Hi,
I'm not sure to understand what you want to achieve here : I think you want
to authenticate with your CAS server or with Facebook, right ?
I advice you to use the Facebook client support provided with the CAS
server to handle FB authentication in a centralized way, on the CAS server
side : https://wiki.jasig.org/pages/viewpage.action?pageId=57577635.
Best regards,
Jérôme
Le samedi 29 juin 2013 11:31:41 UTC+2, Rohit Kotecha a écrit :
>
> Hi team,
>
>
>
> i have integrated my spring security base web applilication using CAS
> server and it works fine.
>
>
>
> now i am trying to implement facebook login in it. so i did require
> configuration on CAS server side
>
> and in standalone CAS server its working ok.
>
>
>
> But i am facing problem in integration of facebook login via cas to spring
> security base web app.
>
>
>
> When user visit site, homepage is display to user on which ther is link
> for sign in. on clicking it user will be redirect to cas login page
>
> on which there is option to login with facebook.
>
>
>
> so user on click on login with fb link, facebook login page is display,
> user enteres credential and user will be redirected
>
> back to our web application.
>
>
>
> so after redirection i want to invoke facebookAuthenticationFilter in
> which we have implemented code to get fb unique id.
>
>
>
> but i am not able to invoke it and while debugging found that control is
> going to authenticationProviderFacebook bean.
>
>
>
> my spring security configuration mentioned below.
>
>
>
> <security:http entry-point-ref="casEntryPoint" auto-config="true">
>
>
>
> <security:intercept-url pattern="/home"
> access="IS_AUTHENTICATED_ANONYMOUSLY" />
>
> <security:intercept-url pattern="/login"
> access="ROLE_USER" />
>
>
>
>
>
> <security:intercept-url pattern="/*.html"
> access="IS_AUTHENTICATED_ANONYMOUSLY" />
>
> <security:intercept-url pattern="/*.do"
> access="ROLE_USER" />
>
>
>
> <security:custom-filter
> position="CAS_FILTER" ref="casFilter" />
>
> <security:custom-filter
> before="FORM_LOGIN_FILTER" ref="facebookAuthenticationFilter" />
>
> <security:logout
> logout-success-url="${cas.server.url}/logout?service=${application.service.url}/home"
>
> invalidate-session="true"/>
>
> </security:http>
>
>
>
> <bean id="casEntryPoint"
> class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
>
> <property name="loginUrl"
> value="${cas.server.url}/login"/>
>
> <property name="serviceProperties"
> ref="serviceProperties"/>
>
> </bean>
>
>
>
> <security:authentication-manager
> alias="authenticationManager">
>
> <security:authentication-provider
> ref="casAuthenticationProvider" />
>
> <security:authentication-provider
> ref="authenticationProviderFacebook" />
>
> </security:authentication-manager>
>
>
>
> <bean id="casAuthenticationProvider"
> class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
>
> <property
> name="authenticationUserDetailsService">
>
> <bean
> class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
>
>
> <constructor-arg ref="userDetailsService" />
>
> </bean>
>
> </property>
>
> <property name="serviceProperties"
> ref="serviceProperties" />
>
> <property name="ticketValidator">
>
> <bean
> class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
>
> <constructor-arg index="0"
> value="${cas.server.url}" />
>
> </bean>
>
> </property>
>
> <property name="key" value="cas"/>
>
> </bean>
>
>
>
> <bean id="userDetailsService"
> class="com.nihilent.venice.web.security.authenticationProvider.UserDetailServiceImpl">
>
> <property name="loginService"
> ref="loginService" />
>
> </bean>
>
>
>
> <bean id="serviceProperties"
> class="org.springframework.security.cas.ServiceProperties">
>
> <property name="service"
> value="${application.service.url}/j_spring_cas_security_check"/>
>
> <property name="sendRenew" value="false"/>
>
>
>
> </bean>
>
>
>
> <bean id="facebookAuthenticationFilter"
> class="com.nihilent.venice.web.security.filter.CASFacebookAuthenticationFilter">
>
> <property name="authenticationManager"
> ref="authenticationManager" />
>
> <property
> name="authenticationSuccessHandler"
> ref="facebookAuthenticationSuccessHandler" />
>
> <property
> name="authenticationFailureHandler"
> ref="authenticationFailureHandler"></property>
>
> </bean>
>
>
>
> <bean id="authenticationProviderFacebook"
> class="com.nihilent.venice.web.security.authenticationProvider.FacebookAuthenticationProvider">
>
> <property name="roles"
> value="ROLE_FACEBOOK_USER" />
>
> </bean>
>
>
>
> <bean id="facebookAuthenticationSuccessHandler"
> class="com.nihilent.venice.web.security.handlers.VeniceFacebookAuthenticationSuccessHandler">
>
> <property name="registrationService"
> ref="facebookRegistrationService" />
>
> <property name="facebookHelper"
> ref="facebookHelper" />
>
> </bean>
>
>
>
> <bean id="facebookHelper"
> class="com.nihilent.venice.web.util.impl.FacebookHelperImpl" />
>
>
>
>
>
> and CASFacebookAuthenticationFilter.java has below code.
>
>
>
>
>
> public class CASFacebookAuthenticationFilter extends
> AbstractAuthenticationProcessingFilter {
>
>
>
> /** The Constant DEFAULT_FILTER_PROCESS_URL. */
>
> public static final String DEFAULT_FILTER_PROCESS_URL =
> "/j_spring_facebook_security_check";
>
>
>
> /**
>
> * Instantiates a new venice facebook authentication filter.
