Spring Security + Spring Social + Filters

**Abandonfish** · Mar 16th, 2011, 11:25 AM

I've created a blog entry for some recent development I did to get Spring Social working with Spring Security via a AuthenticationFilter (as opposed to a SignInController).

Hopefully this will serve a couple of purposes:
1) It may be of use to other developers integrating Spring Social.
2) It should demonstrate a particular use-case for Spring Social authentication that the current SignInControllers do not address. As such, hopefully the developers for Spring Social will have a look, in particular at the hacks I had to do for it to work and consider if this in something they might want to look at in future releases.

http://blog.trickl.com/?p=51

**sfussenegger** · Mar 16th, 2011, 01:38 PM

Hi Abandonfish,

I've just came here to post my own finding. I think that could be called bad timing

Anyway, here is my code: spring-social-security at GitHub

My main intention so far was populating SecurityContext from Facebook cookies, that's why I was looking closely at the RememberMeAuthenticationFilter for my implementation. Still, I'd be happy if you had a look and give some thoughts. I'll do the same with your blog post. Maybe it makes sense to join forces.

Cheers, Stefan

**Abandonfish** · Mar 16th, 2011, 02:29 PM

That's great. Just highlights the need for the Filter based approach doesn't it? I've just started to look at your code and fortunately we haven't done exactly the same thing. So we should be able to figure out the best of both worlds and aim towards a design that fits everyone's authentication requirements.

**Keith Donald** · Mar 16th, 2011, 02:39 PM

Hey guys,

So if I try to sum up your requirements it looks like:
1. You'd like to see a Spring Security Filter that could authenticate the user by one of their provider accounts.
2. You'd like the ability to create a local user profile implicitly without requiring the user to complete a registration form.

Does this sum it up? Let us know if we are missing anything.

Keith

**Abandonfish** · Mar 16th, 2011, 03:22 PM

I'd be very happy if those features found their way into a future release. Thanks Keith.

**sfussenegger** · Mar 17th, 2011, 03:03 AM

Keith,

1. Definitely a requirement, that's what both of us did so far, differently though
2. Sounds like a nice to have feature, not strictly required for spring-security integration though.

What is still missing is a non-spring-mvc way to connect existing/new users to a service provider. That's what Abandonfish did. I focused on authenticating users based on information from the current request (i.e. FB cookies).

I'll try to reuse Abandonfish's code in our GitHub project. Hence you could easily fork it from there to make it part of core at a later stage.

**Keith Donald** · Mar 17th, 2011, 10:01 AM

Some more discussion on the provider authentication model is happening here: http://forum.springsource.org/showthread.php?p=351475

Thread: Spring Security + Spring Social + Filters

Thread Tools

Display

Hybrid View

Spring Security + Spring Social + Filters

Tags for this Thread

Posting Permissions