Getting 404 when clicking on Logging in with Facebook and Twitter

[bytor99999]

Thanks

Yeah, I see my long post now. Wonder why I didn't see it before.

Meanwhile I managed to get myself side tracked. Bootstrap themes out there, and spent the past hour or two trying to get a nice <hr> with text in the middle to look nice, using different approaches. Easy to get sidetracked on these little stupid things.

Never did get that to work. Had great samples online, but as usual something specific in my app with Bootstrap makes standard stuff not work.

Anyway. Now I am back. And what used to work a bit in Facebook is now giving me an error.

An error occurred. Please try again later.

API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri isn't an absolute URI. Check RFC 3986.

I wonder if the user is already accepted/authenticated through Facebook, that this error is like Twitters, in that the redirect/callback to my app is not set up.

Thanks

Mark

[bytor99999]

So some code.

Here is the section in our index.jsp page for connect/login to FaceBook and Twitter.

We have a single page app, so on the home main page is a login username/password in the Bootstrap nav, and a Registration form under that in the content/body section and these two buttons underneath the registration form

Code:

<section class="row-fluid">
    <section class="span3 offset9">
        <div class="divider">Or</div>

          <!-- TWITTER CONNECT -->
          <form id="tw_register" action="/connect/twitter" method="POST">
              <button type="submit" class="btn btn-block btn-danger">
                  <img class="icon-align-left icon-resize-horizontal" src="/resources/images/twitter/t_logo-a.png"/>
                           Register with Twitter
             </button>
          </form>
          <!-- FACEBOOK CONNECT -->
          <form name="fb_register" id="fb_register" action="/connect/facebook" method="POST">
               <input type="hidden" name="scope" value="publish_stream,user_photos,offline_access" />
               <button type="submit" class="btn btn-block btn-danger">
                    <img class="icon-align-left icon-resize-horizontal" src="resources/images/social/facebook_32.png"/>
                            Register with Facebook
                </button>
          </form>
    </section>
</section>

here is the configuration

Code:

@Configuration
@EnableJdbcConnectionRepository
@EnableTwitter(appId="${twitter.consumerKey}", appSecret = "${twitter.consumerSecret}")
@EnableFacebook(appId = "${facebook.clientId}", appSecret = "${facebook.clientSecret}")
public class SocialConfig {

  @Autowired
  SpringSecuritySignInAdapter springSecuritySignInAdapter;

  @Autowired
  ConnectionFactoryLocator connectionFactoryLocator;

  @Autowired
  ConnectionRepository connectionRepository;

  @Autowired
  UsersConnectionRepository usersConnectionRepository;

 	@Bean
 	public ConnectController connectController() {
 		ConnectController connectController = new ConnectController(connectionFactoryLocator, connectionRepository);
    connectController.setApplicationUrl("${site.url}");
 		return connectController;
 	}

  @Bean
  	public ProviderSignInController providerSignInController(RequestCache requestCache) {
  		return new ProviderSignInController(connectionFactoryLocator, usersConnectionRepository, new SpringSecuritySignInAdapter(requestCache) );
  	}

  	@Bean
  	public UserIdSource userIdSource() {
      SpringSecurityAuthenticationNameUserIdSource userIdSource = new SpringSecurityAuthenticationNameUserIdSource();
      return userIdSource;
    }

}

Here is the Encryptor

Code:

<bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors"
                factory-method="text">
            <constructor-arg value="${security.encryptPassword}" />
            <constructor-arg value="${security.encryptSalt}" />
        </bean>

Our dispatcherServlet is mapped to "/"

I believe that is all the code/configuration currently in our application. I do have a custom UserDetailsService and a custom UserDetails for Spring Security, but there is no Spring Social code in it. Also there are no Controllers with @RequestMapping to any social URL, which I might end up needing.

Thanks

Mark

[habuma]

What does ${site.url} resolve to?

