splix / grails-spring-security-facebook Goto Github PK

Hi!
I need to give the appUser different roles depending on wich facebook connect button he clicked.

For example:
If he clicked on "Register as Organizer"-page on the connect button, he gets the organizer role, after he was successfully authorised. If he clicked on "Register as Affiliate"-page on the connect button, he gets the affiliate role.

Is it possible to implement this use-case? Or is there a possibility to configure different return urls for each button, so i could give the user the correct roles depending wich return url was visited?

In server-side authentication (via OAuth Dialog) now, it seems that spring-security-facebook allways redirects on '/' after its '/j_spring_security_facebook_check' callback. It will be cool to have this url be configurable.

Example simlpe scenario:

We have site with 3 pages - index, help, about. Each page has fb login button. Press fb login on any page -> OAuth Dialog opens. Press "go to App".
expexted result - redirect on page, where fb login was pressed
actual result - redirect on /

target url confuguration can be done like attribute in facebookAuth:connect tag.

In DefaultFacebookAuthDao.groovy, line 258-259, it checks for existence of 'accessTokenExpires' field in the FacebookUser domain. If it does, then its value is overwritten with token.accessToken?.expireAt, even if value is null. this would cause the updateToken to fail.

Suggest to check if token.accessToken?.expireAt is not null before replacing value.

When accessToken expires (about 2h after login) it is not updated. If Spring Social Facebook is installed, ExpiredAuthorizationException is thrown.

had a problem following the instructions and sample application
after implementing FacebookAuthService got errors and after debug find out that the problem was
accessing the Spring security user from the FacebookUser
adding the lazy = false to the FacebookUser solve the problem

class FacebookUser implements FacebookUserDomain {

long uid
String accessToken

static belongsTo = [user: User]

static constraints = {
    uid unique: true
}
static mapping = {
    user lazy: false;
}

FYI

Meni

I've test these two scenario:

1. login using fb connect (with "redirect" method)
2. login with normal user account (using chrome browser Incognito mode)

after tomcat restart

the normal login account still alive,
but fb account need to re-login to get access.

is there any configuration for this?

If I create a simple application with both the spring-security-facebook plugin and the function-test plugin, I get this error:

Message: Error creating bean with name 'facebookAuthProvider': Cannot resolve reference to bean 'facebookAuthDao' while setting bean property 'facebookAuthDao'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'facebookAuthDao' is defined

The tests work when running just functional (grails test-app functional:), but not when running all tests (grails test-app)

Here are the steps to re-create it:

Create the application

1. grails create-app bug-report
2. cd bug-report

Install functional-test plugin

1. grails install-plugin functional-test

Install spring-security-core plugin

1. grails install-plugin spring-security-core
2. grails s2-quickstart test SecUser SecRole

Install spring-security-facebook plugin

1. grails install-plugin spring-security-facebook
2. grails s2-init-facebook
   • N (no FacebookUser domain)
   • FacebookUser (domain class name)
   • 12345678900000 (app id)
   • 76c2279743c99da3715e3d00f29a1234 (app secret)

Test the application

1. grails test-app

The entire stack is:

Configuring Spring Security Core ...
... finished configuring Spring Security Core
Configuring Spring Security Facebook ...
| Error 2012-12-14 09:29:38,977 [localhost-startStop-1] ERROR [localhost].[/bug-report]  - Exception sending context initialized event to listener instance of class org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener
Message: Error creating bean with name 'facebookAuthProvider': Cannot resolve reference to bean 'facebookAuthDao' while setting bean property 'facebookAuthDao'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'facebookAuthDao' is defined
   Line | Method
->> 303 | innerRun in java.util.concurrent.FutureTask$Sync
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|   138 | run      in java.util.concurrent.FutureTask
|   886 | runTask  in java.util.concurrent.ThreadPoolExecutor$Worker
|   908 | run      in     ''
^   680 | run . .  in java.lang.Thread

