如何将spring-social认证与spring-security集成?

时间:2012-02-15 21:14:09

标签: spring spring-security spring-social

我在Spring-security上使用sql-db上的用户名/密码组合作为凭证获得了一个小的webapp。

我现在想用spring-social添加facebook / twitter认证。使用这些示例,我可以将用户凭据存储在我的数据库中。我现在正在使用以下代码在我的应用程序上根据当前会话验证用户身份:

public String signIn(String userId, Connection<?> connection, NativeWebRequest request) {

    User user = userService.getUserById(Long.parseLong(userId));
    user.setPassword(this.passwordEncoder.encodePassword(user.getAccessToken(), this.salt));
    this.userService.store(user);

    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getDisplayName(), user.getAccessToken());

    HttpServletRequest req = request.getNativeRequest(HttpServletRequest.class); // generate session if one doesn't exist
    token.setDetails(new WebAuthenticationDetails(req));
    Authentication authenticatedUser = this.authenticationManager.authenticate(token);
    SecurityContextHolder.getContext().setAuthentication(authenticatedUser);

    return "/user/dashboard";
}

public String signIn(String userId, Connection<?> connection, NativeWebRequest request) { User user = userService.getUserById(Long.parseLong(userId)); user.setPassword(this.passwordEncoder.encodePassword(user.getAccessToken(), this.salt)); this.userService.store(user); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getDisplayName(), user.getAccessToken()); HttpServletRequest req = request.getNativeRequest(HttpServletRequest.class); // generate session if one doesn't exist token.setDetails(new WebAuthenticationDetails(req)); Authentication authenticatedUser = this.authenticationManager.authenticate(token); SecurityContextHolder.getContext().setAuthentication(authenticatedUser); return "/user/dashboard"; }

身份验证有效,我没有得到任何BadCredential-exceptions。但在被重定向到/ user / dashboard后,我被扔回登录。

我没有想法,在经典注册后,用于验证会话的类似代码正在工作。

有没有人知道为什么会发生这种情况或如何调试?

非常感谢! 亨德里克

1 个答案:

答案 0 :(得分:1)

我有类似的代码对我有用,并且还添加了“记住我”支持:

// lookup by id, which in my case is the login
User user = userService.findByLogin(userId);
// code to populate the user's roles
List<GrantedAuthority> authorities = ...;
// create new instance of my UserDetails implementation
UserDetailsImpl springSecurityUser = new UserDetailsImpl(user, authorities);
// create new Authentication using UserDetails instance, password, and roles
Authentication authentication = new UsernamePasswordAuthenticationToken(springSecurityUser, user.getPassword(), authorities);
// set the Authentication in the SecurityContext
SecurityContextHolder.getContext().setAuthentication(authentication);
// optional: remember-me support (must @Autowire in TokenBasedRememberMeServices)
tokenBasedRememberMeServices.onLoginSuccess(
    (HttpServletRequest) request.getNativeRequest(),
    (HttpServletResponse) request.getNativeResponse(),
    authentication);