I use Spring 3 and Spring Security. For example, I combine social accounts: Facebook, Twitter and Google. I am using the javascript sdk version, but my problem is that I can register the user, but I am not sure how to authenticate them.
For instance:
When a user clicked on any of the new βLinks (Facebook, Twitter, Google)β dialogs after successfully completing authentication, I can get their basic profile information: email address, identifier, name, images, and I passed all this information to my to the controller using ajax, which calls the service and tao to save the user if the user is not already registered.
So far, everything is working fine for me. I used the user ID and encrypted them with salt and saved it in the database as a password (I'm not sure if this is the right way to handle this), but now my confusion is how I can authenticate the user and allow them to log in into the system.
My security.xml file
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xmlns="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <http auto-config="true" use-expressions="true" disable-url-rewriting="true"> <headers> <cache-control /> <content-type-options /> <hsts /> <frame-options /> <xss-protection /> </headers> <intercept-url pattern="/favicon.ico" access="permitAll" /> <intercept-url pattern="/login*" access="permitAll" /> <intercept-url pattern="/login/facebook-login*" access="permitAll" /> <intercept-url pattern="/validateUserCredentials*" access="permitAll" /> <intercept-url pattern="/register*" access="permitAll" /> <intercept-url pattern="/activation*" access="permitAll" /> <intercept-url pattern="/restore*" access="permitAll" /> <intercept-url pattern="/resend*" access="permitAll" /> <intercept-url pattern="/resources/**" access="permitAll" /> <intercept-url pattern="/license*" access="hasAnyRole('${role.admin}', '${role.master}')" /> <intercept-url pattern="/**" access="hasAnyRole('${role.admin}', '${role.master}', '${role.owner}', '${role.simple}')" /> <access-denied-handler error-page="/denied" /> <form-login login-page="/login" default-target-url="/logged" authentication-failure-url="/loginfailed" login-processing-url="/j_spring_security_check" /> <logout logout-success-url="/login" invalidate-session="true" delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE" /> <session-management session-fixation-protection="migrateSession"> <concurrency-control error-if-maximum-exceeded="true" max-sessions="1" expired-url="/login" /> </session-management> <remember-me token-validity-seconds="86400" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="daoAuthenticationProvider" /> </authentication-manager> <beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property name="saltSource" ref="saltSource" /> <beans:property name="passwordEncoder" ref="passwordEncoder" /> </beans:bean> <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" /> <beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource"> <beans:property name="userPropertyToUse" value="salt" /> </beans:bean> <beans:bean id="userDetailsService" name="userAuthenticationProvider" class="com.luffy.security.AuthenticationUserDetailService"> </beans:bean> </beans:beans>
Any help would be appreciated. I did everything I could to solve this problem, but I cannot find any reliable solution.
Luffy source share