Caused by NoSuchBeanDefinitionException: No bean named 'facebookAuthDao' is defined
->> 303 | innerRun in java.util.concurrent.FutureTask$Sync
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|   138 | run      in java.util.concurrent.FutureTask
|   886 | runTask  in java.util.concurrent.ThreadPoolExecutor$Worker
|   908 | run      in     ''
^   680 | run . .  in java.lang.Thread
| Error 2012-12-14 09:29:38,999 [localhost-startStop-1] ERROR core.StandardContext  - Error listenerStart
| Error 2012-12-14 09:29:39,002 [localhost-startStop-1] ERROR core.StandardContext  - Context [/bug-report] startup failed due to previous errors
| Server running. Browse to http://localhost:8080/bug-report
| Tests FAILED  - view reports in /Users/matt/Dev/Projects/bug-report/target/test-reports
| Error Error executing script TestApp: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'mimeTypes': Instantiation of bean failed; nested exception is java.lang.IllegalStateException: BeanFactory not initialized or already closed - call 'refresh' before accessing beans via the ApplicationContext (Use --stacktrace to see the full trace)

I have a stock Grails 2.0.x app and installed spring-security-core and spring-security-facebook.
My index.gsp contains:

<sec:ifNotLoggedIn>
        <facebookAuth:connect permissions="email,user_about_me,friends_about_me"/>
</sec:ifNotLoggedIn>

This used to work fine until about last month.

Now, I see the following dialogs in the Facebook pop-up:

1. The login (email, password, 'Keep me logged in') . I enter credentials.
2. The 'Name New Device'. I click 'Don't save'.
3. An error dialog with the message: "An error may have occurred as part of the login process. You can close this window and try returning to the application, though it may ask you to login again. This is likely due to a bug in the application."

As far as I know I'm running a stock grails app and stock Facebook app settings.

I see that Facebook made some changes on July 5. Could this have anything to do with it?

I've upgrade to 0.10.2 from 0.9 and use the default server-side auth.

But the Connect button redirect url cause an error during redirection after facebook authed.

Following is the url with wrong redirect_uri param:

https://www.facebook.com/dialog/oauth?client_id=102994276528232&redirect_uri=http://codecanaan.comj_spring_security_facebook_check&scope=email&state=6-d3f72

error:
http://codecanaan.comj_spring_security_facebook_check

correct:
http://codecanaan.com/j_spring_security_facebook_check

missing "/" separation

Hello,
As per the document(3.4 Client Side Authentication).
facebookAuth:init
FB.Event.subscribe('auth.login', function() {
window.location.href = '/j_spring_security_facebook_check'
});
/facebookAuth:init
<g:javascript>
$('#fbloginbutton').click(function() {
FB.login();
});
/g:javascript

when I logged in facebook via FB.login() script, look like I can logged in on my app but it doesn't update user data into FacebookUser and User tables. So what? Am I missing something?

It seems to me that the FacebookAuthToken.authenticated property is never set to true if you only use FacebookAuthRedirectFilter. In the other filters, this is done in FacebookAuthUtils.build, which isn't used by redirect.

In my project the line println springSecurityService.authentication.authenticated prints false on successful logins where springSecurityService.authentication has an accessToken, uid and everything.

I fixed it using the line below in FacebookAuthRedirectFilter. Would that be the correct solution or am I missing something?

 FacebookAuthToken token = new FacebookAuthToken(
                    code: code,
                    uid: -1,
                    redirectUri: getAbsoluteRedirectUrl()
            )
            token.authenticated = true  // I added this line 
            return authenticationManager.authenticate(token)

First of all Thanks a lot for the plug-in. I am helping my son with his science project and we used your plugin to integrate his app with facebook. Between this and Twitter Connect plugin we were able to make it work.

We have one issue that I was hopping you can help us with. When user goes to the application being already authorized in Facebook our app still puts the user onto login page (with facebook connect bottom in it) but what is interesting that it does not require user to click anything it is enough just to do simple refresh to get to main application page. It appears that it need to render login page to get cookie information and to establish application session, so my question is how we can eliminate this step and get the user straight to application main page if they are using it from inside face book or already have facebook session running.

Зарание благодарю
Владимир

The fix seemed trivial so it's up at https://github.com/invalid-access/grails-spring-security-facebook, please feel free to pull.

When using the JSON filter I have to send two requests to the filter endpoint with the same token to be fully logged in. If I only send one request I receive the authenticated json object however then accessing any other secured endpoints in my app will result in a redirect to the spring security login page.

On

http://grails.org/plugin/spring-security-facebook

it's written

grails.plugins.springsecurity.facebook.domain.class=''

but has to be

grails.plugins.springsecurity.facebook.domain.classname=''

DefaultFacebookAuthDao.updateToken method is updating the facebookUser object on each request. There are 2 problems with this:
-unnecessary DB updates
-in some cases multiple therad are trying to update the same facebookUser object which results in optimistic exceptions.

