Announcement Announcement Module
Collapse
No announcement yet.
SignInController problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SignInController problem

    Hello, i try to use Spring social to use Facebook authentication in my application. I have next configuration:

    context

    Code:
    <!-- Social -->
    	<bean id="connectionFactoryLocator" 
          class="org.springframework.social.connect.support.ConnectionFactoryRegistry">
        <property name="connectionFactories">
            <list>
                <bean class="org.springframework.social.facebook.connect.FacebookConnectionFactory">
                    <constructor-arg value="${facebook.appId}" />
                    <constructor-arg value="${facebook.appSecret}" />				
                </bean>
            </list>
        </property>
    	</bean>
    	
    	<bean id="usersConnectionRepository" 
          class="org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository">
    	    <constructor-arg><jee:jndi-lookup jndi-name="jdbc/meritkapitalbbgdb"/></constructor-arg>
    	    <constructor-arg ref="connectionFactoryLocator" />
    	    <constructor-arg ref="textEncryptor" />
    	</bean>
    	
    	<bean id="connectionRepository" factory-method="createConnectionRepository" 
    	      factory-bean="usersConnectionRepository" scope="request">
    	    <constructor-arg value="#{request.userPrincipal.name}" />
    	    <aop:scoped-proxy proxy-target-class="false" />
    	</bean>
    	
    	<bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors" 
                factory-method="noOpText" />
                
        <bean class="org.springframework.social.connect.web.ProviderSignInController">
        <!-- relies on by-type autowiring for the constructor-args -->
        <property name="applicationUrl" value="${application.url}" />
    </bean>
    SignInAdapter
    Code:
    @Service
    public class SpringSecuritySignInAdapter implements SignInAdapter {
    
    	@Override
    	public String signIn(String arg0, Connection<?> arg1, NativeWebRequest arg2) {
    		System.out.println("SIGN " + arg0);
    		SecurityContextHolder.getContext().setAuthentication(
    	            new UsernamePasswordAuthenticationToken(arg0, null, null));
    		return null;
    	}
    
    }
    html

    Code:
    <c:url value='/signin/facebook' var="facebook"/>
    <form:form id="tw_signin" action="${facebook}" method="POST">
      <button type="submit">
        SIGN
      </button>
    </form:form>
    also i have setuped Spring security xml

    Code:
     <context:component-scan base-package="com.meritservus.service" resource-pattern="UserServiceImpl.class"/>
           <context:component-scan base-package="com.meritservus.dao.jpa" resource-pattern="JpaUserDao.class"/>
           <context:component-scan base-package="com.meritservus.dao.jpa" resource-pattern="JpaAuthorityDao.class"/>
           
           <http auto-config="true" security="none" pattern="/upload/uploadFile.mrk"/>
               <http auto-config="true" security="none" pattern="/mkRegisterUser.mrk"/>
               <http auto-config="true" security="none" pattern="/registerMkUser.mrk"/>
               <http auto-config="true" security="none" pattern="/viewResetPassword.mrk"/>
               <http auto-config="true" security="none" pattern="/resetUserPassword2.mrk"/>
               <http auto-config="true" security="none" pattern="/successRegistration.mrk"/>
               <http auto-config="true" security="none" pattern="/signin/**"/>	 
        <!-- Security -->
        <http auto-config='true' access-denied-page="/accessDenied.mrk">
           <intercept-url pattern="/*" access="ROLE_MK, ROLE_CLIENT, ROLE_SUPER_ADMIN" />
            <remember-me key="meritkapital" /> 
         
            <form-login login-page="/login/login.mrk" authentication-failure-url="/login/loginError.mrk?login_error=true"/>
            <logout invalidate-session="true" success-handler-ref="simpleLogouHandler" logout-url="/j_spring_security_logout"/>
            <session-management invalid-session-url="/login/login.mrk">
            	<concurrency-control max-sessions="1" expired-url="/login/login.mrk"/>
            </session-management>  
            
               </http>
               
              
               
        
        <!-- We have to create this bean manually because i we using a special tags, we don't
        have any possibilities to receive events about loggining -->
        
        	<beans:bean
    		id="org.springframework.security.authenticationManager"
    		class="org.springframework.security.authentication.ProviderManager">
    		<beans:property name="providers">
    			<beans:list>
    				<beans:ref bean="daoAuthenticationProvider" />
    			</beans:list>
    		</beans:property>
    		<beans:property name="authenticationEventPublisher" ref="defaultAuthenticationEventPublisher" />
    	</beans:bean>
    	
    	<beans:bean id="daoAuthenticationProvider"
    		class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    		<beans:property name="userDetailsService" ref="userService" />
    		<beans:property name="passwordEncoder" ref="passEncoder" />
    	</beans:bean>
    
    	<beans:bean id="passEncoder"
    		class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />
    
    	<beans:bean id="defaultAuthenticationEventPublisher"
    		class="org.springframework.security.authentication.DefaultAuthenticationEventPublisher" />
    
    	<beans:bean id="simpleLogouHandler" class="com.meritservus.web.LogoutListener"/>
    but when i clicked Sign In button i see that requests have been sending to Facebook but after i redirected to login page of my application and in the browser i see next:

    http://127.0.0.1:8080/meritkapital/login/login.mrk#_=_

    what is the problem ? why it doesn't authenticate me ?

  • #2
    From the looks of the one <intercept-url> in your Spring Security configuration, it seems that *ALL* paths are being intercepted and require an authenticated user with a selection of roles. The problem is, at the point where Facebook redirects back to your app, your user isn't signed in yet (that'll be one of the next things that happens, but it hasn't happened yet). So, the Spring Security filters kick in and redirect your user to your app's sign-in page.

    I recommend adding another <intercept-url> (before the existing one) that allows /signin/* requests to pass through unhindered by Spring Security.

    Comment

    Working...
    X