>
> */
>
> protected CASFacebookAuthenticationFilter() {
>
> super(DEFAULT_FILTER_PROCESS_URL);
>
> }
>
>
>
> /*
>
> * (non-Javadoc)
>
> *
> @seeorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#attemptAuthentication(javax.servlet.http.
>
> * HttpServletRequest, javax.servlet.http.HttpServletResponse)
>
> */
>
> public Authentication attemptAuthentication(HttpServletRequest req,
> HttpServletResponse res) throws AuthenticationException,
>
> IOException, ServletException {
>
> HttpServletRequest request = req;
>
> HttpServletResponse response = res;
>
> System.out.println("------VENICE
> VeniceFacebookAuthenticationFilterppppp-------");
>
> Long uid = null;
>
> if(request.getParameter("uid") != null &&
> !"".equals(request.getParameter("uid"))){
>
> uid = Long.valueOf(request.getParameter("uid"));
>
> }
>
>
>
> FacebookAuthenticationToken token = new
> FacebookAuthenticationToken(uid);
>
>
> token.setDetails(authenticationDetailsSource.buildDetails(request));
>
> AuthenticationManager authenticationManager =
> getAuthenticationManager();
>
> Authentication authentication =
> authenticationManager.authenticate(token);
>
> return authentication;
>
> }
>
> }
>
>
>
> where FacebookAuthenticationToken is custom class which extends
> AbstractAuthenticationToken and it's methods.
>
>
>
> and facebookauthenticationprovider has below logic.
>
>
>
> public class FacebookAuthenticationProvider implements
> AuthenticationProvider {
>
>
>
> /**
>
> * Instantiates a new facebook authentication provider.
>
> */
>
> public FacebookAuthenticationProvider() {
>
> }
>
>
>
> /*
>
> * (non-Javadoc)
>
> * @see
>
> *
> org.springframework.security.authentication.AuthenticationProvider#authenticate(org.springframework.security.core.Authentication)
>
> */
>
> public Authentication authenticate(Authentication authentication)
> throws AuthenticationException {
>
> FacebookAuthenticationToken facebookAuthentication =
> (FacebookAuthenticationToken) authentication;
>
>
>
> System.out.println("---Facebook
> --UUID-"+facebookAuthentication.getUid());
>
> if (authentication instanceof FacebookAuthenticationToken) {
>
> facebookAuthentication = (FacebookAuthenticationToken)
> authentication;
>
> //FacebookAuthenticationToken facebookAuthentication =
> (FacebookAuthenticationToken) authentication;
>
> if (facebookAuthentication.getUid() == null)
>
> throw new BadCredentialsException("User not authenticated
> through facebook");
>
> if (roles == null)
>
> roles = new String[0];
>
> List authorities = new ArrayList();
>
> String arr$[] = roles;
>
> int len$ = arr$.length;
>
> for (int i$ = 0; i$ < len$; i$++) {
>
> String role = arr$[i$];
>
> authorities.add(new GrantedAuthorityImpl(role));
>
> }
>
>
>
> FacebookAuthenticationToken succeedToken = new
> FacebookAuthenticationToken(facebookAuthentication.getUid(), authorities);
>
> succeedToken.setDetails(authentication.getDetails());
>
> return succeedToken;
>
> } else {
>
> throw new
> AuthenticationCredentialsNotFoundException("Credential not Found:::fdfdf");
>
> }
>
> }
>
>
>
> /*
>
> * (non-Javadoc)
>
> * @see
> org.springframework.security.authentication.AuthenticationProvider#supports(java.lang.Class)
>
> */
>
> public boolean supports(Class authentication) {
>
> boolean supports = true;//
> FacebookAuthenticationToken.isAssignableFrom(authentication);
>
> return supports;
>
> }
>
>
>
> /**
>
> * Sets the roles.
>
> *
>
> * @param roles the new roles
>
> */
>
> public void setRoles(String roles[]) {
>
> this.roles = roles;
>
> }
>
>
>
> /**
>
> * Gets the roles.
>
> *
>
> * @return the roles
>
> */
>
> public String[] getRoles() {
>
> return roles;
>
> }
>
>
>
> /** The roles. */
>
> private String roles[];
>
>
>
> Any help/hint will be greatly appreciated.
>
>
>
> Thanks and Regards,
>
> Rohit Kotecha
>
> --
> You are currently subscribed to [email protected] <javascript:> as:
> [email protected] <javascript:>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> -**************Nihilent***************
> " *** All information contained in this communication is confidential,
> proprietary, privileged
> and is intended for the addressees only. If youhave received this E-mail in
> error please notify
> mail administrator by telephone on +91-20-39846100 or E-mail the sender by
> replying to
> this message, and then delete this E-mail and other copies of it from your
> computer system.
> Any unauthorized dissemination,publication, transfer or use of the contents
> of this communication,
> with or without modifications is punishable under the relevant law.
>
> Nihilent has scanned this mail with current virus checking technologies.
> However, Nihilent makes no
> representations or warranties to the effect that this communication is
> virus-free.
>
> Nihilent reserves the right to monitor all E-mail communications through its
> Corporate Network. *** "
>
> *************************************************************************-
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
