Authentication through the canvas-attribute signed_request

diff --git a/keystore b/keystore
new file mode 100644 (file)
index 0000000..75b82ef
Binary files /dev/null and b/keystore differ

diff --git a/pom.xml b/pom.xml
index c025b24..73ce372 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -28,6 +28,7 @@
     <!-- settings for the Graph-API -->
     <facebook.app.id>NOT_SET</facebook.app.id>
     <facebook.app.secret>NOT_SET</facebook.app.secret>
     <!-- settings for the Graph-API -->
     <facebook.app.id>NOT_SET</facebook.app.id>
     <facebook.app.secret>NOT_SET</facebook.app.secret>

+    <facebook.app.canvas>NOT_SET</facebook.app.canvas>

   </properties>
 
   <dependencies>
   </properties>
 
   <dependencies>


@@ -43,6 +44,15 @@
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
     </dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
     </dependency>

+    <dependency>
+      <groupId>org.springframework.social</groupId>
+      <artifactId>spring-social-facebook-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-crypto</artifactId>
+      <scope>runtime</scope>
+    </dependency>

   </dependencies>
 
   <build>
   </dependencies>
 
   <build>

diff --git a/src/main/java/de/juplo/yourshouter/SocialConfig.java b/src/main/java/de/juplo/yourshouter/SocialConfig.java
index ff69151..fc136ad 100644 (file)
--- a/src/main/java/de/juplo/yourshouter/SocialConfig.java
+++ b/src/main/java/de/juplo/yourshouter/SocialConfig.java
@@ -21,6 +21,7 @@ import org.springframework.social.connect.web.ProviderSignInController;
 import org.springframework.social.connect.web.SignInAdapter;
 import org.springframework.social.facebook.api.Facebook;
 import org.springframework.social.facebook.connect.FacebookConnectionFactory;
 import org.springframework.social.connect.web.SignInAdapter;
 import org.springframework.social.facebook.api.Facebook;
 import org.springframework.social.facebook.connect.FacebookConnectionFactory;

+import org.springframework.social.facebook.web.CanvasSignInController;

 
 
 /**
 
 
 /**


@@ -141,6 +142,33 @@ public class SocialConfig extends SocialConfigurerAdapter
     return controller;
   }
 
     return controller;
   }
 

+  /**
+   * Configure the {@link CanvasSignInController} to enable sign-in through
+   * the <code>signed_request</code>, that Facebook sends to the canvas-page.
+   *
+   * @param factoryLocator The {@link ConnectionFactoryLocator} will be injected by Spring.
+   * @param repository The {@link UserConnectionRepository} will be injected by Spring.
+   * @param env The {@link Environment}, to read additional parameters from.
+   * @return The configured {@link CanvasSignInController}
+   */
+  @Bean
+  public CanvasSignInController canvasSignInController(
+      ConnectionFactoryLocator factoryLocator,
+      UsersConnectionRepository repository,
+      Environment env
+      )
+  {
+    return
+        new CanvasSignInController(
+            factoryLocator,
+            repository,
+            new UserCookieSignInAdapter(),
+            env.getProperty("facebook.app.id"),
+            env.getProperty("facebook.app.secret"),
+            env.getProperty("facebook.app.canvas")
+            );
+  }
+

   /**
    * Configure a scoped bean named <code>facebook</code>, that enables
    * access to the Graph-API in the name of the current user.
   /**
    * Configure a scoped bean named <code>facebook</code>, that enables
    * access to the Graph-API in the name of the current user.

diff --git a/src/main/java/de/juplo/yourshouter/UserCookieInterceptor.java b/src/main/java/de/juplo/yourshouter/UserCookieInterceptor.java
index c72ef41..1b00e09 100644 (file)
--- a/src/main/java/de/juplo/yourshouter/UserCookieInterceptor.java
+++ b/src/main/java/de/juplo/yourshouter/UserCookieInterceptor.java
@@ -3,6 +3,7 @@ package de.juplo.yourshouter;
 
 import java.io.IOException;
 import java.util.Collections;
 
 import java.io.IOException;
 import java.util.Collections;

+import java.util.regex.Pattern;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.slf4j.Logger;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.slf4j.Logger;


@@ -21,6 +22,7 @@ public final class UserCookieInterceptor extends HandlerInterceptorAdapter
 {
   private final static Logger LOG =
       LoggerFactory.getLogger(UserCookieInterceptor.class);
 {
   private final static Logger LOG =
       LoggerFactory.getLogger(UserCookieInterceptor.class);

+  private final static Pattern PATTERN = Pattern.compile("^/signin|canvas");

 
 
   private final UsersConnectionRepository repository;
 
 
   private final UsersConnectionRepository repository;


@@ -66,7 +68,7 @@ public final class UserCookieInterceptor extends HandlerInterceptorAdapter
       throws
         IOException
   {
       throws
         IOException
   {

-    if (request.getServletPath().startsWith("/signin"))
+    if (PATTERN.matcher(request.getServletPath()).find())

       return true;
 
     String user = UserCookieGenerator.INSTANCE.readCookieValue(request);
       return true;
 
     String user = UserCookieGenerator.INSTANCE.readCookieValue(request);

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 21463c2..46ade25 100644 (file)
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,5 +1,10 @@
 facebook.app.id=@facebook.app.id@
 facebook.app.secret=@facebook.app.secret@
 facebook.app.id=@facebook.app.id@
 facebook.app.secret=@facebook.app.secret@

+facebook.app.canvas=@facebook.app.canvas@
+
+server.port: 8443
+server.ssl.key-store: keystore
+server.ssl.key-store-password: secret

 
 spring.thymeleaf.prefix=/thymeleaf/
 spring.thymeleaf.cache=false
 
 spring.thymeleaf.prefix=/thymeleaf/
 spring.thymeleaf.cache=false