stackoom
  简体   繁体   中英

Adding new Spring Social connections to the same user

 原文  2017-03-07 19:04:10       java/ spring/ spring-mvc/ spring-security/ spring-social

Question

I am using Spring Social along with Spring Boot and Spring Security. I use Spring Social to provide authentication into our web service. This is done using the SocialAuthenticationFilter approach.

I am trying to support the ability to have a single user (ie. org.springframework.security.core.userdetails.UserDetails ) have multiple Spring Social connections. This way a user could sign in with either his Google credentials or Facebook credentials.

If I go directly into my database I can make this configuration. Then I can sign into the same Spring Security account for different Spring Social connections. The problem is the point at which a user adds the new connection. I'll give a sample of what I'm doing with the assumption that I'm signed in via a Google account and want to add Facebook.

I log in via Google. Then if I load either my Spring Security formLogin().loginPage() or go straight to auth/facebook (the standard Spring Social Facebook login URL), I can perform Facebook authentication. But, the result is that my current Authentication object (from SecurityContextHolder.getContext().getAuthentication() ) is an anonymous authentication user. This does make sense because I just logged in using Facebook. But at the same time I'd like to know that I'm logged in so that I could ask the user about connecting the accounts and setup the database.

How can I provide the ability to let an authenticated user add a new social account to his user account? Also, I'm not tied to a particular workflow for adding new connections; the above was just my first set of experiments.

  • Spring Social 1.1.4
  • Spring Boot 1.3.8
  • Spring Security & MVC - as specified by Spring Boot 1.3.8

Update

From Jerome's suggestion I extracted the security filter chain from Spring Security debugging: 

Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CsrfFilter
  LogoutFilter
  SocialAuthenticationFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]

1 answers

solution1
 0  2017-03-07 20:22:14

This is probably not an issue with Spring Social, but rather with Spring Security. If you get an anonymous user logged in, then it means that AnonymousAuthenticationFilter is kicking in before yours, or SocialAuthenticationFilter .

Switch spring security to debug: 

@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Override
  public void configure(WebSecurity web) throws Exception {
    web.debug(true);
  }
}

And check which filters are involved. I'm pretty sure you have the anonymous filter which kicks in for undesired paths.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Social for Facebook - get user location spring social connectivity with Facebook and accessing user data Getting Exception while adding new User in Spring Security Spring and MySQL connections (keeps creating new connections instead using sleeping connections) Spring Social & JPA - Having two datasources pointing to the same database Find out if a fb user is app admin in spring social/java Get facebook user cover photo via spring-social-facebook Spring Social LinkedIn: Is there an api available to retrieve user's projects? Adding new Aspects to Spring PetClinic Adding new users in Spring Security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM