Switched to Encryptors.noOpText(), because of Illegal-key-size-issue

[examples/facebook-app] / src / main / java / de / juplo / yourshouter / SocialConfig.java

diff --git a/src/main/java/de/juplo/yourshouter/SocialConfig.java b/src/main/java/de/juplo/yourshouter/SocialConfig.java
index 4573fbb..3718953 100644 (file)
--- a/src/main/java/de/juplo/yourshouter/SocialConfig.java
+++ b/src/main/java/de/juplo/yourshouter/SocialConfig.java
@@ -3,6 +3,7 @@ package de.juplo.yourshouter;
 
 
 import javax.inject.Inject;
+import javax.sql.DataSource;
 import org.apache.http.HttpRequestFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -11,6 +12,8 @@ import org.springframework.context.annotation.ScopedProxyMode;
 import org.springframework.social.UserIdSource;
 import org.springframework.core.env.Environment;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.crypto.encrypt.Encryptors;
 import org.springframework.social.config.annotation.ConnectionFactoryConfigurer;
 import org.springframework.social.config.annotation.EnableSocial;
 import org.springframework.social.config.annotation.SocialConfigurerAdapter;
@@ -19,7 +22,7 @@ import org.springframework.social.connect.ConnectionFactoryLocator;
 import org.springframework.social.connect.ConnectionRepository;
 import org.springframework.social.connect.ConnectionSignUp;
 import org.springframework.social.connect.UsersConnectionRepository;
-import org.springframework.social.connect.mem.InMemoryUsersConnectionRepository;
+import org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository;
 import org.springframework.social.connect.web.ConnectController;
 import org.springframework.social.connect.web.ProviderSignInController;
 import org.springframework.social.connect.web.SignInAdapter;
@@ -37,6 +40,8 @@ import org.springframework.social.facebook.web.CanvasSignInController;
 @EnableSocial
 public class SocialConfig extends SocialConfigurerAdapter
 {
+  @Inject
+  DataSource dataSource;
   @Inject
   ConnectionSignUp connectionSignUp;
   @Inject
@@ -66,23 +71,30 @@ public class SocialConfig extends SocialConfigurerAdapter
   }
 
   /**
-   * Configure an instance of {@link InMemoryUsersConnection} as persistent
-   * store of user/connection-mappings.
+   * {@inheritDoc}
    *
-   * At the moment, no special configuration is needed.
+   * Configure an instance of {@link JdbcUsersConnection} as persistent
+   * store of user/connection-mappings.
+   * <p>
+   * The app-secret is reused as password for the encryption of the data.
+   * The salt can be changed in the <code>pom.xml</code>
+   * <p>
+   * This does only work, if you have the Java Crypto Extension (JCE) in
+   * full strength version, since Spring Security is using a 256-bit key.
    *
-   * @param connectionFactoryLocator
-   *     The {@link ConnectionFactoryLocator} will be injected by Spring.
-   * @return
-   *     The configured {@link UsersConnectionRepository}.
+   * @see http://stackoverflow.com/a/17637354
    */
   @Override
   public UsersConnectionRepository getUsersConnectionRepository(
       ConnectionFactoryLocator connectionFactoryLocator
       )
   {
-    InMemoryUsersConnectionRepository repository =
-        new InMemoryUsersConnectionRepository(connectionFactoryLocator);
+    JdbcUsersConnectionRepository repository =
+        new JdbcUsersConnectionRepository(
+            dataSource,
+            connectionFactoryLocator,
+            Encryptors.noOpText()
+            );
     repository.setConnectionSignUp(connectionSignUp);
     return repository;
   }
@@ -101,7 +113,7 @@ public class SocialConfig extends SocialConfigurerAdapter
   @Override
   public UserIdSource getUserIdSource()
   {
-    return new SecurityContextUserIdSource();
+    return new SpringSecurityContextUserIdSource();
   }