0

My application exposes a REST API for services and uses SpringSecurity to manage login at the private services. With custom signup and login I don't have any kind of problem, but now I try to implement login/signup with Facebook or Twitter, and I don't know how to do this.

Has anyone had the same problem and solved it?

I tried to use a custom password "very long" for every Facebook and Twitter account but that didn't work.

UPDATE

I try your solution, but get an error. This is my code 

public UserDetails loadUserByUsername(String mail) throws UsernameNotFoundException {
        ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
        if (ConstantPWCabinet.SOCIAL_LOGIN_FACEBOOK.equalsIgnoreCase(attr.getRequest().getParameter(ConstantPWCabinet.LOGIN_TYPE))) {
            User facebookInfo = dao.getFacebookInfo(new FacebookTemplate(attr.getRequest().getParameter(ConstantPWCabinet.FACEBOOK_TOKEN)));
            List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
            authorities.add(new SimpleGrantedAuthority(Role.ROLE_USER_FACEBOOK.toString()));
            org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(facebookInfo.getEmail(), null, authorities);
            Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
            SecurityContextHolder.getContext().setAuthentication(auth);

            return user;

        }

        logger.debug("Mail di accesso: " + mail);
        User user = dao.getUserSelectedMail(mail);
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        String role = user.getRole().toString();
        if (StringUtils.isEmpty(role))
            authorities.add(new SimpleGrantedAuthority(Role.ROLE_USER.toString()));
        else
            authorities.add(new SimpleGrantedAuthority(role));
        return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), authorities);
    }

But i get and "Bad credential" and no get login.

Zaknafein
  • 398
  • 1
  • 3
  • 16
  • Have you gone through [the Spring Social documentation](http://projects.spring.io/spring-social/) and examples? Providing an example of your setup/code may increase your chances of receiving a helpful response. – eebbesen Jan 27 '15 at 14:48
  • i don't have problem to recover info from social. My problem is authentication with social. How i make login if i don't have password? ok i use token, but what's the corresponding of j_spring_security_check? And how i write the method 'public UserDetails loadUserByUsername(String mail) throws UsernameNotFoundException' – Zaknafein Jan 27 '15 at 15:00

1 Answers1

3
  1. You have an AuthenticationFilter that listens to url j_spring_security_check
  2. Filter creates an authentication object and sends to Authentication Provider.
  3. AuthenticationProvider calls UserDetailsService to load user by username and authenticate the user.
  4. Filter then checks the authentication object returned by the provider and sends request to success/failure handler.

When you do it through social medium, your user is authenticated by an external source, so you do not need to authenticate user at your end.

You can simple do

// Authenticate the user

UserDetails user = userDetailsService.loadUserByUsername(username);
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);

This will authenticate the user without password.

Ekansh Rastogi
  • 2,418
  • 2
  • 14
  • 23