春天Facebook登錄：註冊重定向

Question

方案1 當與Facebook登錄到我的webapp

如果瀏覽器已經登錄到Facebook，並

如果用戶的社交驗證細節已註冊我的Web應用程序，

那麼當用戶點擊「登錄與Facebook」在我的web應用程序，

他/她被Facebook授權和 授權對象返回b y

Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 

是指定用戶。

一切都很好。

---

方案2 如果瀏覽器沒有登錄到Facebook上，但

用戶的社交驗證細節在我的web應用程序已經註冊，

那麼當用戶點擊「登錄與Facebook 「在我的webapp上，

用戶通過輸入用戶名和密碼登錄Facebook但是

的授權對象由

Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 

返回被授權爲匿名，並命名爲anonymousUser。

此外，從Facebook的授權後調用的是/註冊

不過，我同一註冊用戶預計在方案1

我的安全配置如下。任何人都可以給我提示，問題可能是什麼？

<beans xmlns="http://www.springframework.org/schema/beans" 
 
     xmlns:security="http://www.springframework.org/schema/security" 
 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
 
        http://www.springframework.org/schema/beans/spring-beans.xsd 
 
        http://www.springframework.org/schema/security 
 
        http://www.springframework.org/schema/security/spring-security.xsd"> 
 

 
\t <security:http use-expressions="true" entry-point-ref="appAuthenticationEntryPoint"> 
 

 
\t \t <security:intercept-url pattern="/login" access="permitAll()" /> 
 
\t \t <security:intercept-url pattern="/flow-entry.html" access="permitAll()"/> 
 
\t \t <security:intercept-url pattern="/flow-jobpostdata.html" access="permitAll()"/> 
 
\t \t <security:intercept-url pattern="/flow-jobpostdata_anydegree.html" access="permitAll()"/> 
 
\t \t <security:intercept-url pattern="/j_spring_security_check" access="permitAll()"/> \t 
 
    <!-- Adds social authentication filter to the Spring Security filter chain. --> 
 
     <security:custom-filter before="PRE_AUTH_FILTER" ref="socialAuthenticationFilter"/> 
 
     <security:custom-filter position="FORM_LOGIN_FILTER" ref="SecurityAuthFilter"/> 
 
\t </security:http> 
 

 
<!-- authentication manager and its provider(social provider deals with social login & local user provider deals with form login) --> 
 
    <security:authentication-manager alias="authenticationManager"> 
 
    
 
     <security:authentication-provider ref="socialAuthenticationProvider"/> 
 
     <security:authentication-provider user-service-ref="localUserDetailService"/> 
 
    </security:authentication-manager> 
 
    
 

 
    
 

 
\t <bean id="customAuthenticationProvider" class="com.ikoda.service.loginservices.CustomAuthenticationProvider"> 
 
\t \t \t <property name="auService" ref="auService" /> 
 
\t </bean> 
 

 
    <bean id="socialAuthenticationProvider" class="org.springframework.social.security.SocialAuthenticationProvider"> 
 
     <constructor-arg ref="inMemoryUsersConnectionRepository"/> 
 
     <constructor-arg ref="socialUserDetailService"/> 
 
    </bean> 
 

 
    <!-- form login beans --> 
 
    
 
    
 

 
     
 
     
 
    <bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> 
 
    </bean> 
 
     
 
    <bean id="appAuthenticationEntryPoint" 
 
      class="com.ikoda.service.loginservices.AppAuthenticationEntryPoint"> 
 
     <constructor-arg name="loginFormUrl" value="/login"/> 
 
    </bean> 
 
    
 
    <bean id="rememberMeServices" 
 
      class="org.springframework.security.web.authentication.NullRememberMeServices"/> 
 

 
    <bean id="failureHandler" 
 
      class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 
 
     <constructor-arg name="defaultFailureUrl" value="/login?error=true"/> 
 
    </bean> 
 
    
 
    
 

 

 
    
 
    <bean class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" 
 
      id="SecurityAuthFilter"> 
 
     <property name="authenticationManager" ref="authenticationManager"/> 
 
     <property name="authenticationSuccessHandler" ref="successHandler"/> 
 
     <property name="authenticationFailureHandler" ref="failureHandler"/> 
 
     <property name="filterProcessesUrl" value="/j_spring_security_check"/> 
 
     <property name="rememberMeServices" ref="rememberMeServices"/> 
 
    </bean> 
 

 
    <!-- social login filter which is a pre authentication filter and works for /auth service url --> 
 
