0
Я пытался внедрить плагин весны grails spring-security-oauth-facebook: 0.2 и не получаю успешную аутентификацию из плагина весны. Я могу получить доступ к facebook, успешно войти в мои учетные данные, но когда facebook перенаправляет обратно на мой локальный сайт, я получаю стандартный ROLE_ANONYMOUS, назначенный и перенаправленный на страницу входа. Стандартная регистрация сайта с помощью весенней безопасности работает отлично.grails spring-security-oauth-facebook: 0.2
I'm using Grails 2.4.4
BuildConfig.groovy applicable plugins are:
compile ':spring-security-core:2.0-RC4'
compile ":spring-security-oauth:2.1.0-RC4"
compile ":spring-security-ui:1.0-RC2"
compile ':spring-security-oauth-facebook:0.2'
Config.groovy:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.myapp.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.myapp.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'com.myapp.domain.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/register/**': ['permitAll'],
'/oauth/**': ['permitAll'],
'/oauth/facebook/**': ['permitAll']
]
def appName = 'myapp'
def baseURL = grails.serverURL ?: "(myurl):${System.getProperty('server.port', '8050')}/${appName}"
oauth {
debug = true
providers {
facebook {
api = gweb.FaceBookCustomAPI
key = 'my-key'
secret = 'my-seceret'
successUri = "/oauth/facebook/success"
failureUri = "/oauth/facebook/failure"
callback = "${baseURL}/oauth/facebook/callback"
}
}
}
// Added by the Spring Security OAuth plugin:
grails.plugin.springsecurity.oauth.domainClass = 'com.myapp.domain.OAuthID'
Когда я нажимаю на ссылку facebook для входа (URL:/OAuth/facebook аутентификации redirectUrl = /?) Я получаю следующие журналы:
....matcher.AntPathRequestMatcher Request '/oauth/facebook/authenticate' matched by universal pattern '/**'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository No HttpSession currently exists
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /oauth/facebook/authenticate?redirectUrl=; Attributes: [permitAll]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.s[email protected]dc4337e: Principal: [email protected]: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
intercept.FilterSecurityInterceptor Authorization successful
intercept.FilterSecurityInterceptor RunAsManager did not change Authentication object
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= reached end of additional filter chain; proceeding with original chain
gweb.FaceBookCustomAPI AuthorizationUrl: facebook.com/dialog/oauth?client_id=123MYCLIENTID123&redirect_uri=http%3A%2F%2Flocal.myappname.com%3A8050%2Fgweb%2Foauth%2Ffacebook%2Fcallback api key: 123MYCLIENTID123 seceret: d3996df187347f9f6b8021dd223acdf5
access.ExceptionTranslationFilter Chain processed normally
context.HttpSessionSecurityContextRepository SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed
matcher.AntPathRequestMatcher Request '/oauth/facebook/callback' matched by universal pattern '/**'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository HttpSession returned null object for SPRING_SECURITY_CONTEXT
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw; Attributes: [permitAll]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.s[email protected]dc6f3f8: Principal: [email protected]: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]255f8: RemoteIpAddress: 127.0.0.1; SessionId: AE8351B5D34F45ED370ED63F6FB7C3A8; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
intercept.FilterSecurityInterceptor Authorization successful
intercept.FilterSecurityInterceptor RunAsManager did not change Authentication object
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw reached end of additional filter chain; proceeding with original chain
gweb.FaceBookCustomAPI accessTokenEndpoint: https://graph.facebook.com/oauth/access_token
access.ExceptionTranslationFilter Chain processed normally
context.HttpSessionSecurityContextRepository SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed
matcher.AntPathRequestMatcher Request '/oauth/facebook/success' matched by universal pattern '/**'
web.FilterChainProxy /oauth/facebook/success at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository HttpSession returned null object for SPRING_SECURITY_CONTEXT
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
web.FilterChainProxy /oauth/facebook/success at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /oauth/facebook/success at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/success at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /oauth/facebook/success at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/success at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/success at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /oauth/facebook/success at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /oauth/facebook/success; Attributes: [_DENY_]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.s[email protected]dc6f3f8: Principal: [email protected]: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]255f8: RemoteIpAddress: 127.0.0.1; SessionId: AE8351B5D34F45ED370ED63F6FB7C3A8; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
access.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:47)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
savedrequest.HttpSessionRequestCache DefaultSavedRequest added to Session: DefaultSavedRequest[http://local.myappname.com:8050/gweb/oauth/facebook/success]
access.ExceptionTranslationFilter Calling Authentication entry point.
web.DefaultRedirectStrategy Redirecting to 'local.myappname.com:8050/gweb/login/auth'
context.HttpSessionSecurityContextRepository SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
context. ..... this seems to repeat a couple more times...
Я в недоумении, по-видимому как если бы аутентификация Facebook работала. Я могу убить мой сеанс FB/удалить приложение из своего профиля, а когда я попробую аутентифицировать URL-адрес с моего сайта, все работает, но я всегда просто перенаправляюсь на мой экран входа с указанными выше журналами. Я пропустил часть реализации?
Поэтому, когда FB отвечает на обратный вызов, код, который обрабатывает этот вызов, должен повторно аутентифицировать пользователя. Где-то вы должны каким-то образом сохранять информацию fb и привязывать к своему пользователю. То, что я делаю, это захват FB uid, сохранить его ассоциировать с моим собственным пользователем, а затем вызвать следующее: springSecurityService.reauthenticate («некоторое имя пользователя»). У меня все мои пользователи имеют уникальное имя пользователя. – getbuckts