1

I've been trying to integrate spring-social into our app and am having some difficulty understanding the workflow with regards to who should be setting the access token in the security context. I am using spring-social 1.1.4 libs and spring-social-twitter 1.1.2.RELEASE. I've added social sign in to Twitter using the SpringSocialConfigurer and am able to hit my /auth/twitter API to trigger the OAuth1 flow to get a request token, redirect to Twitter to log in, and then obtain an access token with my authenticated request token. Once I have the request token, I was expecting my Twitter connection to get persisted to my UserConnection table. However, that is not happening, but instead, I am getting redirected to the /signup URL. Upon inspection of the code in SocialAuthenticationFilter, I see: enter image description here

where line 201 returns null, thus, triggering line 206 to redirect to the /signup URL. I would have expected my Authentication to have been set to the SocialAuthenticationToken. Am I misunderstanding the flow here which should happen? Not sure if this is any assistance, but the existing spring-security filter chain which I hooked the SpringSocialConfigurer into is as follows:

SpringSocialConfigurer springSocialConfigurer = new SpringSocialConfigurer()
    .connectionAddedRedirectUrl("/connectionAdded")
    .postLoginUrl("/postLogin")
    //.postLoginUrl("/")
    .signupUrl("/signup")
    .defaultFailureUrl("/#/login")
    .alwaysUsePostLoginUrl(true);
springSocialConfigurer
    .addObjectPostProcessor(new ObjectPostProcessor<SocialAuthenticationFilter>() {
      @Override
      public <O extends SocialAuthenticationFilter> O postProcess(O filter) {
        //filter.setAuthenticationSuccessHandler(loginSuccessHandler);
        System.out.println(filter.getClass().getName());
        return filter;
      }
    });

http.csrf()
    .disable()
    .headers()
    .frameOptions()
    .disable()
    .and()
    .sessionManagement()
    .sessionFixation()
    .none()
    .enableSessionUrlRewriting(false)
    .and()
    .formLogin()
    .permitAll()
    .successHandler(successHandler)
    .failureHandler(failureHandler)
    .loginPage("/login")
    .loginProcessingUrl("/login_post.htm")
    .and()
    .authorizeRequests()
    .antMatchers("/account/wishlist/**", "/account/**", "/auth/**")
    .access("isAuthenticated()")
    .and()
    .requiresChannel()
    .antMatchers("/", "/**")
    .requiresSecure()
    .and()
    .logout()
    .invalidateHttpSession(true)
    .deleteCookies("ActiveID")
    .logoutUrl("/logout")
    .and()
    .portMapper()
    .http(80)
    .mapsTo(443)
    .http(8080)
    .mapsTo(8443)
    .http(8081)
    .mapsTo(8444)
    .http(8082)
    .mapsTo(8445)
    .and()
      .addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class)
      .addFilterBefore(sessionFixationProtectionFilter, SessionManagementFilter.class)
      .rememberMe()
      .tokenValiditySeconds(1209600)
    .and()
      .apply(springSocialConfigurer);
braaterAfrikaaner
  • 1,072
  • 10
  • 20
TradeMore Dev
  • 11
  • 1

0 Answers0