From: Kai Moritz Date: Mon, 1 Feb 2016 09:02:59 +0000 (+0100) Subject: Switched from InMemoryUsers- to JdbcUsersConnectionRepository with H2 X-Git-Url: http://juplo.de/gitweb/?a=commitdiff_plain;h=3ba0e06f2f52ca1959dccaa33e288369914571af;p=examples%2Ffacebook-app Switched from InMemoryUsers- to JdbcUsersConnectionRepository with H2 This only works, if you have the full strength version of the Java Cryptographic Exctension (JCE) installed, since Spring Security is using a 256-bit key. See http://stackoverflow.com/a/17637354 for a full explanation. --- diff --git a/pom.xml b/pom.xml index 5c70ea4..bff461f 100644 --- a/pom.xml +++ b/pom.xml @@ -28,11 +28,15 @@ NOT_SET NOT_SET + NOT_SET NOT_SET 60000 60000 ERROR + + com.h2database + h2 @@ -61,6 +65,16 @@ org.apache.httpcomponents httpclient + + + org.springframework.boot + spring-boot-starter-data-jpa + + + ${jdbc.groupId} + ${jdbc.artifactId} + runtime + diff --git a/src/main/java/de/juplo/yourshouter/SocialConfig.java b/src/main/java/de/juplo/yourshouter/SocialConfig.java index 7cc9a63..466ed23 100644 --- a/src/main/java/de/juplo/yourshouter/SocialConfig.java +++ b/src/main/java/de/juplo/yourshouter/SocialConfig.java @@ -2,8 +2,11 @@ package de.juplo.yourshouter; +import java.math.BigInteger; import javax.inject.Inject; +import javax.sql.DataSource; import org.apache.http.HttpRequestFactory; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Scope; @@ -12,6 +15,7 @@ import org.springframework.social.UserIdSource; import org.springframework.core.env.Environment; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.crypto.encrypt.Encryptors; import org.springframework.social.config.annotation.ConnectionFactoryConfigurer; import org.springframework.social.config.annotation.EnableSocial; import org.springframework.social.config.annotation.SocialConfigurerAdapter; @@ -20,7 +24,7 @@ import org.springframework.social.connect.ConnectionFactoryLocator; import org.springframework.social.connect.ConnectionRepository; import org.springframework.social.connect.ConnectionSignUp; import org.springframework.social.connect.UsersConnectionRepository; -import org.springframework.social.connect.mem.InMemoryUsersConnectionRepository; +import org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository; import org.springframework.social.connect.web.ConnectController; import org.springframework.social.connect.web.ProviderSignInController; import org.springframework.social.connect.web.SignInAdapter; @@ -38,11 +42,18 @@ import org.springframework.social.facebook.web.CanvasSignInController; @EnableSocial public class SocialConfig extends SocialConfigurerAdapter { + @Inject + DataSource dataSource; @Inject ConnectionSignUp connectionSignUp; @Inject SignInAdapter signInAdapter; + @Value("${facebook.app.secret}") + String secret; + @Value("${facebook.app.salt}") + String salt; + /** * Add a {@link FacebookConnectionFactory} to the configuration. @@ -67,23 +78,33 @@ public class SocialConfig extends SocialConfigurerAdapter } /** - * Configure an instance of {@link InMemoryUsersConnection} as persistent - * store of user/connection-mappings. + * {@inheritDoc} * - * At the moment, no special configuration is needed. + * Configure an instance of {@link JdbcUsersConnection} as persistent + * store of user/connection-mappings. + *

+ * The app-secret is reused as password for the encryption of the data. + * The salt can be changed in the pom.xml + *

+ * This does only work, if you have the Java Crypto Extension (JCE) in + * full strength version, since Spring Security is using a 256-bit key. * - * @param connectionFactoryLocator - * The {@link ConnectionFactoryLocator} will be injected by Spring. - * @return - * The configured {@link UsersConnectionRepository}. + * @see http://stackoverflow.com/a/17637354 */ @Override public UsersConnectionRepository getUsersConnectionRepository( ConnectionFactoryLocator connectionFactoryLocator ) { - InMemoryUsersConnectionRepository repository = - new InMemoryUsersConnectionRepository(connectionFactoryLocator); + JdbcUsersConnectionRepository repository = + new JdbcUsersConnectionRepository( + dataSource, + connectionFactoryLocator, + Encryptors.text( + secret, + String.format("%08x", new BigInteger(1, salt.getBytes())) + ) + ); repository.setConnectionSignUp(connectionSignUp); return repository; } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index a66df89..2c78f2c 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,6 @@ facebook.app.id=@facebook.app.id@ facebook.app.secret=@facebook.app.secret@ +facebook.app.salt=@facebook.app.salt@ facebook.app.canvas=@facebook.app.canvas@ server.port: 8443 @@ -12,6 +13,8 @@ httpclient.timeout.read=@httpclient.timeout.read@ spring.thymeleaf.prefix=/thymeleaf/ spring.thymeleaf.cache=false +spring.datasource.continueOnError=true + logging.level.org.springframework.social=debug logging.level.org.apache.http=@httpclient.logging.level@ logging.level.org.apache.http.wire=ERROR diff --git a/src/main/resources/schema.sql b/src/main/resources/schema.sql new file mode 100644 index 0000000..c3abb8f --- /dev/null +++ b/src/main/resources/schema.sql @@ -0,0 +1,19 @@ +-- This SQL contains a "create table" that can be used to create a table that JdbcUsersConnectionRepository can persist +-- connection in. It is, however, not to be assumed to be production-ready, all-purpose SQL. It is merely representative +-- of the kind of table that JdbcUsersConnectionRepository works with. The table and column names, as well as the general +-- column types, are what is important. Specific column types and sizes that work may vary across database vendors and +-- the required sizes may vary across API providers. + +create table UserConnection (userId varchar(255) not null, + providerId varchar(255) not null, + providerUserId varchar(255), + rank int not null, + displayName varchar(255), + profileUrl varchar(512), + imageUrl varchar(512), + accessToken varchar(512) not null, + secret varchar(512), + refreshToken varchar(512), + expireTime bigint, + primary key (userId, providerId, providerUserId)); +create unique index UserConnectionRank on UserConnection(userId, providerId, rank);