Facebook Connect Integration With Spring Security 3.x
While sharing this experiment with Facebook Connect with you, i assume that you already know or ready to investigate the Facebook Connect API and Spring Security. You should find a significant amount of information about Spring Security from it’s official documentation http://static.springsource.org/spring-security/site/ and Facebook Connect again its own documentation wiki http://wiki.developers.facebook.com/index.php/Facebook_Connect
So as you know the Spring’s solution for securing web applications is an implementation of core security api across the stack of a few servlet filters. Due to stateless nature of http protocol spring keeps the information of authentication and authorization requests with help of browser session cookies and make some magic behind to keep your resources secure. You should refer to the picture given to take a look at Spring Security from a bird’s eye view with the help of a UML sequence diagram published here https://twiki.auscope.org/twiki/pub/Grid/AuScopePortalSecurity/PortalAuthorisation_details.jpg. Another resource for understanding spring security is the section 5.4 in the official technical documentation http://static.springsource.org/spring-security/site/docs/3.0.x/reference/technical-overview.html#tech-intro-web-authentication.
OK, you say shut up. So let’s do some stuff.
The integration code can be obtained from http://code.google.com/p/spring-security-facebook. You should checkout code with svn scm like shown below.
~$ svn checkout http://spring-security-facebook.googlecode.com/svn/trunk/ spring-security-facebook-read-only
This is a maven project so later you enter the project directory you could type
~$PROJECT_HOME$ mvn install
After build operation completes, you should use the library in your spring project by declaring dependency in your own project’s pom file. It’s something like:
<
dependency
>
????
<
groupId
>org.springframework.security</
groupId
>
????
<
artifactId
>spring-security-facebook</
artifactId
>
????
<
version
>1.0.0-ALPHA</
version
>
</
dependency
>
And also you must also have facebook-java-api dependency in your pom file. You could find more information about this api from here http://code.google.com/p/facebook-java-api. It’s used in our library to talk with Facebook Connect Api.
<
dependency
>
????
<
groupId
>com.google.code.facebookapi</
groupId
>
????
<
artifactId
>;facebook-java-api</
artifactId
>
????
<
version
>2.1.1</
version
>
</
dependency
>
Now you’re ready to go with real stuff. Here instead of trying to tell how to use this library, i prepared a sample web application. It’s the best way IMHO that you spring users could understand how library integrates Facebook Connect Api well with the Spring Security, because it will take too much time to visit all details while showing you how to accomplish this. But for you as spring users, i can provide the minimal Spring application context file here to show that how it’s clean to configure the integration.
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<
beans
xmlns
=
"http://www.springframework.org/schema/beans"
????
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns:context
=
"http://www.springframework.org/schema/context"
????
xmlns:security
=
"http://www.springframework.org/schema/security"
????
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
???????????
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
???????????
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
?????
<
security:http
entry-point-ref
=
"authenticaionEntryPoint"
>
????????
<
security:intercept-url
pattern
=
"/static/login*/**"
access
=
"IS_AUTHENTICATED_ANONYMOUSLY"
/>
????????
<
security:intercept-url
pattern
=
"/static/secure*/**"
access
=
"ROLE_FACEBOOK_USER"
/>
????????
<
security:logout
logout-success-url
=
"/static/index.html"
/>
????????
<
security:custom-filter
before
=
"FORM_LOGIN_FILTER"
ref
=
"facebookAuthenticationFilter"
/>
????
</
security:http
>
?????
<
bean
id
=
"authenticaionEntryPoint"
class
=
"org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
>
????????
<
property
name
=
"loginFormUrl"
value
=
"/static/login.html"
/>
????
</
bean
>
?????
<
bean
id
=
"facebookAuthenticationFilter"
class
=
"org.springframework.security.facebook.FacebookAuthenticationFilter"
>
????????
<
property
name
=
"authenticationManager"
ref
=
"authenticationManager"
/>
????????
<
property
name
=
"authenticationSuccessHandler"
>
????????????
<
bean
class
=
"org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"
>
????????????????
<
property
name
=
"defaultTargetUrl"
value
=
"/static/secure.html"
/>
????????????????
<
property
name
=
"alwaysUseDefaultTargetUrl"
value
=
"true"
/>
????????????
</
bean
>
????????
</
property
>
????????
<
property
name
=
"authenticationFailureHandler"
>
????????????
<
bean
class
=
"org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
>
????????????????
<
property
name
=
"defaultFailureUrl"
value
=
"/static/login.html"
/>
????????????
</
bean
>
????????
</
property
>
????
</
bean
>
?????
<
bean
id
=
"authenticationProvider"
class
=
"org.springframework.security.facebook.FacebookAuthenticationProvider"
>
????????
<
property
name
=
"roles"
value
=
"ROLE_FACEBOOK_USER"
/>
????
</
bean
>
?????
<
bean
id
=
"facebookHelper"
class
=
"org.springframework.security.facebook.FacebookHelper"
>
????????
<
property
name
=
"apiKey"
value
=
"YOUR_API_KEY"
/>
????????
<
property
name
=
"secret"
value
=
"YOUR_SECRET"
/>
????
</
bean
>
?????
<
security:authentication-manager
alias
=
"authenticationManager"
>
????????
<
security:authentication-provider
ref
=
"authenticationProvider"
/>
????
</
security:authentication-manager
>
?</
beans
>
You can download the sample web project here: http://code.google.com/p/spring-security-facebook/downloads/detail?name=spring-security-facebook-web.zip
You can browse project details here: http://code.google.com/p/spring-security-facebook/
This is a hot new blog entry in the late night. But if anything broken, i’ ll try to fix it ASAP.
Well also if you intend to contribute to code, you’re welcome. Please contact with me.
Hope this helps.