6

I want to have a JS application in on client-side (no jsps) that will communicate with back-end only with REST calls. I want also to enable users to be able to login with FB, Twitter accounts. In addition, I also want to enable users to register their own accounts. For this purpose I want to use Spring-security and spring-social on backend and Javascript SDK in front to get access_token from the FB, which will be then passed to backend.

The question is: how do I create a REST controller that would authenticate using spring-social and spring-security facilities?

I read through the examples in:

https://github.com/spring-projects/spring-social-samples

but couldn't really find how I could make use of ProviderSignInController or SpringSocialConfigurer for this purpose. I guess I cannot use the SocialAuthenticationFilter in my case since the "/auth/{providerid}" url is not what I'm looking for. However, I guess the ProviderSingInController seems to be of use here neither. Please correct me if I'm wrong. Ideally I would like to benefit from all capabilities of Spring Security framework.

I will appreciate any suggestions.

Best regards

EDIT

I would like to follow a flow like here: http://porterhead.blogspot.com/2013/01/writing-rest-services-in-java-part-4.html but using the Spring Social and Spring Security combined.

The front-end application is written in AngularJS

2nd EDIT

It turns out that you can simply make use of all the Spring Social modules benefits out of the box. The only thing a client has to do is call a GET on the auth/facebook or whatever link to fire entire 0auth dance which will eventually return the authentication result. Then you can control the flow easily (register account or return some relevant information to the client to let know registration is needed). So the SpringSocialConfigurer works well in this case (apart from the fact that it doesn't support scope setting yet, however, this can be changed manually, check my pull request @ github.com/spring-projects/spring-social/pull/141)

3rd EDIT - 14.10.2014

As requested, I will share how I managed to make it work.

Given I have configured my security filter in the following way:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
...
@Override
public void configure(final HttpSecurity http) throws Exception {
    http.formLogin()
    ...
    .and().apply(getSpringSocialConfigurer());
}

private SpringSocialConfigurer getSpringSocialConfigurer() {
    final SpringSocialConfigurer config = new SpringSocialConfigurer();
    config.alwaysUsePostLoginUrl(true);
    config.postLoginUrl("http://somehost.com:1000/myApp");
    return config;
}

Once my application is set up, the only thing I need to call is http://somehost.com:1000/myApp/auth/facebook with GET request.

Adam Soliński
  • 444
  • 1
  • 8
  • 19
  • can you share your code or solution? esp when the angular calling the /connect/facebook url? I am having issue of auth dance! – Jaxox Oct 08 '14 at 22:54
  • Hi, I added some more details above. If you need more help just ping me. Just a note: with the SpringSocialConfigurer added to your filters you should be using auth/facebook instead of connect/facebook, where you probably send POSTs. So when I have all set up like above, one call triggers all the dancing. – Adam Soliński Oct 14 '14 at 18:45
  • I still can't figure it out, can you look at my issue? http://stackoverflow.com/questions/26267838/spring-social-facebook-api-angularjs – Jaxox Oct 15 '14 at 22:29
  • I tried setting it up the way you have it, but when i go to /auth/facebook, it tries to redirect me to /signup and says "there's no mapping for /signup". Any idea what I'm missing? Thanks! – AlexG Apr 06 '15 at 07:15
  • You need a controller for signup action in order to register user. It means you already have response from the Facebook API. Logging with Facebook requires you to keep the authentication details on your db side. For more details you can check http://www.petrikainulainen.net/programming/spring-framework/adding-social-sign-in-to-a-spring-mvc-web-application-registration-and-login/ where there is an example of what I am writing about. Cheers, good luck – Adam Soliński Apr 11 '15 at 16:55
  • so this aproach does not follow the initial intention to let "Javascript SDK in front to get access_token from the FB, which will be then passed to backend", but let the backend get the access_token? – davey Jun 27 '17 at 10:58

1 Answers1

0

"In addition, I also want to enable users to register their own accounts"

If you say that you want to allow users to login with their own credentials (without FB/twiter), you need to let them also to create account, and to support forgot password, etc...

If that is the case, maybe this SO thread might be helpful. The auth-flows package also supports REST API.

Create Account, Forgot Password and Change Password

Community
  • 1
  • 1
OhadR
  • 8,276
  • 3
  • 47
  • 53