Geek Answers Handbook

Different principles in spring security context when using the "in bean" login method

For several days I have been working on integrating Facebook with our application. I successfully made a connection, and now, after logging into Facebook, I copy the user to our database, and later I want to use our internal principle in context .

To login to the Spring system, we overloaded our authentication manager using our class that implements UserDetailsService .

When someone logs in with facebook, he has abstract credentials that he cannot know. I used this method in my Facebook login controller to register it:

 Authentication auth = new UsernamePasswordAuthenticationToken( profile.getId(), new Md5PasswordEncoder().encodePassword( profile.getEmail() + profile.getId(), null), (Collection<? extends GrantedAuthority>) getAuthorities(profile.getId()));

Problem:

In some controllers I use

public String profile(Locale locale, Model model, HttpSession session, Principal principal) , and then principal actually contains different objects.

For regular Spring security, enter it:

org.springframew ork.security.authentication.UsernamePasswordAuthenticationToken@ 4527d081: Principal: org.springframework.security.core.userdetails.User@586034f : Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin gframework.security.web.authentication.WebAuthenticationDetails@ 21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5E9AB9E4AEE7486EC4B4F6133F77320; Granted Authorities: ROLE_ADMIN

But after logging in using the method in the controller it: org.springframew ork.security.authentication.UsernamePasswordAuthenticationToken@ cd4699c5: Principal: 1405308431; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CLIENT org.springframew ork.security.authentication.UsernamePasswordAuthenticationToken@ cd4699c5: Principal: 1405308431; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CLIENT

Question: I really do not want to distinguish between these types in all my controllers. Why is he different ?! Obviously, this is a User object (my type) when we log in with the usual credentials and just for String for facebook. How can I change it so that facebook login also gives me a User object in my security context?

+4
source share
2 answers

You need to configure the SignInAdapter as described at the end of this chapter . In the SignInAdapter.signIn(...) method, you can load your custom object from the database, then prepare the authentication object and enter it into the security context holder.

+3
source

I really did not get the “prepare authentication object” at first, but it was very simple; I am posting this example for future clarification, maybe it will be needed :)

 public class FacebookAuthenticationToken extends AbstractAuthenticationToken { private final org.springframework.security.core.userdetails.UserDetails principal; private String credentials; public FacebookAuthenticationToken(org.springframework.security.core.userdetails.UserDetails details,FacebookProfile profile, Collection<? extends GrantedAuthority> authorities){ super(authorities); this.principal = details; this.credentials = new Md5PasswordEncoder().encodePassword(profile.getEmail()+profile.getId(), null); super.setAuthenticated(true); // must use super, as we override } private static final long serialVersionUID = -7545290433068513777L; public Object getCredentials() { return this.credentials; } public Object getPrincipal() { return this.principal; } }

And now I realized that I could even use the UsernamePasswordAuthenticationToken , just enter the Object principal with the correct class. Stupid me.

+1
source

More articles:


All Articles