Spring Security 2.0 Facebook Connect
I´m trying to implement Facebook login to our Spring Framework 2.5 based application which has usual login/password authentication already.
I got to this part of code in my controller where i have user´s Facebook data in userFb object:
String code = request.getParameter("code");
String accessToken = fbStuffKeeper.retrieveAccessToken(code);
facebookClient = new DefaultFacebookClient(accessToken);
User userFb = facebookClient.fetchObject("me", User.class);
I can check if user is already in DB and if not I am able to store him in a DB and store his FB_uid开发者_开发百科 and other necessary credentials. Problem is that I want to login this user after some condition if he is already authorized to system. My current authentication manager decides by this rule:
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username, password, confirmed, 1 AS enabled FROM person WHERE confirmed=1 and username=?"
authorities-by-username-query="select username, authority from person where username=?"/>
<password-encoder hash="md5"/>
</authentication-provider>
So my question is: How do I login user found in DB who tries to connect using Facebook? Another authentication provider? Is there any way to do his login using some similar code as is mine mentioned one?
Thank you very much.
***EDIT: Thank you very much. It looks it might help. I have now one user in DB which I want to login. I made this code in the controller:
User userFb = facebookClient.fetchObject("me", User.class);
Person person = personDao.getPersonByFbUid(userFb.getId());
GrantedAuthority[] grantedAuthorities = new GrantedAuthorityImpl[1];
grantedAuthorities[0] = new GrantedAuthorityImpl(person.getAuthority());
Authentication a = new FacebookAuthenticationToken(grantedAuthorities, person);
a.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(a);
I also created FacebookAuthenticationToken:
public class FacebookAuthenticationToken extends AbstractAuthenticationToken {
private Person person;
public FacebookAuthenticationToken(GrantedAuthority[] authorities, Person person) {
super(authorities);
this.person = person;
}
public Object getCredentials() {
return person;
}
public Object getPrincipal() {
this.person;
} /* + Person getter and setter */
And all works fine now. Thank you once more for your help.
One possible way is following. Although it may not be perfect, but it works well.
Create a FacebookAuthenticationToken
class, that extends AbstractAuthenticationToken
and holds your facebook user object (assuming it to be FacebookUser
).
After your code you mentioned above, append the following code right after it into the same controller:
String code = request.getParameter("code");
String accessToken = fbStuffKeeper.retrieveAccessToken(code);
facebookClient = new DefaultFacebookClient(accessToken);
User userFb = facebookClient.fetchObject("me", User.class);
// Find FacebookUser with current FB_uid, create new if found none, load its information in an instance of FacebookUser
Authentication a = new FacebookAuthenticationToken(fbUserObject);
a.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(a);
// your authentication is complete, redirect to some other page
精彩评论