2

私は最初に Spring Security を実装し、永続的なトークン メソッドで動作するようにしました。その後、Spring Social を実装し、長い闘争の末、ようやく機能するようになりました。UserConnection テーブルに適切な行が作成されています。

私の問題は、ユーザーが Facebook でアプリにサインインしているときに、SignInAdapterImp が必要に応じて呼び出されていることです。ここでユーザー認証を行います。しかし、その後すぐに UserDetailsS​​erviceImp が呼び出されます。これは、基本的にユーザーを再度認証しようとしています。これは、非ソーシャル ユーザーを認証するために設定したクラスです。

私のSpring Securityのセットアップと関係があると推測しているので、security.xmlファイルを投稿しています。ありとあらゆる助けをいただければ幸いです。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
   xmlns="http://www.springframework.org/schema/security"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:beans="http://www.springframework.org/schema/beans"
   xmlns:sec="http://www.springframework.org/schema/security"
   xsi:schemaLocation="
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

<!-- To allow standards-based @Secured annotation -->
<!-- global-method-security secured-annotations="enabled" /-->

<!-- http pattern="/signup" security="none"/>
<http pattern="/singin" security="none"/ -->

<http create-session="stateless" entry-point-ref="restAuthenticationEntryPoint" use-expressions="true">
    <intercept-url pattern="/connect/**" access="ROLE_USER" />
    <!--NOT NEEDED WITH ANNOTATIONS:  intercept-url pattern="/services/schedule/**" access="ROLE_USER, ROLE_ADMIN"/ -->    
    <custom-filter ref="userPassAuthenticationFilter" before="FORM_LOGIN_FILTER"/>
    <custom-filter ref="rememberMeFilter" position="FIRST" />
    <!-- Adds a logout filter to Spring Security filter chain -->
    <logout logout-url="/services/auth/logout" delete-cookies="true" invalidate-session="true" success-handler-ref="restLogoutSuccessHandler"/>
    <remember-me key="rememberMeKey" user-service-ref="customUserDetailsService"/>
</http>

<!--  initialized the AuthenticationEntryPoint bean -->
<beans:bean id="restAuthenticationEntryPoint" class="com.touchvision.pilot.security.RestAuthenticationEntryPoint" />

<!-- the customAuthenticationFilter custom filter definition -->
<beans:bean id="userPassAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="rememberMeServices" ref="rememberMeServices"/>
    <beans:property name="authenticationSuccessHandler" ref="mySuccessHandler"/>
    <beans:property name="filterProcessesUrl" value="/services/auth/login"/>
    <beans:property name="usernameParameter" value="username"/>
    <beans:property name="passwordParameter" value="password"/>
    <beans:property name="postOnly" value="false"/>
</beans:bean>


<!-- the Remember Me bean definition -->
<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
    <beans:property name="key" value="springRocks"/>
    <beans:property name="alwaysRemember" value="true" /> 
    <!-- NOT NEEDED WITH ALWAYSREMEMBER:  beans:property name="parameter" value="persistLogin"/ --> <!-- This is used to change the param from _spring_security_remember_me -->
    <beans:property name="userDetailsService" ref="customUserDetailsService"/>
    <beans:property name="tokenRepository" ref="tokenRepository"/>
</beans:bean>

<!-- the remember-me filter bean -->
<beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
    <beans:property name="rememberMeServices" ref="rememberMeServices"/>
    <beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>

<!-- the remember-me authentication provider bean definition -->
<beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
    <beans:property name="key" value="springRocks"/>
</beans:bean>

<!-- Instantiates the bean for the token provider -->
<beans:bean id="tokenRepository" class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
    <beans:property name="createTableOnStartup" value="false"/>
    <beans:property name="dataSource" ref="dataSource"/>
</beans:bean>

<!-- Configures a custom authentication success handler that returns HTTP status code 200 -->
<beans:bean id="mySuccessHandler" class="com.touchvision.pilot.security.RestAuthenticationSuccessHandler"/>

<!-- Configures a custom authentication failure handler that returns HTTP status code 401 -->
<beans:bean id="restAuthenticationFailureHandler" class="com.touchvision.pilot.security.RestAuthenticationFailureHandler"/>

<!-- Configures a custom logout success handler that returns HTTP status code 200 -->
 <beans:bean id="restLogoutSuccessHandler" class="com.touchvision.pilot.security.RestLogoutSuccessHandler"/>

<!-- Declare an authentication-manager to use a custom userDetailsService -->
<authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="customUserDetailsService">
                <password-encoder ref="passwordEncoder"/>
        </authentication-provider>          
        <authentication-provider ref="rememberMeAuthenticationProvider" />
</authentication-manager>

<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database -->
<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>

<!-- A custom service where Spring will retrieve users and their corresponding access levels  -->
<beans:bean id="customUserDetailsService" class="com.touchvision.pilot.security.CustomUserDetailsService"/> 

</beans:beans>

編集: これが私の SignInAdapter signIn() 実装です:

@Override
public String signIn(String localUserId, Connection<?> connection, NativeWebRequest request) {
    logger.info("*************** in SignInAdapterImp signIn() w/ localUserId = " + localUserId +" ****************" );

    User user = userRepo.findById(Integer.parseInt(localUserId));

    // Create a list of grants for this user
    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    logger.info("Grant ROLE_USER to this user");
    authorities.add(new GrantedAuthorityImpl("ROLE_USER"));

    Authentication authentication = new UsernamePasswordAuthenticationToken(user.getEmail(), user.getPassword(), authorities);
    SecurityContextHolder.getContext().setAuthentication(authentication);

    // set remember-me cookie
    persistentTokenRememberMeServices.loginSuccess(
        (HttpServletRequest) request.getNativeRequest(),
        (HttpServletResponse) request.getNativeResponse(),
        authentication);

    return null;
}
4

1 に答える 1

0

http フィルター リストに重複したフィルターがあることがわかりました。記憶機能用に 2 つのフィルターを定義しました。最終的に実装されたフィルタ セットは次のとおりです。

<http entry-point-ref="restAuthenticationEntryPoint" use-expressions="true">
        <!--NOT NEEDED WITH ANNOTATIONS:  intercept-url pattern="/services/schedule/**" access="ROLE_USER, ROLE_ADMIN"/ -->    
        <custom-filter before="FORM_LOGIN_FILTER" ref="userPassAuthenticationFilter" />
        <custom-filter position="REMEMBER_ME_FILTER" ref="rememberMeFilter"  />
        <custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />       
    </http>
于 2013-11-12T03:01:48.833 に答える