And why did you feel like you needed to set the applicationUrl property? (Maybe you need to, but I want to understand why you thought it necessary.)

And what is the Site URL configured as at developer.facebook.com?

At a glance, your configuration looks fine and the error you're getting from FB sounds like the same mismatch between your redirect URL and the Site URL that you were getting yesterday.

[bytor99999]

I've copied and pasted config stuff so much, that I have no clue where I got ${site.url} from.

So, I just removed it.

Is there a place in the documentation that shows where/which Controller you would put an @RequestMapping for the callback in the end? Or in the showcase app?

Thanks

Mark

[bytor99999]

So still getting the Facebook error.

For Twitter now I get

HTTP Status 404 - /WEB-INF/views/connect/twitterConnect.jsp

Don't understand where it would get that from.

Probably what happens when you copy paste from others work.

Mark

[habuma]

Just like the signin pages, the connection pages are application-defined, too. This is at least implied in http://static.springsource.org/sprin...troller-flow-2, but perhaps it should be made more clear that the connection form is app-defined. Notice that it's also app-defined in the showcase example.

[bytor99999]

Just like the signin pages, the connection pages are application-defined, too. This is at least implied in http://static.springsource.org/sprin...troller-flow-2, but perhaps it should be made more clear that the connection form is app-defined. Notice that it's also app-defined in the showcase example.

Thanks. Looking at that documentation it says

"To kick off the connection flow, the application should POST to /connect/{providerId}. Continuing with the Twitter example, a JSP view resolved from "connect/twitterConnect" might include the following form:"

That sounds like the cart in front of the horse. For instance, in our app that "form" is on the index page, and it is after that that we get the 404 error trying to go to "connect/twitterConnect" so after the form, not before.

So that doc actually confused me more.

Thanks

Mark

[bytor99999]

OK. at this point I have create two .jsp pages one for Twitter and one for Facebook called facebookConnect.jsp and twitterConnect.jsp in which they are identical. importing my registration form and headers/nav like

Code:

<%@ include file="../headers.jsp"%>
<body>
        <%@ include file="../nav/navigation.jsp"%>
        <%@ include file="../forms/accountDetails.jsp"%>
</body>
</html>

Now, I haven't been using Spring's form taglib. I kind of wanted to avoid all the jsp things. But it looks like in order to get one of my domain objects for registration populated with the social User object I will have to get the data into the model. I will open another thread for that question.

Thanks

Mark

[Simon Brown]

I've just upgraded a website that uses Spring Social from Java 6 to Java 7 and I ran into the same issue Mark has ... I get redirected to http://localhost:8080/signin?error=provider during the sign-in process and the logs indicate that /signin/twitter is not found (404).

It took a while to debug but, in my case anyway, the fix was simple and relates to Java 7 being shipped with limited crypto. If you are having the same issue, try the following:

- Change text encryption to use "noOpText" (the textEncryptor dependency on your JdbcUsersConnectionRepository bean).
- If your app starts working, revert the above change and install "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7" (http://www.oracle.com/technetwork/ja...ad-432124.html)

I created a basic unit test around the text encryptor stuff and it fails under Java 7 with "java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key". A quick Google search shows that the default JVM crypto is limited and not compatible.

Code:

import org.junit.Test;
import org.springframework.security.crypto.encrypt.Encryptors;
import org.springframework.security.crypto.encrypt.TextEncryptor;

public class EncryptorTest {

  @Test
  public void testEncryption() {
    TextEncryptor te = Encryptors.text("password", "abcdef");
    te.encrypt("Hello World!");
  }

}

I think something inside of Spring is hiding this exception ... at least I couldn't see it in my logs.

Hope that helps.

Cheers
Simon

[habuma]

Simon: It's odd that you get a 404, but nonetheless. This sounds like a potential Java 7-related bug in Spring Security. If you've not done so already, you should post your findings as a bug at https://jira.springsource.org/browse/SEC for the Spring Security guys to look into.