    <bean id="socialAuthenticationFilter" class="org.springframework.social.security.SocialAuthenticationFilter"> 
 
     <constructor-arg name="authManager" ref="authenticationManager"/> 
 
     <constructor-arg name="userIdSource" ref="userIdSource"/> 
 
     <constructor-arg name="usersConnectionRepository" ref="inMemoryUsersConnectionRepository"/> 
 
     <constructor-arg name="authServiceLocator" ref="appSocialAuthenticationServiceRegistry"/> 
 
     <property name="authenticationSuccessHandler" ref="successHandler"/> 
 
    </bean> 
 

 

 
    <!-- inmemory connection repository which holds connection repository per local user --> 
 
    <bean id="inMemoryUsersConnectionRepository" 
 
      class="org.springframework.social.connect.mem.InMemoryUsersConnectionRepository"> 
 
     <constructor-arg name="connectionFactoryLocator" ref="appSocialAuthenticationServiceRegistry"/> 
 
     <property name="connectionSignUp" ref="connectionSignUp"/> 
 
    </bean> 
 

 
    <!-- service registry will holds connection factory of each social provider--> 
 
    <bean id="appSocialAuthenticationServiceRegistry" 
 
      class="com.ikoda.service.loginservices.AppSocialAuthenticationServiceRegistry"> 
 
     <constructor-arg> 
 
      <list> 
 
       <ref bean="facebookAuthenticationService"/> 
 
       <ref bean="googleAuthenticationService"/> 
 
      </list> 
 
     </constructor-arg> 
 
    </bean> 
 

 
    <bean id="facebookAuthenticationService" 
 
      class="org.springframework.social.facebook.security.FacebookAuthenticationService"> 
 
     <constructor-arg name="apiKey" value="11111"/> 
 
     <constructor-arg name="appSecret" value="11111"/> 
 
    </bean> 
 

 
    <bean id="googleAuthenticationService" 
 
      class="org.springframework.social.google.security.GoogleAuthenticationService"> 
 
     <constructor-arg name="apiKey" value="111-lpmhcmuj1577bd6god0696g4u2g16c1i.apps.googleusercontent.com"/> 
 
     <constructor-arg name="appSecret" value="111-111-"/> 
 
    </bean> 
 
    
 

 
    <bean id="userIdSource" class="org.springframework.social.security.AuthenticationNameUserIdSource"/> 
 

 
    <!-- If no local user is associated to a social connection then connection sign up will create a new local user and map it to social user --> 
 
    <bean id="connectionSignUp" class="com.ikoda.service.loginservices.AppConnectionSignUp"/> 
 

 
</beans>

Answer 1

重定向到註冊是春季社會的預期行爲。關鍵是如何管理行爲。

解決此問題的一種方法是通過在控制器註冊方法中驗證社交登錄。要做到這一點，需要訪問社交連接。您可以通過在控制器中自動裝配ProviderSignInUtils來完成此操作。

注意AppConnectionSignUP是org.springframework.social.connect的一些實現。ConnectionSignUp

Connection<?> connection = providerSignInUtils.getConnectionFromSession(webRequest); 
     if (null != connection) 
     { 

      String userIdString = appConnectionSignUp.execute(connection); 
     } 

另一種方式來解決這個問題是要實現自己的ConnectionSignUp

<bean id="connectionSignUp" class="com.ikoda.service.loginservices.AppConnectionSignUp"/>

和參考，在您UsersConnectionRepository

 <bean id="jdbcUsersConnectionRepository" 
 
       class="org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository"> 
 
      <constructor-arg ref="dataSource" /> 
 
      <constructor-arg ref="appSocialAuthenticationServiceRegistry" /> 
 
      <constructor-arg ref="textEncryptor" /> 
 
      <property name="connectionSignUp" ref="connectionSignUp"/> 
 
     </bean>

如果採取這種方法，則社交登錄將繞過Controller/signUp並直接調用connectionSignUP bean的execute方法。

同時，在上面的問題中，inMemoryUsersConnectionRepository是不明智的。我切換到jdbcUsersConnectionRepository。