我使用Spring 3和spring安全。我正在整合社交账户,例如Facebook,Twitter和Google。我在那里使用javascript sdk版本,但我的问题是我可以注册一个用户,但我不知道如何验证它们。实现社交媒体登录弹簧安全
例如:
当用户点击任何新的对话框打开验证成功后我可以得到他们的基本个人资料详细信息链接(在Facebook,Twitter的,谷歌)的:电子邮件,ID,姓名,图像和我使用ajax将所有这些信息传递给我的控制器,如果用户尚未注册,则调用service和dao来保存用户。
直到这里一切工作正常。我使用用户ID并使用salt对它们进行加密并将其作为密码保存到数据库中(我不确定这是否是正确的方式来处理它)但现在我的困惑是如何验证用户并允许他们登录到系统。
我的security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- Configuration for master level user login -->
<http auto-config="true" use-expressions="true"
disable-url-rewriting="true">
<!-- <csrf /> -->
<headers>
<cache-control />
<content-type-options />
<hsts />
<frame-options />
<xss-protection />
</headers>
<!-- requires-channel="https" -->
<intercept-url pattern="/favicon.ico" access="permitAll" />
<intercept-url pattern="/login*" access="permitAll" />
<intercept-url pattern="/login/facebook-login*" access="permitAll" />
<intercept-url pattern="/validateUserCredentials*"
access="permitAll" />
<intercept-url pattern="/register*" access="permitAll" />
<intercept-url pattern="/activation*" access="permitAll" />
<intercept-url pattern="/restore*" access="permitAll" />
<intercept-url pattern="/resend*" access="permitAll" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/license*"
access="hasAnyRole('${role.admin}', '${role.master}')" />
<intercept-url pattern="/**"
access="hasAnyRole('${role.admin}', '${role.master}', '${role.owner}', '${role.simple}')" />
<access-denied-handler error-page="/denied" />
<form-login login-page="/login" default-target-url="/logged"
authentication-failure-url="/loginfailed" login-processing-url="/j_spring_security_check" />
<logout logout-success-url="/login" invalidate-session="true"
delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE" />
<session-management session-fixation-protection="migrateSession">
<concurrency-control error-if-maximum-exceeded="true"
max-sessions="1" expired-url="/login" />
</session-management>
<remember-me token-validity-seconds="86400" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="daoAuthenticationProvider" />
</authentication-manager>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService" />
<beans:property name="saltSource" ref="saltSource" />
<beans:property name="passwordEncoder" ref="passwordEncoder" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />
<beans:bean id="saltSource"
class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<beans:property name="userPropertyToUse" value="salt" />
</beans:bean>
<beans:bean id="userDetailsService" name="userAuthenticationProvider"
class="com.luffy.security.AuthenticationUserDetailService">
</beans:bean>
</beans:beans>
任何帮助将不胜感激。我尽我所能解决了这个问题,但我无法找出任何可靠的解决方案。
感谢我一直在寻找从很长一段时间是这样的,但我仍然有您的解决方案一个问题,就是当我从FB验证用户的答案我如何在春季验证和授权同一用户,以便春季可以验证用户。对不起,如果你发现它愚蠢我坚持在这从相当一段时间 – Luffy
我添加了自定义实现?希望能帮助到你。春季需要一点配置来处理customAuthentication。 –