Spring Security Chain 和 Facebook 使用 Spring Social
我必须为一个大型网络项目登录 Facebook,但我陷入了困境。 我们使用带有 Java 1.6 和 Spring 的 Eclipse IDE。进一步我们使用 Spring-Security 进行验证。 我找到了 Spring Social 以及 Spring Social Facebook。 目前的登录渠道为: 用户可以输入他的凭据并通过登录按钮登录,或者按 Facebook 按钮。之后,他将被重定向到 facebookAuthenticationFilter,该过滤器检查他是否按下了 facebook 按钮。如果他这样做了,facebookAuthenticationFilter 将生成到 Facebook 登录的重定向。看起来像这样:
FacebookConnectionFactory connectionFactory = new FacebookConnectionFactory(APP_ID, APP_SECRET);
OAuth2Operations oauthOperations = connectionFactory.getOAuthOperations();
OAuth2Parameters params = new OAuth2Parameters();
params.setRedirectUri(REDIRECT_URI);
params.setScope("user_about_me,user_birthday,user_likes,user_status");
String authorizeUrl = oauthOperations.buildAuthorizeUrl(GrantType.AUTHORIZATION_CODE, params);
response.sendRedirect(authorizeUrl);
之后,我们查找“code”参数,并在过滤器中收到该参数后,我们
String authURL = "https://graph.facebook.com/oauth/access_token?client_id="
+ APP_ID
+ "&redirect_uri="
+ REDIRECT_URI
+ "&client_secret="
+ APP_SECRET + "&code=" + code;
// Facebook.getAuthURL(code);
URL url = new URL(authURL);
String result = readURL(url);
String authorizationCode = null;
Integer expires = null;
String[] pairs = result.split("&");
for (String pair : pairs) {
String[] kv = pair.split("=");
if (kv.length != 2) {
logger.error("Unexpected auth response");
} else {
if (kv[0].equals("access_token")) {
authorizationCode = kv[1];
}
if (kv[0].equals("expires")) {
expires = Integer.valueOf(kv[1]);
}
} // if-else kv.length!=2
} // for
// upon receiving the callback from the provider:
AccessGrant accessGrant = null;
try {
FacebookConnectionFactory connectionFactory = new FacebookConnectionFactory(APP_ID, APP_SECRET);
OAuth2Operations oauthOperations = connectionFactory.getOAuthOperations();
// nächstes produziert einen Fehler: 400 - BAD REQUEST
accessGrant = oauthOperations.exchangeForAccess(authorizationCode,REDIRECT_URI, null);
Connection<Facebook> connection = connectionFactory.createConnection(accessGrant);
Facebook facebook = connection.getApi();
在标记行上从服务器收到错误请求。不知道为什么。 尤其是参数“code”的解析部分感觉很恶心,看起来不太好。难道没有更好的方法吗?
提前感谢您的帮助。
I have to do an facebook login for a big web project and I am stuck.
We are using the Eclipse IDE with Java 1.6 and Spring. Further we use Spring-Security for verification.
I have found Spring Social and with it Spring Social Facebook.
The current outlet for sign in is:
User can enter his credentials and log in via log in button or he presses the facebook button. After that he will be redirected to the facebookAuthenticationFilter, which checks if he pressed the facebook button or not. If he did, the facebookAuthenticationFilter will generate redirect to the Facebook Login. That looks like this:
FacebookConnectionFactory connectionFactory = new FacebookConnectionFactory(APP_ID, APP_SECRET);
OAuth2Operations oauthOperations = connectionFactory.getOAuthOperations();
OAuth2Parameters params = new OAuth2Parameters();
params.setRedirectUri(REDIRECT_URI);
params.setScope("user_about_me,user_birthday,user_likes,user_status");
String authorizeUrl = oauthOperations.buildAuthorizeUrl(GrantType.AUTHORIZATION_CODE, params);
response.sendRedirect(authorizeUrl);
After that we look for the "code" Parameter and upon receiving that in the Filter we do
String authURL = "https://graph.facebook.com/oauth/access_token?client_id="
+ APP_ID
+ "&redirect_uri="
+ REDIRECT_URI
+ "&client_secret="
+ APP_SECRET + "&code=" + code;
// Facebook.getAuthURL(code);
URL url = new URL(authURL);
String result = readURL(url);
String authorizationCode = null;
Integer expires = null;
String[] pairs = result.split("&");
for (String pair : pairs) {
String[] kv = pair.split("=");
if (kv.length != 2) {
logger.error("Unexpected auth response");
} else {
if (kv[0].equals("access_token")) {
authorizationCode = kv[1];
}
if (kv[0].equals("expires")) {
expires = Integer.valueOf(kv[1]);
}
} // if-else kv.length!=2
} // for
// upon receiving the callback from the provider:
AccessGrant accessGrant = null;
try {
FacebookConnectionFactory connectionFactory = new FacebookConnectionFactory(APP_ID, APP_SECRET);
OAuth2Operations oauthOperations = connectionFactory.getOAuthOperations();
// nächstes produziert einen Fehler: 400 - BAD REQUEST
accessGrant = oauthOperations.exchangeForAccess(authorizationCode,REDIRECT_URI, null);
Connection<Facebook> connection = connectionFactory.createConnection(accessGrant);
Facebook facebook = connection.getApi();
On the marked line we get an Bad Request from the server. Don't know why.
And especially the part with the parsing of the parameter "code" feels icky and doesn't look good. Isn't there a better way to do that?
Thanks for your help in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您应该使用传递给回调 URL 的代码来获取 accessGrant,而不是调用 authUrl,如下所示:
通过该 accessGrant,您应该能够像您已经做的那样建立连接。
Instead of calling the authUrl, you should use the code that is passed to the callback URL to get an accessGrant, like this:
With that accessGrant you should be able the make the connection ilke you do already.