Is it possible to have a remember me functionality with Facebook and Twitter login using Spring social?
I'm using Spring Social 1.0.0.RC2 and Spring Security 3.0.5.RELEASE.
Thanks
Printable View
Is it possible to have a remember me functionality with Facebook and Twitter login using Spring social?
I'm using Spring Social 1.0.0.RC2 and Spring Security 3.0.5.RELEASE.
Thanks
I solved this by making my own signin controller and calling the loginSuccess method of the TokenBasedRememberMeServices class.
Cool. I wonder, could you reuse the existing ProviderSignInController and plug in a custom SignInAdapter that did this additional RememberMe work? Just wondering if that would also work for you.
I thought about this method but it appeared it would not work because the SignInAdapter interface has the following signature for the signIn method: String signIn(String userId, Connection<?> connection, NativeWebRequest request);Quote:
Originally Posted by Keith Donald
onLoginSuccess of TokenBasedRememberMeServices requires a HttpServletRequest request and HttpServletResponse response and I'm not sure how those fields can be passed down to the adapter method.
Signature of onLoginSuccess: public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)
If I missed something obvious please let me know.
NativeWebRequest provides access to the Native HttpServletRequest and HttpServletResponse. Check the API JavaDocs for details. Quickstart I believe also shows this.
Let me know if it in fact works out for you b/c our SignInController should be flexible enough to support cases like this.
Keith
Thanks, I completely overlooked this. I'm going to test it tomorrow and let you know the results, but it should work.Quote:
Originally Posted by Keith Donald
Thanks, it worked. I was over thinking things.
Thanks guys. I just ran into this myself. For anyone else wondering:
This assumes you have set the "alwaysRemember" flag to true otherwise you would somehow need to pass the parameter value (e.g. _spring_security_remember_me) as well. I couldn't figure out how to do this nicely. Implement your own version of SignInAdapter and here's the signIn method.
Code:public String signIn(String localUserId, Connection<?> connection, NativeWebRequest request) {
User user = userService.findUser(new ObjectId(localUserId), true);
// set user in secure context
Principal principal = new Principal(user);
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities()));
// add remember me
rememberMeServices.loginSuccess(request.getNativeRequest(HttpServletRequest.class), request.getNativeResponse(HttpServletResponse.class), SecurityContextHolder.getContext().getAuthentication());
return extractOriginalUrl(request);
}
Hey Bjorn,
Thanks for the post. Was looking at doing this exact thing myself. A couple of quick questions:
Are you still adding the spring_security_remember_me parameter to the request?, or does the rememberMeService take care of this?
Are you redirecting(client) after extracting the original URL?
I tried this out, and it does not seem like the REMEMBER_ME cookie is being set....I am probably doing something stupid here.
Thanks,
Joe
Hi Joe,
You have to set alwaysRemember to true for this to work. Have not come up with a way to elegantly passing the spring remember me param here.
Here's the rest of the code:
Code:private String extractOriginalUrl(NativeWebRequest request) {
HttpServletRequest nativeReq = request.getNativeRequest(HttpServletRequest.class);
HttpServletResponse nativeRes = request.getNativeResponse(HttpServletResponse.class);
SavedRequest saved = requestCache.getRequest(nativeReq, nativeRes);
if (saved == null) {
return null;
}
requestCache.removeRequest(nativeReq, nativeRes);
removeAutheticationAttributes(nativeReq.getSession(false));
return saved.getRedirectUrl();
}
private void removeAutheticationAttributes(HttpSession session) {
if (session == null) {
return;
}
session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}