SEC-2204: Problems with the spring security annotation config social sample #2431

spring-issuemaster opened this Issue Jul 15, 2013 · 2 comments

2 participants


Adam Aytul (Migrated from SEC-2204) said:

As per Craig's request, creating this ticket. This is related to the problems detailed in this forum post.

Those are namely;
1- Small configuration problem with logout. Logout doesn't work without logoutSuccessUrl.
2- UserIdSource needs to return AuthenticationUserIdExtractor otherwise userId passed in is null.
3- registerAuthentication is missing socialAuthenticationProvider. Must be registered otherwise gives "No AuthenticationProvider found". Detailed in forum post.
4- Minor, "accessToken" column on userConnection table didn't fit for FB response data I had to expand it to 384 chars.
5- Last but not least I see null value for userDetailsService which is passed into SocialUserDetailsService, so second time around trying to login with Face book throws NPE.

Caveat: I have a muti-module project so I shuffled things around in between service and config and web modules. If you believe some of the items above are working fine, it could be my mistake, please disregard those.

Thanks for all your hard work on security annotation config.


Rob Winch said:

Thank you for your feedback. All of the feedback appears to have been relevant. The samples don't yet exist in Spring Security's codebase so I have pushed fixes to the spring-security-javaconfig modules project. You can find the commit here spring-projects/spring-security-javaconfig@d2949f7 Thanks again for taking the time to create a JIRA.


Adam Aytul said:

Thanks for the quick turnaround, seems all problems fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment