 2008 project |
Target Release | 4.1 |
JIRA Issue | |
Original Authors | Tatyana Tokareva, Dave Johnson |
...
Use Spring Security's OpenID support
We will use Spring Security v2.0.3 (the latest release) and its OpenID support feature.
New database table and POJO
We will add a new database table 'roller_userattribute' and a new POJO UserAttribute to store each user's OpenID identifier URL. Later, this table can be used to associated other data with each user.
New UserManager methods
Add methods for setting and getting user attributes.
New startup properties
Add a new startup property called 'authentication.openid' with three possible values: disabled, hybrid and only. See the requirements for the meanings of these strings.
Changes to registration form
Add an OpenID identifier field that will be shown in hybrid and only modes. Here's what the form will look like in hybrid mode:
Changes to login form
Add an OpenID identifier field that will be shown in hybrid and only modes. Here's what the form will look like in hybrid mode:
Changes to user profile form
Add an OpenID identifier field that will be shown in hybrid and only modes.
Project Plan
- Examine the application structure and the features of the existing authorization system, built using the Spring Acegi framework. Understand, what types of security filters are used and how they can be replaced. Outline, what features to change and what to edit in the existing system.
- Plan the main functionality of the project and install required libraries to the system.
- Release the main functionality - add necessary classes, scripts, database tables and Spring Security filters.
- Change the visual interface of the application (add authentication prompt to ask users for their OpenID identifier rather than their username and password).
- Test the system and write necessary documentation.
...