Announcement Announcement Module
Collapse
No announcement yet.
Spring Social Remember me with Facebook/Twitter login Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Social Remember me with Facebook/Twitter login

    Is it possible to have a remember me functionality with Facebook and Twitter login using Spring social?

    I'm using Spring Social 1.0.0.RC2 and Spring Security 3.0.5.RELEASE.

    Thanks

  • #2
    I solved this by making my own signin controller and calling the loginSuccess method of the TokenBasedRememberMeServices class.

    Comment


    • #3
      Cool. I wonder, could you reuse the existing ProviderSignInController and plug in a custom SignInAdapter that did this additional RememberMe work? Just wondering if that would also work for you.

      Comment


      • #4
        Originally posted by Keith Donald View Post
        Cool. I wonder, could you reuse the existing ProviderSignInController and plug in a custom SignInAdapter that did this additional RememberMe work? Just wondering if that would also work for you.
        I thought about this method but it appeared it would not work because the SignInAdapter interface has the following signature for the signIn method: String signIn(String userId, Connection<?> connection, NativeWebRequest request);

        onLoginSuccess of TokenBasedRememberMeServices requires a HttpServletRequest request and HttpServletResponse response and I'm not sure how those fields can be passed down to the adapter method.
        Signature of onLoginSuccess: public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)

        If I missed something obvious please let me know.

        Comment


        • #5
          NativeWebRequest provides access to the Native HttpServletRequest and HttpServletResponse. Check the API JavaDocs for details. Quickstart I believe also shows this.

          Let me know if it in fact works out for you b/c our SignInController should be flexible enough to support cases like this.

          Keith

          Comment


          • #6
            Originally posted by Keith Donald View Post
            NativeWebRequest provides access to the Native HttpServletRequest and HttpServletResponse. Check the API JavaDocs for details. Quickstart I believe also shows this.

            Let me know if it in fact works out for you b/c our SignInController should be flexible enough to support cases like this.

            Keith
            Thanks, I completely overlooked this. I'm going to test it tomorrow and let you know the results, but it should work.

            Comment


            • #7
              Thanks, it worked. I was over thinking things.

              Comment


              • #8
                Thanks guys. I just ran into this myself. For anyone else wondering:

                This assumes you have set the "alwaysRemember" flag to true otherwise you would somehow need to pass the parameter value (e.g. _spring_security_remember_me) as well. I couldn't figure out how to do this nicely. Implement your own version of SignInAdapter and here's the signIn method.

                Code:
                public String signIn(String localUserId, Connection<?> connection, NativeWebRequest request) {
                        User user = userService.findUser(new ObjectId(localUserId), true);
                
                        // set user in secure context
                        Principal principal = new Principal(user);
                        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities()));
                
                        // add remember me
                        rememberMeServices.loginSuccess(request.getNativeRequest(HttpServletRequest.class), request.getNativeResponse(HttpServletResponse.class), SecurityContextHolder.getContext().getAuthentication());
                
                        return extractOriginalUrl(request);
                    }
                Last edited by bjornharvold; Sep 26th, 2011, 04:41 PM.

                Comment


                • #9
                  Hey Bjorn,

                  Thanks for the post. Was looking at doing this exact thing myself. A couple of quick questions:

                  Are you still adding the spring_security_remember_me parameter to the request?, or does the rememberMeService take care of this?

                  Are you redirecting(client) after extracting the original URL?

                  I tried this out, and it does not seem like the REMEMBER_ME cookie is being set....I am probably doing something stupid here.

                  Thanks,

                  Joe

                  Comment


                  • #10
                    Hi Joe,

                    You have to set alwaysRemember to true for this to work. Have not come up with a way to elegantly passing the spring remember me param here.

                    Here's the rest of the code:
                    Code:
                    private String extractOriginalUrl(NativeWebRequest request) {
                            HttpServletRequest nativeReq = request.getNativeRequest(HttpServletRequest.class);
                            HttpServletResponse nativeRes = request.getNativeResponse(HttpServletResponse.class);
                            SavedRequest saved = requestCache.getRequest(nativeReq, nativeRes);
                            if (saved == null) {
                                return null;
                            }
                            requestCache.removeRequest(nativeReq, nativeRes);
                            removeAutheticationAttributes(nativeReq.getSession(false));
                            return saved.getRedirectUrl();
                        }
                    
                        private void removeAutheticationAttributes(HttpSession session) {
                            if (session == null) {
                                return;
                            }
                            session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
                        }

                    Comment


                    • #11
                      Hi Bjorn,

                      Thanks for getting back to me, and forgive my ignorance, but where is the 'alwaysRemember' flag set? In the xml config?

                      Joe

                      Comment


                      • #12
                        Originally posted by josephshoop View Post
                        Hi Bjorn,

                        Thanks for getting back to me, and forgive my ignorance, but where is the 'alwaysRemember' flag set? In the xml config?

                        Joe
                        AbstractRemeberMeServices.java

                        private boolean alwaysRemember;

                        So, you'd have to wire up your RememberMeServices with alwaysRemember set to true.
                        I was playing around with Spring Security 3.1 at one point and noticed this defaulted to false whereas Spring Security 3.0 defaulted to true.

                        Comment


                        • #13
                          Thanks Bjorn! Just switched to 3.1...not sure I would have noticed that.

                          Comment


                          • #14
                            Hi,
                            Can some one put whole code for this process here.
                            I am really want to use it but dont know from where to start.

                            spring framework
                            Last edited by abani; Dec 18th, 2011, 02:22 AM.

                            Comment


                            • #15
                              Hey Abani..

                              The code is understandable by taking in a look at both Spring Security and Spring Social examples. I would look at the latest Spring Social examples, as well as following the Spring Security examples. If you have already done that, you will be able to use Bjorn's sample code. What I needed to do, and what Bjorn makes clear, is set alwaysRemember in the rememberMeServices config...for example:


                              Code:
                              	<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
                              	  <beans:property name="userDetailsService" ref="userDetailsService"/>
                              	  <beans:property name="key" value="rememberMeKey"/>
                              	  <beans:property name="alwaysRemember" value="true"/>	  
                              	</beans:bean>
                              There are quite a few integration steps, but with the great Spring Security and Spring Social Tutorials, it is pretty easy, and rad.

                              Joe

                              Comment

                              Working...
                              X