tags:

views:

676

answers:

1
+1  Q: 

Spring Security: Multiple Logins to the same resources: Form Login + Facebook Connect (uid, sessionKey)

To begin I know about

http://blog.kadirpekel.com/2009/11/09/facebook-connect-integration-with-spring-security/

The only problem is that it completely replaces the Form Login with Facebook Connect.

I have the native form login in place,

I also have Facebook Connect in place, Upon gathering user information I link it to a native account but without a password.

At that point I would like to call a link or method to start process of going into the Spring Security Filter Chain.

Here is the source code that works, but am trying to modify. It contains all the files I'm taking about.

Now from what I understand I need to add a custom FacebookAuthenticationProvider so that my AuthenticationManager knows about it.

<bean id="facebookAuthenticationProvider" class="org.springframework.security.facebook.FacebookAuthenticationProvider">
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="facebookAuthenticationProvider" />
</security:authentication-manager>

Then within the FacebookAuthenticationProvider I would have to call an FacebookAuthenticationToken that would take my the current facebook Uid and SessionKey of the user.

Then try authenticate this Token.

So where does the FacebookAuthenticationFilter come into it?

I'm just trying to understand the order at which these 3 files are called. As if you were trying to implement any other custom authentication.

FacebookAuthenticationFilter.java   
FacebookAuthenticationProvider.java     
FacebookAuthenticationToken.java

I have also posted this on the Spring Security Forum

+1  A: 

I've written an article about multiple authentication providers with spring security (so e.g. one form login, one facebook login and one login with open-id). Hope that helps: http://thoean.com/programming/java/multiple-authentication-provider-with-spring-security/

Markus  2010-04-11 18:15:05
Thank you markus. I've tried it and it works fine. The only problem I've found so far is that calling SecurityContextHolder.getContext().getAuthentication().getPrincipal() always returns null, instead of the Facebook user id.That is because FacebookAuthenticationToken#getPrincipal always returns null. I've tried to write a wrapper that returns the proper user id with no success. Do you have any idea ?
Guido  2010-04-25 09:44:08
Did you make sure that getPrincipal() of your token returns a value? I mean, which FacebookAuthenticationToken are you using?I'm using my own - as an example you could set the first_name and last_name of the facebook user... or whatever.Hope this helps.
Markus  2010-06-03 17:14:17

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication