+++ /dev/null
-package de.juplo.yourshouter;
-
-import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.stereotype.Service;
-
-
-/**
- * Specialized implementation of {@link AuthenticationEntryPoint}, that
- * redirects to the social sign-in-page, to let the user decide to sign in or
- * not.
- *
- * @author Kai Moritz
- */
-@Service
-public class SocialAuthenticationEntryPoint implements AuthenticationEntryPoint
-{
- private static final Logger LOG =
- LoggerFactory.getLogger(SocialAuthenticationEntryPoint.class);
-
- public final static String REDIRECT_ATTRIBUTE =
- SocialAuthenticationEntryPoint.class.getCanonicalName() + ".REDIRECT";
-
-
- /**
- * {@inheritDoc}
- *
- * To commence the sign-in through the Graph-API, we have to redirect
- * to our already implemented sign-in-page.
- * <p>
- * We store the originally requested page in the {@link HttpSession}, to be
- * redirect back to that page after a successful authentication in
- * {@link SpringSecuritySignInAdapter}.
- * <p>
- * Only the first request of a ressource, that requires authentication, will
- * trigger the redirect to the sing-in-page.
- *
- * @see SpringSecuritySignInAdapter
- */
- @Override
- public void commence(
- HttpServletRequest request,
- HttpServletResponse response,
- AuthenticationException exception
- )
- throws
- IOException,
- ServletException
- {
- HttpSession session = request.getSession();
- if (session.getAttribute(REDIRECT_ATTRIBUTE) == null)
- {
- LOG.info(
- "redirecting unauthenticated request to {}",
- request.getRequestURI()
- );
- StringBuffer url = request.getRequestURL();
- if (request.getQueryString() != null)
- {
- url.append('?');
- url.append(request.getQueryString());
- }
- session.setAttribute(REDIRECT_ATTRIBUTE, url.toString());
- response.sendRedirect("/signin.html");
- }
- else
- {
- LOG.info(
- "redirect to sign-in already in progress, forbidding access to {}",
- request.getRequestURI()
- );
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
- }
- }
-}
import org.springframework.social.connect.UsersConnectionRepository;
import org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository;
import org.springframework.social.connect.web.ConnectController;
-import org.springframework.social.connect.web.ProviderSignInController;
import org.springframework.social.connect.web.SignInAdapter;
import org.springframework.social.facebook.api.Facebook;
import org.springframework.social.facebook.connect.FacebookConnectionFactory;
return controller;
}
- /**
- * Configure the {@link ProviderSignInController} to use our implementation
- * of {@link SignInAdapter} to sign in the user by storing the ID in the
- * {@link SecurityContext} and the user-cookie.
- *
- * @param factoryLocator The {@link ConnectionFactoryLocator} will be injected by Spring.
- * @param repository The {@link UserConnectionRepository} will be injected by Spring.
- * @return The configured {@link ProviderSignInController}
- */
- @Bean
- public ProviderSignInController signInController(
- ConnectionFactoryLocator factoryLocator,
- UsersConnectionRepository repository
- )
- {
- ProviderSignInController controller =
- new ProviderSignInController(factoryLocator, repository, signInAdapter);
- return controller;
- }
-
/**
* Configure the {@link CanvasSignInController} to enable sign-in through
* the <code>signed_request</code>, that Facebook sends to the canvas-page.
package de.juplo.yourshouter;
-import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.social.connect.Connection;
import org.springframework.social.connect.web.SignInAdapter;
import org.springframework.stereotype.Service;
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken(user, null, null));
- HttpSession session =
- request.getNativeRequest(HttpServletRequest.class).getSession();
- String redirect =
- (String)session
- .getAttribute(SocialAuthenticationEntryPoint.REDIRECT_ATTRIBUTE);
- if (redirect != null)
- {
- LOG.info("redirecting to originally requested resource {}", redirect);
- session.removeAttribute(SocialAuthenticationEntryPoint.REDIRECT_ATTRIBUTE);
- }
- else
- {
- LOG.info("found no original request in session, redirecting to default");
- }
- return redirect;
+ return null;
}
}
package de.juplo.yourshouter;
-import javax.inject.Inject;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
- @Inject
- AuthenticationEntryPoint authenticationEntryPoint;
-
-
/**
* @{@inheritDoc}
*
*/
.ignoringAntMatchers("/canvas/*", "/h2-console/*")
.and()
- .exceptionHandling()
- .authenticationEntryPoint(authenticationEntryPoint)
- .and()
.headers()
/**
* All pages must be allowed, to be displayed inside a frame.
.frameOptions().disable()
.and()
.authorizeRequests()
- .antMatchers("/signin.html", "/signin/*", "/canvas/*").permitAll()
+ .antMatchers("/canvas/*").permitAll()
.anyRequest().authenticated();
}
+++ /dev/null
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
- <head>
- <title>Connect to Facebook</title>
- </head>
- <body>
- <h1>Connect to Facebook</h1>
- <form action="#" th:action="@{/connect/facebook}" method="POST">
- <div class="formInfo">
- <p>
- You aren't connected to Facebook yet.
- Click the button to connect with your Facebook account.
- </p>
- </div>
- <p><button type="submit">Connect to Facebook</button></p>
- </form>
- </body>
-</html>
+++ /dev/null
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
- <head>
- <title>Connect to Facebook</title>
- </head>
- <body>
- <p>Back <a href="home.html" th:href="@{/}">HOME</a></p>
- <hr />
- <h1>Connected to Facebook</h1>
- <p>
- You are now connected to your Facebook account.
- </p>
- </body>
-</html>
<body>
<h1>Hello, <span th:text="${user.name}">Some User</span>!</h1>
<ul>
- <li><a href="connect/facebookConnected.html" th:href="@{/connect/facebook.html}">Show connection-status</a></li>
<li><a href="profile.html" th:href="@{/profile.html}">Show public profile-data</a></li>
<li><a href="#" th:href="@{/h2-console}">Connect to the H2-console</a></li>
</ul>
+++ /dev/null
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
- <head>
- <title>Sign In</title>
- </head>
- <body>
- <form action="#" th:action="@{/signin/facebook}" method="POST">
- <input type="hidden" name="scope" value="public_profile,manage_pages" />
- <button type="submit">Sign in with Facebook</button>
- </form>
- </body>
-</html>