Announcement Announcement Module
Collapse
No announcement yet.
Spring Social and Spring Security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Social and Spring Security

    Hi,

    I have worked on my Spring Social login (without Spring Security) and now it works great.
    Now I have migrated my test- application into my real application which works with Spring Security.

    I'am sure that some work has to be done in order to get Spring Social work with Spring Security.

    In the class MyProviderSignAdapter#signin(...) I have to authenticate the user which has logged in over e.g. twitter. I' am not sure where to get the email and the password.

    Currently I have this config above in my Spring- Security- Config- file (authenticationDao).
    This means in my database I have 2 tables tuser and tauthority.

    In order to authenticate the user in MyProviderSignAdapter#signin(...) I have to store the "twitter"- user in this 2 tables.

    I' am not sure whether I'am right?
    Thanks for your help in advance!
    Generic


    HTML Code:
     <bean id="authenticationDao" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
            <property name="dataSource" ref="dataSource" />
            <property name="usersByUsernameQuery">
                <value>
                    SELECT email as username, password, enabled
                    FROM tuser
                    WHERE email = ?;
                </value>
            </property>
            <property name="authoritiesByUsernameQuery">
                <value>
                    SELECT u.email as username, authority
                    FROM tauthority as a, tuser u
                    WHERE a.pk_signedinauthority=u.pk_signedinuser
                    AND u.email = ?;
                </value>
            </property>
        </bean>
    Code:
    final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(email, password);
    HttpServletRequest req = request.getNativeRequest(HttpServletRequest.class); 
    token.setDetails(new WebAuthenticationDetails(req));
    final Authentication authentication = providerManager.authenticate(token);
    SecurityContextHolder.getContext().setAuthentication(authentication);

  • #2
    Have you seen the Spring Social Showcase example at https://github.com/SpringSource/spri...cial-showcase? Specifically, take a look at SimpleSignInAdapter.java and SignInUtils.java. I think that might be what you're looking for.

    Should this be made part of Spring Social instead of just being in an example? Perhaps...it's something to think about. I do have plans to do more with Spring Security soon, so I'll keep this in mind as I work on that.

    Comment


    • #3
      Thanks for the reply. It is still not clear for me how I can write the user- data into my two "Spring Security database tables" user and authority. Should I do this work in SignInAdapter#signIn or is there another method which I can overwrite to do this work.
      I also have a pinwall table which has an 1:1 realtion with the user table - so this means I absolutely need a user which has logged in with twitter in my "Spring Security" user table - So I would need a method which will be invoked before the twitter user data is written into the Spring social userconnection database table - in this method I would extract the data of the twitter user and I would write this data into my tuser and tauthority- table.
      Is there a way to do this with Spring Social.

      Thanks a lot!
      Generic

      Comment


      • #4
        Hi

        I thought I would share my understanding of the ProviderSignInController flow in case this helps with your situation:

        ProviderSignInController supports two primary use-cases after establishing a connection with a provider:

        1) If the connection *does not* already exist in the UsersConnectionRepository ( which would likely be the case if the user was visiting your site for the first time), the user will be redirected to the "signUpUrl" that is configured in your ProviderSignInController.

        It will be up to your application to provide a controller at this url which creates a local user account, populates your own user tables and links this local user account to the connection stored in the UsersConnectionRepository (see the SignUpController in the showcase for an example of this)

        Alternatively, if you have configured your UsersConnectionRepository with a ConnectionSignUp implementation, this local user account creation can be done implicitly by the ConnectionSignUp - the user won't be redirected to the "signUpUrl", the ConnectionSignUp code will be called, and spring social will link the newly-created user to the connection.

        2) If the connection *does* already exist in the UsersConnectionRepository (if the user has used your application previously), the signIn method of your SignInAdapter will be called, providing an opportunity for your application to set the authentication based on the existing user's connection.

        If I understand your question correctly, you seem to be asking where you actually write the user data to your own application tables when the user first logs in to your application and creates an account. If this is what you are asking, then it will be use-case 1) you'll need to handle - so you can either:

        a) Provide your own controller to allow the user to "sign-Up" and create a user account and then link this account to the spring-social connection ( write user data to your own tables and then call ProviderSignInUtils.handlePostSignUp for example - as in the SignUpController in the showcase)

        or

        b) Provide your own implementation of ConnectionSignUp and configure UsersConnectionRepository with this implementation. This ConnectionSignUp can then create the user account in your database, returning the local user id to spring social, and spring-social will take care of the rest. This ConnectionSignUp has a handle onto the connection that was just established, so it's possible here to create the local user account with data from this connection - defaulting the username if it's available to the 3rd party username for example.

        Hope this helps,

        Michael

        Comment


        • #5
          Thanks a lot, now it is pretty clear!!
          Generic

          Comment

          Working...
          X