Search code examples
javaoauthoauth-2.0socialauth

JavaEE + socialauth library, what to store after login

I am using the socialauth library following this tutorial: https://github.com/3pillarlabs/socialauth/wiki/Getting-Started-with-implementing-SocialAuth

Everything works find, I just do not understand where/what to store after the end of step 3. I mean I do not want to force the user to login every click. I tried to figure this out from the examples but I could not ....

Here is what I have:

@WebServlet("/success")
public class AfterOAuth extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        try {
            // get the auth provider manager from session
            SocialAuthManager manager = (SocialAuthManager) req.getSession().getAttribute("authManager");

            // call connect method of manager which returns the provider object.
            // Pass request parameter map while calling connect method.
            Map<String, String> paramsMap = SocialAuthUtil.getRequestParametersMap(req);
            AuthProvider provider = manager.connect(paramsMap);

            // get profile
            Profile p = provider.getUserProfile();

            // you can obtain profile information
            resp.getOutputStream().print(p.getFirstName());

            // OK, everything is fine by now what should I store in my Session?
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }
}
Solution

  • Ok, I found a solution by using the provided CDI Class and overwrote simply the init() and servlet sections to so:

    package com.test.oauth;

import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import java.util.Properties;

import javax.enterprise.context.SessionScoped;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import config.KicEngineRootRessourceLoader;
import org.apache.log4j.Logger;
import org.brickred.socialauth.AuthProvider;
import org.brickred.socialauth.AuthProviderFactory;
import org.brickred.socialauth.Contact;
import org.brickred.socialauth.Profile;
import org.brickred.socialauth.SocialAuthConfig;
import org.brickred.socialauth.SocialAuthManager;
import org.brickred.socialauth.util.SocialAuthUtil;

/**
 * Created by kic on 19.02.15.
 */
@Named("socialauth")
@SessionScoped
public class SocialAuth implements Serializable {
    /**
     * Serial version UID generated by Eclipse
     */
    private static final long serialVersionUID = 1789108831048043099L;


    private static final Logger log = Logger.getLogger( SocialAuth.class);

    private String id;
    private Profile profile;
    private AuthProvider provider;
    private String status;
    private String viewUrl;


    private SocialAuthManager manager;
    private SocialAuthConfig config;


    public void init() {
        id = null;
        provider = null;
        config = new SocialAuthConfig().getDefault();
        try {
            Properties oauth = new Properties();
            KicEngineRootRessourceLoader.loadProperties(oauth, "oauth_consumer");
            config.load(oauth);

            manager = new SocialAuthManager();
            manager.setSocialAuthConfig(config);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public SocialAuth() {
        init();
    }

    public String getId() {
        return id;
    }

    /**
     * Sets the authentication provider. It is mandatory to do this before
     * calling login
     *
     * @param id
     *            Can either have values facebook, foursquare, google, hotmail,
     *            linkedin, myspace, twitter, yahoo OR an OpenID URL
     */

    public void setId(final String id) {
        this.id = id;
    }

    /**
     * Sets the view URL to which the user will be redirected after
     * authentication
     *
     * @param viewUrl
     *            Relative URL of the view, for example "/openid.xhtml"
     */
    public void setViewUrl(final String viewUrl) {
        this.viewUrl = viewUrl;
    }

    /**
     * Gets the relative URL of the view to which user will be redirected after
     * authentication
     *
     * @return relative URL of the view
     */
    public String getViewUrl() {
        return viewUrl;
    }

    /**
     * This is the most important action. It redirects the browser to an
     * appropriate URL which will be used for authentication with the provider
     * you set using setId()
     *
     * @throws Exception
     */
    public void login(HttpServletRequest req, HttpServletResponse resp) throws Exception {
        //String url = manager.getAuthenticationUrl(req.getParameter("provider"), successUrl);
        String returnToUrl = viewUrl;
        String url = manager.getAuthenticationUrl(id, returnToUrl);

        // Store in session
        req.getSession().setAttribute("authManager", manager);

        // redirect
        log.info("Redirecting to:" + url);
        resp.sendRedirect(url);
    }

    /**
     * Verifies the user when the external provider redirects back to our
     * application
     *
     * @throws Exception
     */
    public void connect(HttpServletRequest request) throws Exception {
        provider = manager.connect(SocialAuthUtil.getRequestParametersMap(request));
        profile= provider.getUserProfile();
    }

    /**
     * Reinitializes the bean
     */
    public void logout() {
        init();
    }


    /**
     * Returns the Profile information for the user. Should be called only after
     * loginImmediately()
     *
     * @return Profile of the user
     */
    public Profile getProfile() {
        return profile;
    }

    /**
     * Status of the user to be updated on a provider like Facebook or Twitter.
     * Remember this will not give us the current status of the user
     *
     * @return status message to be updated
     */
    public String getStatus() {
        return status;
    }

    /**
     * Status of the user to be updated on a provider like Facebook or Twitter.
     * To actually update the status, call updateStatus action.
     *
     * @param status
     */
    public void setStatus(final String status) {
        this.status = status;
    }

    /**
     * Updates the status on the given provider. Exception will be thrown if the
     * provider does not provide this facility
     */
    public void updateStatus() throws Exception {
        provider.updateStatus(status);
    }

    /**
     * Gets the list of contacts available from the provider. This may be used
     * to import contacts of any user in your web application from your chosen
     * provider like Gmail, Yahoo or Hotmail
     *
     * @return list of contacts
     */
    public List<Contact> getContactList() throws Exception {
        return provider.getContactList();
    }
    /**
     * Retrieves the user profile from the provider.
     *
     * @return Profile object containing the profile information.
     * @throws Exception
     */
    public Profile getUserProfile() throws Exception {
        return provider.getUserProfile();
    }
}

    Now I simply can use @Inject SocialAuth wherever needed.