@Override
 public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
     throws UsernameNotFoundException {
   log.debug("loadUserDetails: {}", token);
   String username = token.getIdentityUrl();
   String email = "";
   Usuario usuario = usuarioDao.obtienePorOpenId(username);
   log.debug("Usuario encontrado : {}", usuario);
   if (usuario == null) {
     log.debug("Buscando atributo email");
     List<OpenIDAttribute> attrs = token.getAttributes();
     for (OpenIDAttribute attr : attrs) {
       log.debug("Attr: {}", attr.getName());
       if (attr.getName().equals("email")) {
         email = attr.getValues().get(0);
       }
     }
     log.debug("Buscando por email {}", email);
     usuario = usuarioDao.obtienePorCorreo(email);
     if (usuario == null) {
       throw new UsernameNotFoundException("No se encontro al usuario " + username);
     }
     usuario.setOpenId(username);
     usuarioDao.actualiza(usuario);
   }
   log.debug("Regresando usuario: {}", usuario);
   return (UserDetails) usuario;
 }
 /**
  * @param supportedAttribute
  * @return
  */
 public static OpenIDAttribute toOpenIDAttribute(SupportedOpenIDAttribute supportedAttribute) {
   OpenIDAttribute openIDAttribute =
       new OpenIDAttribute(
           supportedAttribute.getAttributeName(), supportedAttribute.getAttributeType());
   openIDAttribute.setRequired(true);
   return openIDAttribute;
 }
  @Override
  public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
      throws UsernameNotFoundException {
    LOGGER.info("Got OpenIdAuth with token {}", token);

    Map<String, String> attributes = new HashMap<>();

    UserEntity user = null;
    for (OpenIDAttribute attribute : token.getAttributes()) {
      attributes.put(
          attribute.getName().toLowerCase(), StringUtils.join(attribute.getValues(), " "));
      if (attribute.getName().equalsIgnoreCase("email")) {
        for (String attributeValue : attribute.getValues()) {
          user = repository.findByEmail(attributeValue);
          if (user != null) {
            break;
          }
        }
        break;
      }
    }

    if (user == null) {
      user = new UserEntity();
      user.setUsername(attributes.get("email"));
      user.setEmail(attributes.get("email"));
      //      user.setFirstName(attributes.get("firstname"));
      //      user.setFirstName(attributes.get("lastname"));
      user.getRoles().add(Role.USER);

      LOGGER.info("Saving user " + attributes.get("email"));
      LOGGER.info("User Attributes {}", attributes);

      user = repository.save(user);

    } else {
      // TODO: remove this - users were imported without any role.
      if (user.getRoles().size() == 0) {
        user.getRoles().add(Role.USER);
        user = repository.save(user);
      }
    }

    LOGGER.info("returning user {}", user);
    return user;
  }
  /**
   * {@inheritDoc}
   *
   * @see org.springframework.security.providers.openid.OpenIDAuthenticationProvider#authenticate(
   *     org.springframework.security.Authentication)
   */
  @Override
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    if (!supports(authentication.getClass())) {
      return null;
    }

    if (authentication instanceof OpenIDAuthenticationToken) {
      OpenIDAuthenticationToken response = (OpenIDAuthenticationToken) authentication;
      OpenIDAuthenticationStatus status = response.getStatus();

      // handle the various possibilites
      if (status == OpenIDAuthenticationStatus.SUCCESS) {
        // Lookup user details
        final UserDetails userDetails;
        try {
          userDetails = this.userDetailsService.loadUserByUsername(response.getIdentityUrl());
        } catch (final UsernameNotFoundException e) {

          LOGGER.error("OpenID authentication successful but but no account exists.");

          final User user = new User();
          user.setUsername(response.getIdentityUrl());

          for (OpenIDAttribute attribute : response.getAttributes()) {

            LOGGER.debug(
                "OpenIDAttribute: "
                    + attribute.getType()
                    + "; "
                    + attribute.getName()
                    + "; "
                    + attribute.getValues());

            if (UsedOpenIdAttribute.AX_FIRST_NAME
                .getOpenIdAttribute()
                .getName()
                .equals(attribute.getName())) {
              user.setFirstName(attribute.getValues().get(0));
            } else if (UsedOpenIdAttribute.AX_LAST_NAME
                .getOpenIdAttribute()
                .getName()
                .equals(attribute.getName())) {
              user.setLastName(attribute.getValues().get(0));
            } else if (UsedOpenIdAttribute.EMAIL
                .getOpenIdAttribute()
                .getName()
                .equals(attribute.getName())) {
              user.setEmail(attribute.getValues().get(0));
            } else if (UsedOpenIdAttribute.FIRST_NAME
                    .getOpenIdAttribute()
                    .getName()
                    .equals(attribute.getName())
                && user.getFirstName() == null) {
              user.setFirstName(attribute.getValues().get(0));
            } else if (UsedOpenIdAttribute.LAST_NAME
                    .getOpenIdAttribute()
                    .getName()
                    .equals(attribute.getName())
                && user.getLastName() == null) {
              user.setLastName(attribute.getValues().get(0));
            }
          }

          if (StringUtils.isBlank(user.getFirstName()) && StringUtils.isBlank(user.getLastName())) {
            for (OpenIDAttribute attribute : response.getAttributes()) {
              if (UsedOpenIdAttribute.NAME_PERSON
                  .getOpenIdAttribute()
                  .getName()
                  .equals(attribute.getName())) {
                user.setFirstName(attribute.getValues().get(0));
              }
            }
          }

          throw new AuthenticationSucessButMissingRegistrationException(
              "User is authenticated via OpenID but no account exists, yet.", user);
        }

        return new OpenIDAuthenticationToken(
            userDetails,
            userDetails.getAuthorities(),
            response.getIdentityUrl(),
            response.getAttributes());
      }

      if (status == OpenIDAuthenticationStatus.CANCELLED) {
        throw new AuthenticationCancelledException("Log in cancelled");
      }

      if (status == OpenIDAuthenticationStatus.ERROR) {
        throw new AuthenticationServiceException("Error message from server: $response.message");
      }

      if (status == OpenIDAuthenticationStatus.FAILURE) {
        throw new BadCredentialsException("Log in failed - identity could not be verified");
      }

      if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
        throw new AuthenticationServiceException(
            "The server responded setup was needed, which shouldn't happen");
      }

      throw new AuthenticationServiceException("Unrecognized return value $status");
    }

    return null;
  }