1 package de.juplo.yourshouter;
4 import javax.servlet.http.HttpServletRequest;
5 import javax.servlet.http.HttpSession;
6 import org.slf4j.Logger;
7 import org.slf4j.LoggerFactory;
8 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
9 import org.springframework.security.core.context.SecurityContext;
10 import org.springframework.security.core.context.SecurityContextHolder;
11 import org.springframework.social.connect.Connection;
12 import org.springframework.social.connect.web.SignInAdapter;
13 import org.springframework.stereotype.Service;
14 import org.springframework.web.context.request.NativeWebRequest;
18 * Simple implementation of {@link SignInAdapter}.
20 * This implementation signes in the user by storing him in the
21 * {@link SecurityContext} provided by Spring-Security, using the user-ID as
24 * We configured Spring-Social to call this implementation, to sign in the
25 * user, after he was authenticated by Facebook.
30 public class SpringSecuritySignInAdapter implements SignInAdapter
32 private final static Logger LOG =
33 LoggerFactory.getLogger(SpringSecuritySignInAdapter.class);
38 * Stores the user in the {@link SecurityContext} provided by Spring Security
39 * to sign him in. Spring Security will automatically persist the
40 * authentication in the user-session for subsequent requests.
42 * If an originally requested ressource was stored in the {@link HttpSession}
43 * by the {@link SocialAuthenticationEntryPoint}, that URL will be returned,
44 * so that the {@link RequestCache} can restore the request.
45 * Otherwise, <code>null</code> will be returned, to indicate, that the user
46 * should be redirected to the default-post-sign-in-URL (configured in
47 * {@link ProviderSinInController}) after a successfull authentication.
49 * @see {@link SocialAuthenticationEntryPoint}
50 * @see {@link ProviderSignInController#postSignInUrl}
55 Connection<?> connection,
56 NativeWebRequest request
60 "signing in user {} (connected via {})",
62 connection.getKey().getProviderId()
65 SecurityContextHolder.getContext().setAuthentication(
66 new UsernamePasswordAuthenticationToken(user, null, null));
69 request.getNativeRequest(HttpServletRequest.class).getSession();
72 .getAttribute(SocialAuthenticationEntryPoint.REDIRECT_ATTRIBUTE);
75 LOG.info("redirecting to originally requested resource {}", redirect);
76 session.removeAttribute(SocialAuthenticationEntryPoint.REDIRECT_ATTRIBUTE);
80 LOG.info("found no original request in session, redirecting to default");