Using - spring-social 1.1.4 - spring-social-twitter 1.1.2 - spring-mvc-4.2 - on tomcat 7
Below is my tomcat config for my MVC Application including twitter set up and usersConnectionRepository.
This is all working fine for the logged in MVC user.
The problem for me arises when I want to allow clients to tweet from a public link available to non MVC authenticated users. (#{request.userPrincipal.name} will be null)
I have looked through many examples. Most examples use old 1.0.0 spring-social. I noticed that the new 1.1.2 version of spring-social-twitter Does not have a zero argument Twitter() constructor, which is in some examples is shown to be a way to work without the connectionRepository.
I am looking for a way to configure or code an option to allow both user logged in to my app and anonymous users to use some options on my site.
In the configuration below an anonymous user being redirected to connect/twitter will result in a problem getting a connetionRepository. usersConnectionRepository must have a "#{request.userPrincipal.name}" because my connectController relies on this.
I am thinking maybe I need a custom connect controller... There must be a correct approach to this.
Any suggestions welcome.
my web.xml
<listener>
<listener-class>
org.springframework.web.util.Log4jConfigListener
</listener-class>
</listener>
<display-name>Central Portal</display-name>
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>dev</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>dev</param-value>
</context-param>
<context-param>
<param-name>spring.liveBeansView.mbeanDomain</param-name>
<param-value>dev</param-value>
</context-param>
<!-- Spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF//pages/error.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/pages/error.jsp</location>
</error-page>
<error-page>
<location>/WEB-INF/pages/error.jsp</location>
</error-page>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml,
/WEB-INF/spring-database.xml
</param-value>
</context-param>
<!-- Enable POST -->
<filter>
<filter-name>hiddenHttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>hiddenHttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Concurrency listener -->
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
one bit of java config
mvc-dispatcher-servlet.xml
<context:component-scan base-package="org.schoolit.usermanager.config" />
<!-- component-scan / controllers -->
<context:component-scan base-package="org.schoolit.webapplication.*" />
<context:component-scan base-package="org.schoolit.spring.social.*"/>
<!-- property-placeholder's -->
<context:property-placeholder location="classpath:oauth.properties"/>
<!-- resource mapping -->
<mvc:resources mapping="/gen/**" location="/WEB-INF/gen/" cache-period="31556926"/>
<mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" cache-period="31556926"/>
<!-- JSP ViewResolver -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<!-- twitter stuff start -->
<bean id="handlerExceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<prop key="Exception">error</prop>
</props>
</property>
</bean>
<bean id="twitterTemplate"
class="org.springframework.social.twitter.api.impl.TwitterTemplate">
<constructor-arg value="${twitter.oauth.consumerKey}"/>
<constructor-arg value="${twitter.oauth.consumerSecret}"/>
<!--<constructor-arg value="${twitter.oauth.accessToken}"/>
<constructor-arg value="${twitter.oauth.accessTokenSecret}"/> -->
</bean>
<bean id="connectionFactoryLocator" class="org.springframework.social.connect.support.ConnectionFactoryRegistry">
<property name="connectionFactories">
<list>
<bean class="org.springframework.social.twitter.connect.TwitterConnectionFactory">
<constructor-arg value="${twitter.oauth.consumerKey}" />
<constructor-arg value="${twitter.oauth.consumerSecret}" />
</bean>
</list>
</property>
</bean>
<bean id="connectionRepository" factory-method="createConnectionRepository" factory-bean="usersConnectionRepository" scope="request">
<constructor-arg value="#{request.userPrincipal.name}" />
<aop:scoped-proxy proxy-target-class="true" />
</bean>
<bean id="usersConnectionRepository"
class="org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository">
<constructor-arg ref="dataSource" />
<constructor-arg ref="connectionFactoryLocator" />
<constructor-arg ref="textEncryptor" />
</bean>
<bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors"
factory-method="noOpText" />
<bean id="connectController" class="org.springframework.social.connect.web.ConnectController">
<constructor-arg ref="connectionFactoryLocator"/>
<constructor-arg ref="connectionRepository"/>
<property name="applicationUrl" value="http://localhost:8080/CentralPortal/" />
<property name="connectInterceptors">
<list>
<bean class="org.schoolit.spring.social.TweetAfterConnectInterceptor"/>
</list>
</property>
</bean>
spring-database.xml
<!-- App's dataSource used by jdbcTemplate,jdbc-user-service and connectController -->
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/spring_me" />
<property name="username" value="root" />
<property name="password" value="<mypassword>" />
</bean>
<!-- jdbcTemplate used in usermanager bit only for now. -->
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<constructor-arg ref="dataSource" />
</bean>
spring-security.xml
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<!-- Set up rolefilter's for requestmapping's -->
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/usermanager**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/users**" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<!-- loginform-setup Spring Security -->
<form-login
login-page="/login"
default-target-url="/home"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection default is enabled from 4.0 spring
<csrf /> <csrf disabled="true"/> -->
<csrf request-matcher-ref="connect/*" disabled="true"/>
<!-- Prevent Clickjacking iframe's -->
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<!-- One login per username should be one set to 5 for testing-->
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/login?error" />
</session-management>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from users where username=?"
authorities-by-username-query="select username, role from user_roles where username =? " />
</authentication-provider>
</authentication-manager>
<!-- encoder bean. Used for password encryption -->
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>