The facebookUser should be updated only if the token changed..

If the request to https://graph.facebook.com/oauth/access_token fails the plugin will not print the error message that is returned by FB. As results, it's difficult to find the cause of this failure...

Hellow,

I have problems with latest version of plugin at logging in with my facebook account in my grails application I get error:
Can't fetch access_token for code 'AQDud9suK-k0WOwMS3DAwVoiAwtxE4ALU5SnBEqBn6wZKI-KlNLxlVT4ByNb0ng5eQDjKloWL-KgqxycyMoMuFI4kaXWYyw0nayX4iWYci8Rs2UL5_QG2so21OQP2SDcKA-WMAfMbvpzAZEvJV_i5mhA7TYv4jF8wDdFR3ky7dcPSKr04oBiQf1YoJIOGj1TA1ta_dnum0MYPreLLmaljjvDfBnnB3MKUOb-zy3PV9-vHTW-NA0HzesrqSPQIhcrIeuKQAsg8twC9nxhtuV7lKossYR5Pjb2rYYdhhpgC6N8M9wQrGUnqtKRP5wPM_dEKns'

I assume that Facebook change access_token?
Can someone help me please?

Thank you,
Simon

I've just noticed that restrictions applied to user accounts such as

• User enabled
• Account expired
• Account Locked
• Password expired

Do not work. The user is still able to sign in with all of these properties enabled.
Any input on this?

Hi,
I'm trying to use this plugin and do not know how to access information about the facebook user from a controller. I tried to use the code as stated in the Plugin page (http://grails.org/plugin/spring-security-facebook):

Facebook facebook = new FacebookTemplate(token.accessToken)
FacebookProfile fbProfile = facebook.userOperations().userProfile
String email = fbProfile.getEmail()

However, the system cannot find the class "FacebookTemplate". No class with this name is located in the package com.the6hours.grails.springsecurity.facebook and no other package does exist.

Is there code missing?

I'm using version 0.5.4 of the plugin with Grails 1.3.7 via STS.

If I for example cancel a Facebook authentication and Facebook returns the browser to the app, I get a 401 error:

HTTP Status 401 - Authentication Failed: Request is empty

type Status report
message Authentication Failed: Request is empty
description This request requires HTTP authentication.

Apache Tomcat/7.0.30

I've configured the grails.plugins.springsecurity.facebook.filter.processUrl and tried to create and UrlMapping and action for it. This works on my development machine, but fails when I deploy it to another Tomcat instance. I've also tried to use the default value and leaving the UrlMappings out, but I get the same error.

Did I miss something in the documentation that I should configure? If I could configure where the user is redirected after the filter is used, for example to the front page, that would be great.

Thanks!

Hi,
I still have a problem accessing user information from a facebook user. It looks like the user is identified (<sec:loggedInUserInfo field="uid"/> returns a number) but no other information such as email is available!

Furthermore, if I call facebook.userOperations().userProfile I get the following Exception:

org.springframework.social.MissingAuthorizationException: Authorization is required for the operation, but the API binding was created without authorization.
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleFacebookError(FacebookErrorHandler.java:95)
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleError(FacebookErrorHandler.java:60)
at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:486)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:443)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:415)
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:213)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:160)
at org.springframework.social.facebook.api.impl.UserTemplate.getUserProfile(UserTemplate.java:50)
at org.springframework.social.facebook.api.impl.UserTemplate.getUserProfile(UserTemplate.java:46)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)
at groovy.lang.MetaClassImpl.getProperty(MetaClassImpl.java:1602)
at groovy.lang.ExpandoMetaClass.getProperty(ExpandoMetaClass.java:1099)
at groovy.lang.MetaClassImpl.getProperty(MetaClassImpl.java:3311)
at groovy.lang.ExpandoMetaClass.getProperty(ExpandoMetaClass.java:1111)
at org.codehaus.groovy.runtime.InvokerHelper.getProperty(InvokerHelper.java:161)
at org.codehaus.groovy.runtime.callsite.PojoMetaClassGetPropertySite.getProperty(PojoMetaClassGetPropertySite.java:33)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGetProperty(AbstractCallSite.java:235)
at FacebookAuthDaoImpl.create(FacebookAuthDaoImpl.groovy:59)
...

From Googling a little bit around it seems that the FacebookTemplate() is returned without any authorization credentials.

