Spring Social Facebook
I'm developing with Spring Social and Thymeleaf from the quickstart example, but I realized that it only supports one Facebook entity per controller. This means the sample cannot provide support for multiple users and I am assuming it is linked to the @Scope variable. It runs in a Spring Boot Container and I am wondering how I can configure it so that each session has its own Facebook object.
source to share
As you suggested, the Facebook object needs to be configured with a request scope. If you are using configuration support and / or Spring Boot then this will be the request scope. Therefore, although the controller is once injected by a Facebook instance, that instance is indeed a proxy that will delegate to the real FacebookTemplate instance that is created at the time of the request for the authenticated user.
I can only assume that you are referring to the example getting started guide at http://spring.io/guides/gs/accessing-facebook/ . In this case, it uses the simplest Spring Boot autoconfiguration construct possible for Spring Social, which includes a basic (but non-production) UserIdSource implementation that always returns "anonymous" as the user ID. Therefore, after creating the first connection to Facebook, the second browser tries to find the connection for "anonymous", finds it and provides an authorized Facebook object.
It may sound strange, but this is a sample application to get started ... and it does it. All you need to do to get the real UserIdSource is add Spring Security to your project. This will tell Spring Social Autoconfiguration to configure a UserIdSource that fetches the current user id from the security context. This reflects more real-world use of Spring Social, although obviously more involved and beyond the scope of the getting started guide.
But you can look at https://github.com/spring-projects/spring-social-samples/tree/master/spring-social-showcase-boot for a more complete Spring Social example in Spring Boot.
source to share
Spring Boot autoconfigures a lot of things behind the scenes. It automatically configures Facebook, LinkedIn and Twitter properties and sets up connection factories for social providers.
However, the UserIdSource implementation always returns "anonymous" as the user ID. Once the first connection to Facebook is established, the second browser will try to find the connection for "anonymous" it finds, and will present you with an authorized Facebook object.
@Configuration
@EnableSocial
@ConditionalOnWebApplication
@ConditionalOnMissingClass("org.springframework.security.core.context.SecurityContextHolder")
protected static class AnonymousUserIdSourceConfig extends SocialConfigurerAdapter {
@Override
public UserIdSource getUserIdSource() {
return new UserIdSource() {
@Override
public String getUserId() {
return "anonymous";
}
};
}
}
Decision
The solution is to override "anonymous" as UserId for every new user / session. So for each session, we can simply return the SessionID, however it may not be unique enough to identify users, especially if it is cached or stored somewhere in the connection database.
@Override
public String getUserId() {
RequestAttributes request = RequestContextHolder.currentRequestAttributes();
String uuid = (String) request.getAttribute("_socialUserUUID", RequestAttributes.SCOPE_SESSION);
if (uuid == null) {
uuid = UUID.randomUUID().toString();
request.setAttribute("_socialUserUUID", uuid, RequestAttributes.SCOPE_SESSION);
}
return uuid;
}
The solution to the problem above is described in detail here
source to share