OK, got the signin - signup with Twitter and Facebook working, but still not right
OK, I think what is happening is that they login with Facebook or Twitter and since they aren't a user yet in our application, they get directed to our registration page where they can enter a password and other information for our application. They save, and like perfection, they are also now logged in to our application. However, they don't seem to have the Roles that I added to the UserDetails object. And therefore some things that should show on the page aren't because of using <security> taglib. And it has things like <security:authorize access="hasRole('Player')">
Which since they aren't getting their role, it isn't showing. In my code for the post of signup has
As you can see in the code I add a UserRole, which by default is set to "Player" in its no-arg constructor. Then I save it to the database. I then run two lines I copied from the showcase and redirect back to our home page.Code:if (accountSecurity != null) { accountSecurity.addRole(new UserRole()); accountSecurity.setLastModified(new Date()); accountService.save(accountSecurity); SpringSecuritySignInAdapter.signin(accountSecurity.getUsername()); ProviderSignInUtils.handlePostSignUp(accountSecurity.getUsername(), request); return "redirect:/"; }
I think the adapter isn't really signing in to Spring Security as it would if the user logged in through the login page and j_spring_security_check happens. I am guessing the adapter signin method is making a fake Authentication object. So I think that might need to change.
Also, TextEncryptor. In the showcase it has noOpt, which can't be used in production, but I can't find anywhere in the Spring Social doc that explains how or what to use in production. Mostly how to get it setup and working. I know it comes from Spring Security, but I think the Spring Social docs needs to either link to an explaination (Since I found out a textEncryptor bean is mandatory in Spring Social configuration. If I leave it out it shows errors) or explain it in the docs.
The sample showcase is great, but there aren't any docs explaining what is what so it is a matter of guessing what is unique to that application versus all applications that would use Spring Social.
Thanks
Mark
Reply With Quote