我正在实施spring-social-facebook和spring-social-google。到目前为止,我已设法登录并注销用户,将其与我的数据库等一起保存。所以一切都按预期工作。但是当我登录然后尝试使用其他Facebook(或Google)用户登录时,我的Facebook(或Google)对象会返回首次登录的用户凭据。即使在我对另一个用户进行身份验证之后,它似乎仍然具有旧的连接。 以下是我的facebook示例
Facebook控制器
@Controller
public class LoginController {
private Facebook facebook;
private Google google;
private ConnectionRepository connectionRepository;
@Autowired
private DetailService manager;
@Autowired
private UserService users;
@Autowired
public LoginController(Facebook facebook, Google google, ConnectionRepository connectionRepository) {
this.facebook = facebook;
this.google = google;
this.connectionRepository = connectionRepository;
}
@RequestMapping(value = "/facebookProcessor", method = RequestMethod.POST)
public String facebookProcessor(Model model) {
if (connectionRepository.findPrimaryConnection(Facebook.class) == null) {
return "redirect:/connect/facebook";
}
String email = facebook.userOperations().getUserProfile().getEmail();
String name = facebook.userOperations().getUserProfile().getName();
String fbID = facebook.userOperations().getUserProfile().getId();
if (users.findByUsername(email) == null) {
User user = new User();
user.setUsername(email);
user.setName(name);
user.setProvider("faceboob");
user.setPassword(fbID);
user.setRoles(new String[]{"ROLE_USER"});
users.save(user);
UserDetails userDetails = manager.loadUserByUsername (user.getUsername());
Authentication auth = new UsernamePasswordAuthenticationToken (userDetails.getUsername (),userDetails.getPassword (),userDetails.getAuthorities ());
SecurityContextHolder.getContext().setAuthentication(auth);
}else if(Objects.equals(users.findByUsername(email).getUsername(),email)){
UserDetails userDetails = manager.loadUserByUsername (email);
Authentication auth = new UsernamePasswordAuthenticationToken (userDetails.getUsername (),userDetails.getPassword (),userDetails.getAuthorities ());
SecurityContextHolder.getContext().setAuthentication(auth);
}
return "redirect:/entries";
}
}
SocialConfig
@Configuration
@EnableSocial
public class SocialConfig {
@Value("${spring.social.google.appId}")
private String googleAppId;
@Value("${spring.social.google.appSecret}")
private String googleAppSecert;
@Value("${spring.social.facebook.appId}")
private String facebookAppId;
@Value("${spring.social.facebook.appSecret}")
private String facebookAppSecret;
private ConnectionRepository connectionRepository;
@Bean
public ConnectionFactoryLocator connectionFactoryLocator() {
ConnectionFactoryRegistry registry = new ConnectionFactoryRegistry();
registry.addConnectionFactory(new GoogleConnectionFactory(
googleAppId,
googleAppSecert));
registry.addConnectionFactory(new FacebookConnectionFactory(
facebookAppId,
facebookAppSecret));
return registry;
}
}
WebSecurityConfiguration 以防万一..
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
DetailService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(User.PASSWORD_ENCODER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/signup").permitAll()
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.successHandler(loginSuccessHandler())
.failureHandler(loginFailureHandler())
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/login")
.and()
.csrf().disable();
http.headers().frameOptions().disable();
}
public AuthenticationSuccessHandler loginSuccessHandler() {
return (request, response, authentication) -> response.sendRedirect("/");
}
public AuthenticationFailureHandler loginFailureHandler() {
return (request, response, exception) -> {
response.sendRedirect("/login");
};
}
@Bean
public EvaluationContextExtension securityExtension() {
return new EvaluationContextExtensionSupport() {
@Override
public String getExtensionId() {
return "security";
}
@Override
public Object getRootObject() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return new SecurityExpressionRoot(authentication) {
};
}
};
}
}