Login/Register
How to allow anonymous twitter connections in an MVC configuration
Asked Answered
Solved javaspring-mvcspring-socialspring-social-twitter
D

1

0

Using - spring-social 1.1.4 - spring-social-twitter 1.1.2 - spring-mvc-4.2 - on tomcat 7

Below is my tomcat config for my MVC Application including twitter set up and usersConnectionRepository.

This is all working fine for the logged in MVC user.

The problem for me arises when I want to allow clients to tweet from a public link available to non MVC authenticated users. (#{request.userPrincipal.name} will be null)

I have looked through many examples. Most examples use old 1.0.0 spring-social. I noticed that the new 1.1.2 version of spring-social-twitter Does not have a zero argument Twitter() constructor, which is in some examples is shown to be a way to work without the connectionRepository.

I am looking for a way to configure or code an option to allow both user logged in to my app and anonymous users to use some options on my site.

In the configuration below an anonymous user being redirected to connect/twitter will result in a problem getting a connetionRepository. usersConnectionRepository must have a "#{request.userPrincipal.name}" because my connectController relies on this.

I am thinking maybe I need a custom connect controller... There must be a correct approach to this.

Any suggestions welcome.

my web.xml 

    <listener>
  <listener-class>
          org.springframework.web.util.Log4jConfigListener
      </listener-class>
</listener>


<display-name>Central Portal</display-name>

<context-param>  
    <param-name>spring.profiles.active</param-name>  
    <param-value>dev</param-value>  
</context-param>  
<context-param>  
    <param-name>spring.profiles.default</param-name>  
    <param-value>dev</param-value>  
</context-param>
<context-param>  
    <param-name>spring.liveBeansView.mbeanDomain</param-name>  
    <param-value>dev</param-value>  
</context-param> 

<!-- Spring MVC -->
<servlet> 
    <servlet-name>mvc-dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<error-page>
    <error-code>500</error-code>
    <location>/WEB-INF//pages/error.jsp</location>
</error-page>

<error-page>
    <error-code>404</error-code>
    <location>/WEB-INF/pages/error.jsp</location>
</error-page>

<error-page>
    <location>/WEB-INF/pages/error.jsp</location>
</error-page>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml,
        /WEB-INF/spring-database.xml   
    </param-value>
</context-param> 



<!-- Enable POST  --> 
<filter>
    <filter-name>hiddenHttpMethodFilter</filter-name>
    <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>hiddenHttpMethodFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Concurrency listener -->
<listener>
    <listener-class>
        org.springframework.security.web.session.HttpSessionEventPublisher
    </listener-class>
</listener>

one bit of java config enter image description here

mvc-dispatcher-servlet.xml

<context:component-scan base-package="org.schoolit.usermanager.config" /> 

<!-- component-scan / controllers -->
<context:component-scan base-package="org.schoolit.webapplication.*" />
<context:component-scan base-package="org.schoolit.spring.social.*"/>

<!-- property-placeholder's  -->
<context:property-placeholder location="classpath:oauth.properties"/>

<!-- resource mapping  -->
<mvc:resources mapping="/gen/**" location="/WEB-INF/gen/" cache-period="31556926"/>
<mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" cache-period="31556926"/>

<!-- JSP ViewResolver -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix">
        <value>/pages/</value>
    </property>
    <property name="suffix">
        <value>.jsp</value>
    </property>
</bean>

<!-- twitter stuff start --> 
<bean id="handlerExceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
    <property name="exceptionMappings">
        <props>
            <prop key="Exception">error</prop>
        </props>
    </property>
</bean> 

 <bean id="twitterTemplate" 
    class="org.springframework.social.twitter.api.impl.TwitterTemplate">
    <constructor-arg value="${twitter.oauth.consumerKey}"/>
    <constructor-arg value="${twitter.oauth.consumerSecret}"/>
<!--<constructor-arg value="${twitter.oauth.accessToken}"/>
    <constructor-arg value="${twitter.oauth.accessTokenSecret}"/>   --> 
</bean> 



<bean id="connectionFactoryLocator" class="org.springframework.social.connect.support.ConnectionFactoryRegistry">
    <property name="connectionFactories">
        <list>
            <bean class="org.springframework.social.twitter.connect.TwitterConnectionFactory">
                <constructor-arg value="${twitter.oauth.consumerKey}" />
                <constructor-arg value="${twitter.oauth.consumerSecret}" />          
            </bean>
        </list>
    </property>
</bean>  


<bean id="connectionRepository" factory-method="createConnectionRepository" factory-bean="usersConnectionRepository" scope="request">
    <constructor-arg value="#{request.userPrincipal.name}" />
    <aop:scoped-proxy proxy-target-class="true" />
</bean>

