From 2050f0ba66eda0003559b4f4b13aabf31ade350e Mon Sep 17 00:00:00 2001 From: Kai Moritz Date: Fri, 22 Jan 2016 11:08:05 +0100 Subject: [PATCH] Authentication through the canvas-attribute signed_request --- keystore | Bin 0 -> 2067 bytes pom.xml | 10 +++++++ .../de/juplo/yourshouter/SocialConfig.java | 28 ++++++++++++++++++ .../yourshouter/UserCookieInterceptor.java | 4 ++- src/main/resources/application.properties | 5 ++++ 5 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 keystore diff --git a/keystore b/keystore new file mode 100644 index 0000000000000000000000000000000000000000..75b82ef2c073f6a2f428eb9066f866095e48c764 GIT binary patch literal 2067 zcmV+u2<-R%?f&fm0006200031000311!`q?9_|ZBbcs4dgSLwQDd-C@FJ^#vUpw!4~HC*6)PsvC!tmMNANtFOvAN9l&r6Cl8VO zrx7fD1>RT`vg0NzYjT!$==?^-sXXXBwH}*Ots=}(z15+{YG}u{YV7?g6+5qv3qf;r zx<(Lp^w77*z*59$b3re5#}qX$#ui*n10cC_7+c71^3H#I1BHWaRRp*Wkh zsDU>Of$2U9e(cxwl8}vw7*;_A z!~}F@bmy6YGPNO_4SL4^Hm70eV7|)UuKpVUEO6?0_01 zvmgC}@47K1HL3X-(~h5lM8<$t3vK``2-pU5SZ%~lk{7ag__hS`QLzh7+PUc2+RZ)q z6v)!gM80BRgjkW)A@_YAon#ym*GyzBCHbea?qVthGpl=%&(+8p`i(#6JaB*4#)UFZ z>6#Nitv{W83`meyA&l&Dbate*GMOY(cN^8LKV0PcBhvfhpjH5~cDbYlJBzZ=WyV82-HvLJ;r2bR0=q6j7( zflFyh{y6R2EIuD@oI+|I+X>~g=CvSnhQ+ZYNfoGPi;gMio>t+`#O9jy!2JW=?Vm;e zLrH}YKSX}Ml5IIy_U+m6Tx*3qPo&Z^zzBntx-&Ca@{^0;3wdP4>?iP9EC@z0q7Qc1 z)60CL%&jt`@2z77gE3)k9}(q#@+?za6BZ3KwscSs-{QU6z7Mk_*dgdHAjh+^ zOCt{=oCZVfb?Ii+Vvc=!Fd)8oqt)>g9$m6RN68dN8-idADpzN1ygnLUm3X6F2oP8w z(h95^A>sWUAI2L`I^m%#!H2S`-locJ|3)pW21hi!?Gh?dO(wwKt{2UTGep?vovhWh zg0+2wep%~$GsbTEltscYw$CgLT4jg&u~m$!*KXlc@$it;k>5rLm0fn_fy+)P!YaaW zs0DSou;$?royCwYD4Dj%5*aF8y&9aTv;01OvWcENS7GK<=Ti3ECuhp+w`gK091$FC z`70$6ifm*+htYshjUt?)z?lg@c&kA40000100mesH842<00PS}f&#}df&s6f0|Eg8 z0t7$Jqhl})1_>&LNQU9R>qc9S#H*1Qh@NA}eT=+u%hg zZ>y9>sEj@i9s)281_>&LNQU(1yI-;kp>px> zWGdMD!cjpoRqM|*f+@87U?J-BVZ4Q(T0NIl+R}T{&l*wHjNUw?cq>t#J zJ2@B?rr{bun1x`I;H3(=Kp8z3*ke0&lEGZ)(7!eAV*BwN6gbWS<{@bGP17 xzG-uRQ>rF^#Cvtj3ljJTYiG-W0GPFuAcnmeK>J9=`S3;l+}$C`3?imaT1@V9x()yU literal 0 HcmV?d00001 diff --git a/pom.xml b/pom.xml index c025b24..73ce372 100644 --- a/pom.xml +++ b/pom.xml @@ -28,6 +28,7 @@ NOT_SET NOT_SET + NOT_SET @@ -43,6 +44,15 @@ org.slf4j slf4j-api + + org.springframework.social + spring-social-facebook-web + + + org.springframework.security + spring-security-crypto + runtime + diff --git a/src/main/java/de/juplo/yourshouter/SocialConfig.java b/src/main/java/de/juplo/yourshouter/SocialConfig.java index ff69151..fc136ad 100644 --- a/src/main/java/de/juplo/yourshouter/SocialConfig.java +++ b/src/main/java/de/juplo/yourshouter/SocialConfig.java @@ -21,6 +21,7 @@ import org.springframework.social.connect.web.ProviderSignInController; import org.springframework.social.connect.web.SignInAdapter; import org.springframework.social.facebook.api.Facebook; import org.springframework.social.facebook.connect.FacebookConnectionFactory; +import org.springframework.social.facebook.web.CanvasSignInController; /** @@ -141,6 +142,33 @@ public class SocialConfig extends SocialConfigurerAdapter return controller; } + /** + * Configure the {@link CanvasSignInController} to enable sign-in through + * the signed_request, that Facebook sends to the canvas-page. + * + * @param factoryLocator The {@link ConnectionFactoryLocator} will be injected by Spring. + * @param repository The {@link UserConnectionRepository} will be injected by Spring. + * @param env The {@link Environment}, to read additional parameters from. + * @return The configured {@link CanvasSignInController} + */ + @Bean + public CanvasSignInController canvasSignInController( + ConnectionFactoryLocator factoryLocator, + UsersConnectionRepository repository, + Environment env + ) + { + return + new CanvasSignInController( + factoryLocator, + repository, + new UserCookieSignInAdapter(), + env.getProperty("facebook.app.id"), + env.getProperty("facebook.app.secret"), + env.getProperty("facebook.app.canvas") + ); + } + /** * Configure a scoped bean named facebook, that enables * access to the Graph-API in the name of the current user. diff --git a/src/main/java/de/juplo/yourshouter/UserCookieInterceptor.java b/src/main/java/de/juplo/yourshouter/UserCookieInterceptor.java index c72ef41..1b00e09 100644 --- a/src/main/java/de/juplo/yourshouter/UserCookieInterceptor.java +++ b/src/main/java/de/juplo/yourshouter/UserCookieInterceptor.java @@ -3,6 +3,7 @@ package de.juplo.yourshouter; import java.io.IOException; import java.util.Collections; +import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; @@ -21,6 +22,7 @@ public final class UserCookieInterceptor extends HandlerInterceptorAdapter { private final static Logger LOG = LoggerFactory.getLogger(UserCookieInterceptor.class); + private final static Pattern PATTERN = Pattern.compile("^/signin|canvas"); private final UsersConnectionRepository repository; @@ -66,7 +68,7 @@ public final class UserCookieInterceptor extends HandlerInterceptorAdapter throws IOException { - if (request.getServletPath().startsWith("/signin")) + if (PATTERN.matcher(request.getServletPath()).find()) return true; String user = UserCookieGenerator.INSTANCE.readCookieValue(request); diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 21463c2..46ade25 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,10 @@ facebook.app.id=@facebook.app.id@ facebook.app.secret=@facebook.app.secret@ +facebook.app.canvas=@facebook.app.canvas@ + +server.port: 8443 +server.ssl.key-store: keystore +server.ssl.key-store-password: secret spring.thymeleaf.prefix=/thymeleaf/ spring.thymeleaf.cache=false -- 2.20.1