0

I am relatively new to Spring security and Spring social. I am trying to implement a mixed authentication with either standard Spring Security or Spring social Facebook.

Thus, a user can authenticate:

  • either with a standard Spring security login form as follows:

Snippet from my Thymeleaf template:

<form name="f" th:action="@{/resources/j_spring_security_check}" method="POST">
        <input id="j_username" type='text' name='j_username'/><br /> 
        <input id="j_password" type='password' name='j_password'/><br /> 
        <input id="proceed" type="submit" value="login" />
</form>

This works ok, insomuch as if a user sends a request to a protected resource e.g. www.example.com/memberArea/editMyProfile protected by the following intercept-url:

<intercept-url pattern="/memberArea/**" access="hasRole('ROLE_USER')" />

the user is redirected to the login form and upon a successful login, the user is eventually redirected to the protected resource i.e. www.example.com/memberArea/editMyProfile

  • Or the user can choose Spring Social Facebook and authenticate/login with a link like this:

Snippet from my Thymeleaf template:

<a th:href="@{'https://www.facebook.com/dialog/oauth/?client_id=414113641982512&amp;redirect_uri=http://www.example.com/&amp;state=UNIQUE&amp;scope=read_stream'}">Login with facebook</a>

in which case the user is of course redirected to www.example.com and not www.example.com/memberArea/editMyProfile

My question is then, how - still using Spring security and Spring Social Facebook - can I somehow retrieve the requested URL (here www.example.com/memberArea/editMyProfile) and eventually redirect the user to this URL?

balteo
  • 23,602
  • 63
  • 219
  • 412

1 Answers1

2

Can you help me understand how what you're trying to do differs from how Spring Social's ProviderSignInController works? Specifically, if you look at the Spring Social Showcase (https://github.com/SpringSource/spring-social-samples/tree/master/spring-social-showcase) or the Spring Social Quickstart (https://github.com/SpringSource/spring-social-samples/tree/master/spring-social-quickstart) example, they both use ProviderSignInController to authenticate a user via Facebook.

In the showcase example, the authentication done by comparing the user's FB info against a previously established connection. In the quickstart example, it is done by "implicit authentication" where there is no app-specific authentication and instead the Facebook authorization serves as sufficient for application authentication. From what I understand, you're trying to do the same style as showcase, but I could be misunderstanding what you're trying to do.

BTW, feel free to continue the discussion here at StackOverflow, but I encourage you to ask your Spring Social questions at the Spring Social forum (http://forum.springsource.org/forumdisplay.php?82-Social), as I monitor that forum almost everyday, but only visit SO every week or so (if that often).

Craig Walls
  • 2,080
  • 1
  • 12
  • 13
  • Hi and thank you Craig, I have just git cloned, built and run the spring-social-showcase and it has just the behavior I expect. I'll explore the functionalities and post to Spring Social Forum if I have further questions. Thanks again for taking the time to reply! – balteo Sep 16 '12 at 14:19