<bean id="usersConnectionRepository" 
      class="org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository">
    <constructor-arg ref="dataSource" />
    <constructor-arg ref="connectionFactoryLocator" />
    <constructor-arg ref="textEncryptor" />
</bean>

<bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors" 
            factory-method="noOpText" />

 <bean id="connectController" class="org.springframework.social.connect.web.ConnectController">
    <constructor-arg ref="connectionFactoryLocator"/>
    <constructor-arg ref="connectionRepository"/>
    <property name="applicationUrl" value="http://localhost:8080/CentralPortal/" />
    <property name="connectInterceptors">
            <list> 
                <bean class="org.schoolit.spring.social.TweetAfterConnectInterceptor"/>
            </list>
    </property> 
</bean>

spring-database.xml

    <!-- App's dataSource used by jdbcTemplate,jdbc-user-service and connectController -->
<bean id="dataSource"
    class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <property name="url" value="jdbc:mysql://localhost:3306/spring_me" />
    <property name="username" value="root" />
    <property name="password" value="<mypassword>" />
</bean>

<!-- jdbcTemplate used in usermanager bit only for now. --> 
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
    <constructor-arg ref="dataSource" /> 
</bean>

spring-security.xml 

  <!-- enable use-expressions -->
<http auto-config="true" use-expressions="true"> 

    <!-- Set up rolefilter's for requestmapping's -->
    <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/usermanager**" access="hasRole('ROLE_ADMIN')" />  
    <intercept-url pattern="/users**" access="hasRole('ROLE_ADMIN')" />


    <!-- access denied page --> 
    <access-denied-handler error-page="/403" /> 
    <!-- loginform-setup Spring Security -->
    <form-login 
        login-page="/login" 
        default-target-url="/home" 
        login-processing-url="/j_spring_security_check"
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" /> 
    <logout logout-success-url="/login?logout"  />

    <!-- enable csrf protection default is enabled from 4.0 spring 
    <csrf /> <csrf disabled="true"/>  -->
     <csrf request-matcher-ref="connect/*" disabled="true"/>

    <!-- Prevent Clickjacking iframe's  --> 
    <headers>
        <frame-options policy="SAMEORIGIN"/> 
    </headers>  
    <!-- One login per username should be one set to 5 for testing-->
    <session-management>
        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/login?error"   /> 
    </session-management>
</http>

<!-- Select users and user_roles from database -->
<authentication-manager>
    <authentication-provider>
    <password-encoder ref="encoder" />
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="select username,password, enabled from users where username=?"
            authorities-by-username-query="select username, role from user_roles where username =?  " />
    </authentication-provider>
</authentication-manager>

<!-- encoder bean. Used for password encryption -->
<beans:bean id="encoder" 
    class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <beans:constructor-arg name="strength" value="11" />
</beans:bean>
Degrading answered 11/1, 2016 at 17:48 Comment(0)
S
2

I see that you have twitterTemplate bean configured, if you are able to use it in the application you won't need to do anything else.

Use TwitterTemplate instead of Twitter. TwitterTemplate implements Twitter interface, so all methods are available.

Examples:

//1. Search Twitter
SearchResults results = twitterTemplate.searchOperations().search("#WinterIsComing");
List<Tweet> tweets = results.getTweets();
int i =0;
for (Tweet tweet : tweets) {
    System.out.println(tweet.getUser().getName() + " Tweeted : "+tweet.getText() + " from " + tweet.getUser().getLocation() 
            + " @ " + tweet.getCreatedAt() + tweet.getUser().getLocation()  );
}

//2. Search Place by GeoLocation        
RestTemplate restTemplate = twitterTemplate.getRestTemplate();
GeoTemplate geoTemplate = new GeoTemplate(restTemplate, true, true);
List<Place> place = geoTemplate.search(37.423021, -122.083739);
for (Place p : place) {
    System.out.println(p.getName() + " " + p.getCountry() + " "+p.getId());
}           

//3. Get Twitter UserProfile
TwitterProfile userProfile = twitterTemplate.userOperations().getUserProfile();
System.out.println(userProfile.getName()+" has " +userProfile.getFriendsCount() + " friends");

Using TwitterTemplate, users don't need to login. Hope this helps!

Structural answered 23/1, 2016 at 19:44 Comment(4)
thanks. I will try to have a go at using this example. I must say when I posted this I had less understanding of the whole spring-social thing. Must say it's poorly documented. Especially the newer version.Degrading
Yup, I agree. I was also trying to allow anonymous access, but took me long enough to realize how it works coz of lack of proper documentation.Structural
I think the problem starts on the Spring.io website. Those examples all relies on springboot autoconfig. Which you will never see or understand if you just follow the example. I am pretty disappointed with that.Degrading
Yaa, but once you understand Spring Boot and its auto configuration you'll find it amazing. PS: Still learning Java Config n Spring boot.Structural

© 2022 - 2024 — McMap. All rights reserved.