Announcement Announcement Module
No announcement yet.
Spring security 3.0 + CAS 3.5.2 + facebook login-get facebook token and authenticate Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security 3.0 + CAS 3.5.2 + facebook login-get facebook token and authenticate

    hi team,

    This may be wrong location to post security question so suggest where to post.
    i have integrated my spring security base web applilication using CAS server and it works fine.

    now i am trying to implement facebook login in it. so i did require configuration on CAS server side
    and in standalone CAS server its working ok.

    But i am facing problem in integration of facebook login via cas to spring security base web app.

    When user visit site, homepage is display to user on which ther is link for sign in. on clicking it user will be redirect to cas login page
    on which there is option to login with facebook.

    so user on click on login with fb link, facebook login page is display, user enteres credential and user will be redirected
    back to our web application.

    so after redirection i want to invoke facebookAuthenticationFilter in which we have implemented code to get fb unique id.

    but i am not able to invoke it and while debugging found that control is going to authenticationProviderFacebook bean.

    my spring security configuration mentioned below.

            <security:http entry-point-ref="casEntryPoint" auto-config="true">
            		<security:intercept-url pattern="/home" access="IS_AUTHENTICATED_ANONYMOUSLY" />
            		<security:intercept-url pattern="/login" access="ROLE_USER" />
            		<security:intercept-url pattern="/*.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />
            		<security:intercept-url pattern="/*.do" access="ROLE_USER" />
            		<security:custom-filter position="CAS_FILTER" ref="casFilter" />
            		<security:custom-filter before="FORM_LOGIN_FILTER" ref="facebookAuthenticationFilter" />
            		 <security:logout logout-success-url="${cas.server.url}/logout?service=${application.service.url}/home" invalidate-session="true"/>
            <bean id="casEntryPoint" class="">
            		<property name="loginUrl" value="${cas.server.url}/login"/>		
            	    <property name="serviceProperties" ref="serviceProperties"/>
            	<security:authentication-manager alias="authenticationManager">
            		<security:authentication-provider ref="casAuthenticationProvider" />
            		<security:authentication-provider ref="authenticationProviderFacebook" />
            	<bean id="casAuthenticationProvider" class="">
            		<property name="authenticationUserDetailsService">
            			<bean class="">
            				<constructor-arg ref="userDetailsService" />
            		<property name="serviceProperties" ref="serviceProperties" />
            		<property name="ticketValidator">
            		  <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            			<constructor-arg index="0" value="${cas.server.url}" />
            		<property name="key" value="cas"/>
                   	<bean id="facebookAuthenticationFilter" class="">
            		<property name="authenticationManager" ref="authenticationManager" />
            		<property name="authenticationSuccessHandler" ref="facebookAuthenticationSuccessHandler" />
            		<property name="authenticationFailureHandler" ref="authenticationFailureHandler"></property>
            	<bean id="authenticationProviderFacebook" class="">
            		<property name="roles" value="ROLE_FACEBOOK_USER" />
            	<bean id="facebookAuthenticationSuccessHandler" class="">
            		<property name="registrationService" ref="facebookRegistrationService" />
            		<property name="facebookHelper" ref="facebookHelper" />
            	<bean id="facebookHelper" class="com.nihilent.venice.web.util.impl.FacebookHelperImpl" />
    and has below code.

            public class CASFacebookAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
                /** The Constant DEFAULT_FILTER_PROCESS_URL. */
                public static final String DEFAULT_FILTER_PROCESS_URL = "/j_spring_facebook_security_check";
                 * Instantiates a new venice facebook authentication filter.
                protected CASFacebookAuthenticationFilter() {
                 * (non-Javadoc)
                 * HttpServletRequest, javax.servlet.http.HttpServletResponse)
                public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) throws AuthenticationException,
                        IOException, ServletException {
                    HttpServletRequest request = req;
                    HttpServletResponse response = res;
                    System.out.println("------VENICE VeniceFacebookAuthenticationFilterppppp-------");
                    Long uid = null;
                    if(request.getParameter("uid") != null && !"".equals(request.getParameter("uid"))){
                    	uid = Long.valueOf(request.getParameter("uid"));
                    FacebookAuthenticationToken token = new FacebookAuthenticationToken(uid);
                    AuthenticationManager authenticationManager = getAuthenticationManager();
                    Authentication authentication = authenticationManager.authenticate(token);
                    return authentication;
    where FacebookAuthenticationToken is custom class which extends AbstractAuthenticationToken and it's methods.

    and facebookauthenticationprovider has below logic.

            public class FacebookAuthenticationProvider implements AuthenticationProvider {
                 * Instantiates a new facebook authentication provider.
                public FacebookAuthenticationProvider() {
                 * (non-Javadoc)
                 * @see
                public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                	FacebookAuthenticationToken facebookAuthentication = (FacebookAuthenticationToken) authentication;
                	System.out.println("---Facebook --UUID-"+facebookAuthentication.getUid());
                    if (authentication instanceof FacebookAuthenticationToken) {
                        facebookAuthentication = (FacebookAuthenticationToken) authentication;
                        //FacebookAuthenticationToken facebookAuthentication = (FacebookAuthenticationToken) authentication;
                        if (facebookAuthentication.getUid() == null)
                            throw new BadCredentialsException("User not authenticated through facebook");
                        if (roles == null)
                            roles = new String[0];
                        List authorities = new ArrayList();
                        String arr$[] = roles;
                        int len$ = arr$.length;
                        for (int i$ = 0; i$ < len$; i$++) {
                            String role = arr$[i$];
                            authorities.add(new GrantedAuthorityImpl(role));
                        FacebookAuthenticationToken succeedToken = new FacebookAuthenticationToken(facebookAuthentication.getUid(), authorities);
                        return succeedToken;
                    } else {
                        throw new AuthenticationCredentialsNotFoundException("Credential not Found:::fdfdf");
                 * (non-Javadoc)
                 * @see
                public boolean supports(Class authentication) {
                    boolean supports = true;// FacebookAuthenticationToken.isAssignableFrom(authentication);
                    return supports;
                 * Sets the roles.
                 * @param roles the new roles
                public void setRoles(String roles[]) {
                    this.roles = roles;
                 * Gets the roles.
                 * @return the roles
                public String[] getRoles() {
                    return roles;
                /** The roles. */
                private String roles[];
    Any help/hint will be greatly appreciated.

    Thanks and Regards,
    Rohit Kotecha

  • #2
    As I understand it CAS is responsible for authenticating the requests to apps and services in an integrated system, so I'm not sure I understand how something could work as a standalone CAS server and not as the integrated system. Also I'm not sure why your apps and services would have any knowledge of facebook at all (but maybe I misunderstood and the configuration and code samples above are actually from the CAS server?./

    Having said that, I could be wrong but I don't think there are any components in your sample from Spring Security OAuth. If you need help with CAS I'm sure there is a mailing list, and also the main Spring Security forum on this site is probably a useful resource. However, Facebook does use OAuth2 for authentication, so it is certainly possible to see the overlap, and we are happy to help if we can (just not the best place to ask probably).


    • #3

      I'm not sure to understand what you want to achieve here : I think you want to authenticate with your CAS server or with Facebook, right ?
      I advice you to use the Facebook client support provided with the CAS server to handle FB authentication in a centralized way, on the CAS server side :
      Best regards,