Spring Social and Spring Security Using XML Configuration
I am trying to inject Spring Social into an outgoing web application which is Spring Security. An existing web application uses XML configuration, for example:
<security:http
disable-url-rewriting="true"
use-expressions="true"
xmlns="http://www.springframework.org/schema/security">
...
<intercept-url
pattern="/w/configuration/**"
access="hasRole ('ROLE_ADMIN')"/>
...
<form-login
login-page="/w/welcome"
authentication-success-handler-ref="authSuccessHandler"
authentication-failure-handler-ref="authFailureHandler"/>
<logout logout-success-url="/w/welcome"/>
</security:http>
How do I add SpringSocialConfigurer () to the config? All documentation on Spring Social uses Java configuration that I want to avoid, like this:
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.formLogin()
.loginPage("/signin")
.loginProcessingUrl("/signin/authenticate")
.failureUrl("/signin?param.error=bad_credentials")
.and()
.logout()
.logoutUrl("/signout")
.deleteCookies("JSESSIONID")
.and()
.apply(new SpringSocialConfigurer());
}
What is the XML equivalent of apply () method?
source to share
After spending some time looking through the code for the SpringSocialConfigurer, here's a somewhat equivalent XML configuration for what it does:
<security:http
disable-url-rewriting="true"
use-expressions="true"
xmlns="http://www.springframework.org/schema/security">
...
<intercept-url
pattern="/w/configuration/**"
access="hasRole ('ROLE_ADMIN')"/>
...
<form-login
login-page="/w/welcome"
authentication-success-handler-ref="authSuccessHandler"
authentication-failure-handler-ref="authFailureHandler"/>
<logout logout-success-url="/w/welcome"/>
<!-- Add a custom filter to handle Social media logins -->
<custom-filter before="PRE_AUTH_FILTER" ref="socialAuthFilter"/>
</security:http>
<security:authentication-manager
id="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<!-- Social Media sites as authentication provider -->
<authentication-provider ref="socialAuthProvider"/>
</security:authentication-manager>
<!--
Define the framework required for using Social Media sites
as Authentication Providers.
-->
<bean id="connectionFactoryLocator"
class="org.springframework.social.security.SocialAuthenticationServiceRegistry">
<property name="connectionFactories">
<list>
<bean class="org.springframework.social.facebook.connect.FacebookConnectionFactory">
<constructor-arg value="${social.facebook.appId}" />
<constructor-arg value="${social.facebook.appSecret}" />
</bean>
</list>
</property>
</bean>
<bean id="socialUsersConxRepo"
class="org.springframework.social.connect.mem.InMemoryUsersConnectionRepository">
<constructor-arg ref="connectionFactoryLocator"/>
</bean>
<bean id="socialUserIdSource"
class="org.springframework.social.security.AuthenticationNameUserIdSource"/>
<bean id="socialAuthFilter"
class="org.springframework.social.security.SocialAuthenticationFilter">
<constructor-arg ref="authenticationManager"/>
<constructor-arg ref="socialUserIdSource"/>
<constructor-arg ref="socialUsersConxRepo"/>
<constructor-arg ref="connectionFactoryLocator"/>
</bean>
<bean id="socialAuthProvider"
class="org.springframework.social.security.SocialAuthenticationProvider">
<constructor-arg ref="socialUsersConxRepo"/>
<!-- application defined @Service -->
<constructor-arg ref="socialGamerManager"/>
</bean>
The application programmer is expected to write his own "socialGamerManager" bean that he should implement org.springframework.social.security.SocialUserDetailsService
. The "SocialUsersConxRepo" bean can be changed to use the JDBC implementation.
source to share