Spring Security: Multiple Logins to the same resources: Form Login + Facebook Connect (uid, sessionKey)

To begin I know about

http://blog.kadirpekel.com/2009/11/09/facebook-connect-integration-with-spring-security/

The only problem is that it completely replaces the Form Login with Facebook Connect.

I have the native form login in place,

I also have Facebook Connect in place, Upon gathering user information I link it to a native account but without a password.

At that point I would like to call a link or method to start process of going into the Spring Security Filter Chain.

Here is the source code that works, but am trying to modify. It contains all the files I'm taking about.

Now from what I understand I need to add a custom FacebookAuthenticationProvider so that my AuthenticationManager knows about it.

<bean id="facebookAuthenticationProvider" class="org.springframework.security.facebook.FacebookAuthenticationProvider">
<开发者_开发问答/bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="facebookAuthenticationProvider" />
</security:authentication-manager>

Then within the FacebookAuthenticationProvider I would have to call an FacebookAuthenticationToken that would take my the current facebook Uid and SessionKey of the user.

Then try authenticate this Token.

So where does the FacebookAuthenticationFilter come into it?

I'm just trying to understand the order at which these 3 files are called. As if you were trying to implement any other custom authentication.

FacebookAuthenticationFilter.java   
FacebookAuthenticationProvider.java     
FacebookAuthenticationToken.java    

I have also posted this on the Spring Security Forum

I've written an article about multiple authentication providers with spring security (so e.g. one form login, one facebook login and one login with open-id). Hope that helps: http://thoean.com/programming/java/multiple-authentication-provider-with-spring-security/

May be this is useful for you... I am using aop to secure my service methods and ldapAuthenticationProvider, however behavior was same with dbAuthenticationProvider too. I observed that calling SecurityContextHolder.getContext().getAuthentication().getPrincipal() before invoking a secure method always return null but once a secure method is invoked it gets populated properly. This was with Spring security 3.0.5.RELEASE.