Announcement Announcement Module
No announcement yet.
Spring security 3.0 + CAS 3.5.2 + facebook login-get facebook token and authenticate Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security 3.0 + CAS 3.5.2 + facebook login-get facebook token and authenticate

    hi team,

    i have integrated my spring security base web applilication using CAS server and it works fine.

    now i am trying to implement facebook login in it. so i did require configuration on CAS server side
    and in standalone CAS server its working ok.

    But i am facing problem in integration of facebook login via cas to spring security base web app.

    When user visit site, homepage is display to user on which ther is link for sign in. on clicking it user will be redirect to cas login page
    on which there is option to login with facebook.

    so user on click on login with fb link, facebook login page is display, user enteres credential and user will be redirected
    back to our web application.

    so after redirection i want to invoke facebookAuthenticationFilter in which we have implemented code to get fb unique id.

    but i am not able to invoke it and while debugging found that control is going to authenticationProviderFacebook bean.

    my spring security configuration mentioned below.

    <security:http entry-point-ref="casEntryPoint" auto-config="true">
    		<security:intercept-url pattern="/home" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<security:intercept-url pattern="/login" access="ROLE_USER" />
    		<security:intercept-url pattern="/*.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<security:intercept-url pattern="/*.do" access="ROLE_USER" />
    		<security:custom-filter position="CAS_FILTER" ref="casFilter" />
    		<security:custom-filter before="FORM_LOGIN_FILTER" ref="facebookAuthenticationFilter" />
    		 <security:logout logout-success-url="${cas.server.url}/logout?service=${application.service.url}/home" invalidate-session="true"/>
    <bean id="casEntryPoint" class="">
    		<property name="loginUrl" value="${cas.server.url}/login"/>		
    	    <property name="serviceProperties" ref="serviceProperties"/>
    	<security:authentication-manager alias="authenticationManager">
    		<security:authentication-provider ref="casAuthenticationProvider" />
    		<security:authentication-provider ref="authenticationProviderFacebook" />
    	<bean id="casAuthenticationProvider" class="">
    		<property name="authenticationUserDetailsService">
    			<bean class="">
    				<constructor-arg ref="userDetailsService" />
    		<property name="serviceProperties" ref="serviceProperties" />
    		<property name="ticketValidator">
    		  <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
    			<constructor-arg index="0" value="${cas.server.url}" />
    		<property name="key" value="cas"/>
     <bean id="userDetailsService" class="">
    		<property name="loginService" ref="loginService" />
    	 <bean id="serviceProperties" class="">
        		<property name="service" value="${application.service.url}/j_spring_cas_security_check"/>
    	      <property name="sendRenew" value="false"/>
    	<bean id="facebookAuthenticationFilter" class="">
    		<property name="authenticationManager" ref="authenticationManager" />
    		<property name="authenticationSuccessHandler" ref="facebookAuthenticationSuccessHandler" />
    		<property name="authenticationFailureHandler" ref="authenticationFailureHandler"></property>
    	<bean id="authenticationProviderFacebook" class="">
    		<property name="roles" value="ROLE_FACEBOOK_USER" />
    	<bean id="facebookAuthenticationSuccessHandler" class="">
    		<property name="registrationService" ref="facebookRegistrationService" />
    		<property name="facebookHelper" ref="facebookHelper" />
    	<bean id="facebookHelper" class="com.nihilent.venice.web.util.impl.FacebookHelperImpl" />

    and has below code.

    public class CASFacebookAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
        /** The Constant DEFAULT_FILTER_PROCESS_URL. */
        public static final String DEFAULT_FILTER_PROCESS_URL = "/j_spring_facebook_security_check";
         * Instantiates a new venice facebook authentication filter.
        protected CASFacebookAuthenticationFilter() {
         * (non-Javadoc)
         * HttpServletRequest, javax.servlet.http.HttpServletResponse)
        public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) throws AuthenticationException,
                IOException, ServletException {
            HttpServletRequest request = req;
            HttpServletResponse response = res;
            System.out.println("------VENICE VeniceFacebookAuthenticationFilterppppp-------");
            Long uid = null;
            if(request.getParameter("uid") != null && !"".equals(request.getParameter("uid"))){
            	uid = Long.valueOf(request.getParameter("uid"));
            FacebookAuthenticationToken token = new FacebookAuthenticationToken(uid);
            AuthenticationManager authenticationManager = getAuthenticationManager();
            Authentication authentication = authenticationManager.authenticate(token);
            return authentication;
    where FacebookAuthenticationToken is custom class which extends AbstractAuthenticationToken and it's methods.

    and facebookauthenticationprovider has below logic.

    public class FacebookAuthenticationProvider implements AuthenticationProvider {
         * Instantiates a new facebook authentication provider.
        public FacebookAuthenticationProvider() {
         * (non-Javadoc)
         * @see
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        	FacebookAuthenticationToken facebookAuthentication = (FacebookAuthenticationToken) authentication;
        	System.out.println("---Facebook --UUID-"+facebookAuthentication.getUid());
            if (authentication instanceof FacebookAuthenticationToken) {
                facebookAuthentication = (FacebookAuthenticationToken) authentication;
                //FacebookAuthenticationToken facebookAuthentication = (FacebookAuthenticationToken) authentication;
                if (facebookAuthentication.getUid() == null)
                    throw new BadCredentialsException("User not authenticated through facebook");
                if (roles == null)
                    roles = new String[0];
                List authorities = new ArrayList();
                String arr$[] = roles;
                int len$ = arr$.length;
                for (int i$ = 0; i$ < len$; i$++) {
                    String role = arr$[i$];
                    authorities.add(new GrantedAuthorityImpl(role));
                FacebookAuthenticationToken succeedToken = new FacebookAuthenticationToken(facebookAuthentication.getUid(), authorities);
                return succeedToken;
            } else {
                throw new AuthenticationCredentialsNotFoundException("Credential not Found:::fdfdf");
         * (non-Javadoc)
         * @see
        public boolean supports(Class authentication) {
            boolean supports = true;// FacebookAuthenticationToken.isAssignableFrom(authentication);
            return supports;
         * Sets the roles.
         * @param roles the new roles
        public void setRoles(String roles[]) {
            this.roles = roles;
         * Gets the roles.
         * @return the roles
        public String[] getRoles() {
            return roles;
        /** The roles. */
        private String roles[];
    Any help/hint will be greatly appreciated.

    Thanks and Regards,
    Rohit Kotecha

  • #2
    This forum is for the Spring Integration project, not general "integration" questions. I suggest you ask your question in the "Security" forum.