Spring Social Remember me with Facebook/Twitter login

**x2Real** · Aug 5th, 2011, 06:34 PM

Is it possible to have a remember me functionality with Facebook and Twitter login using Spring social?

I'm using Spring Social 1.0.0.RC2 and Spring Security 3.0.5.RELEASE.

Thanks

**x2Real** · Aug 8th, 2011, 02:06 PM

I solved this by making my own signin controller and calling the loginSuccess method of the TokenBasedRememberMeServices class.

**Keith Donald** · Aug 8th, 2011, 04:36 PM

Cool. I wonder, could you reuse the existing ProviderSignInController and plug in a custom SignInAdapter that did this additional RememberMe work? Just wondering if that would also work for you.

**x2Real** · Aug 8th, 2011, 05:47 PM

Originally Posted by Keith Donald

Cool. I wonder, could you reuse the existing ProviderSignInController and plug in a custom SignInAdapter that did this additional RememberMe work? Just wondering if that would also work for you.

I thought about this method but it appeared it would not work because the SignInAdapter interface has the following signature for the signIn method: String signIn(String userId, Connection<?> connection, NativeWebRequest request);

onLoginSuccess of TokenBasedRememberMeServices requires a HttpServletRequest request and HttpServletResponse response and I'm not sure how those fields can be passed down to the adapter method.
Signature of onLoginSuccess: public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication)

If I missed something obvious please let me know.

**Keith Donald** · Aug 8th, 2011, 07:22 PM

NativeWebRequest provides access to the Native HttpServletRequest and HttpServletResponse. Check the API JavaDocs for details. Quickstart I believe also shows this.

Let me know if it in fact works out for you b/c our SignInController should be flexible enough to support cases like this.

Keith

**x2Real** · Aug 8th, 2011, 07:43 PM

Originally Posted by Keith Donald

NativeWebRequest provides access to the Native HttpServletRequest and HttpServletResponse. Check the API JavaDocs for details. Quickstart I believe also shows this.

Let me know if it in fact works out for you b/c our SignInController should be flexible enough to support cases like this.

Keith

Thanks, I completely overlooked this. I'm going to test it tomorrow and let you know the results, but it should work.

**x2Real** · Aug 9th, 2011, 11:56 AM

Thanks, it worked. I was over thinking things.

**bjornharvold** · Sep 26th, 2011, 02:11 PM

Thanks guys. I just ran into this myself. For anyone else wondering:

This assumes you have set the "alwaysRemember" flag to true otherwise you would somehow need to pass the parameter value (e.g. _spring_security_remember_me) as well. I couldn't figure out how to do this nicely. Implement your own version of SignInAdapter and here's the signIn method.

Code:

public String signIn(String localUserId, Connection<?> connection, NativeWebRequest request) {
        User user = userService.findUser(new ObjectId(localUserId), true);

        // set user in secure context
        Principal principal = new Principal(user);
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities()));

        // add remember me
        rememberMeServices.loginSuccess(request.getNativeRequest(HttpServletRequest.class), request.getNativeResponse(HttpServletResponse.class), SecurityContextHolder.getContext().getAuthentication());

        return extractOriginalUrl(request);
    }

**josephshoop** · Oct 4th, 2011, 12:25 PM

Hey Bjorn,

Thanks for the post. Was looking at doing this exact thing myself. A couple of quick questions:

Are you still adding the spring_security_remember_me parameter to the request?, or does the rememberMeService take care of this?

Are you redirecting(client) after extracting the original URL?

I tried this out, and it does not seem like the REMEMBER_ME cookie is being set....I am probably doing something stupid here.

Thanks,

Joe

**bjornharvold** · Oct 4th, 2011, 12:32 PM

Hi Joe,

You have to set alwaysRemember to true for this to work. Have not come up with a way to elegantly passing the spring remember me param here.

Here's the rest of the code:

Code:

private String extractOriginalUrl(NativeWebRequest request) {
        HttpServletRequest nativeReq = request.getNativeRequest(HttpServletRequest.class);
        HttpServletResponse nativeRes = request.getNativeResponse(HttpServletResponse.class);
        SavedRequest saved = requestCache.getRequest(nativeReq, nativeRes);
        if (saved == null) {
            return null;
        }
        requestCache.removeRequest(nativeReq, nativeRes);
        removeAutheticationAttributes(nativeReq.getSession(false));
        return saved.getRedirectUrl();
    }

    private void removeAutheticationAttributes(HttpSession session) {
        if (session == null) {
            return;
        }
        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    }

Thread: Spring Social Remember me with Facebook/Twitter login

Thread Tools

Display

Spring Social Remember me with Facebook/Twitter login

Posting Permissions