Any ideas what I can do?

Many thanks in advance,
Joerg

I use your example and set grails.plugins.springsecurity.facebook.filter.type='transparent'
Login works fine, but the logout does not work. It alway loggs in the user again.

This is interesting.

I am using test.foo.com to access the website. But facebook setup the cookie under foo.com .

if (cookie != null) {
logger.info("Cleanup Facebook cookies")
cookie.maxAge = 0
cookie.path = '/'
httpServletResponse.addCookie(cookie)
}

This code does execute. But the facebook cookie does not be deleted.

I add the code: cookie.domain = ".foo.com"

Then it works...

Any comment?

this plugins works,
but if logged in with a FB user,
and show username with following spring security tag,
<sec:username />

the result will be.
package.User: 1

not the username in domain objects.

Is there any solutions?

thanks.

Hi,

w.r.t the issue mentioned http://stackoverflow.com/questions/14665035/spring-security-facebook-plugin-grails-web-service-access

i did the following setting in config.groovy
grails.plugins.springsecurity.facebook.filter.type='transparent,cookieDirect,json'
grails.plugins.springsecurity.facebook.filter.json.processUrl='/j_spring_security_facebook_json'

After I try to perform GET or POST with following link:
http://localhost:8080/ServiceList2/j_spring_security_facebook_json?access_token=
I get the following error:
<<<<<<<<
HTTP Status 404 - /ServiceList2/j_spring_security_facebook_json

type Status report

message /ServiceList2/j_spring_security_facebook_json

description The requested resource (/ServiceList2/j_spring_security_facebook_json) is not available.

Apache Tomcat/7.0.27
<<<<<<

Can you suggest me what am I missing here.
Thank you ,
Rohit

When using this plugin it seems to me that the only way to set i18n tags is through config.groovy. Is there a way to localize with message codes?

Hi Igor,

I am implementing this plugin nice, but I am having one problem. I am using 'transparent' redirect filter.
The problem is after I logout. It takes me back to the website and my app login again. So I cant logout at all. Should it work this way or there is something bad?
Regards
Nicolas Eliaschev

I saw this error many times, but didn't know what's wrong.

"optimistic locking failed; nested exception is org.hibernate.StaleObjectStateException: Row was updated or deleted by another transaction"

SEVERE: Servlet.service() for servlet [default] in context with path [] threw exception
org.springframework.orm.hibernate3.HibernateOptimisticLockingFailureException: Object of class [codecanaan.FacebookUser] with identifier [1]: optimistic locking failed; nested exception is org.hibernate.StaleObjectStateException: Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect): [codecanaan.FacebookUser#1]
    at org.springframework.orm.hibernate3.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:683)
    at org.springframework.orm.hibernate3.HibernateTransactionManager.convertHibernateAccessException(HibernateTransactionManager.java:793)
    at org.springframework.orm.hibernate3.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:664)
    at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:754)
    at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:723)
    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:147)
    at sun.reflect.GeneratedMethodAccessor6928.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:189)
    at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53)
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
    at org.grails.datastore.gorm.GormStaticApi.withTransaction(GormStaticApi.groovy:686)
    at codecanaan.FacebookUser.withTransaction(FacebookUser.groovy)
    at codecanaan.FacebookUser$withTransaction.call(Unknown Source)
    at com.the6hours.grails.springsecurity.facebook.DefaultFacebookAuthDao.updateToken(DefaultFacebookAuthDao.groovy:249)
    at com.the6hours.grails.springsecurity.facebook.FacebookAuthDao$updateToken.call(Unknown Source)
    at com.the6hours.grails.springsecurity.facebook.FacebookAuthProvider.authenticate(FacebookAuthProvider.groovy:80)
    at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)
    at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:302)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:200)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:119)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
    at org.codehaus.groovy.grails.plugins.springsecurity.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:40)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.codehaus.groovy.grails.plugins.springsecurity.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:79)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:69)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:66)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:65)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:197)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
    at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1763)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:722)
Caused by: org.hibernate.StaleObjectStateException: Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect): [codecanaan.FacebookUser#1]
    at org.grails.datastore.gorm.GormStaticApi.withTransaction(GormStaticApi.groovy:686)
    at com.the6hours.grails.springsecurity.facebook.DefaultFacebookAuthDao.updateToken(DefaultFacebookAuthDao.groovy:249)
    at com.the6hours.grails.springsecurity.facebook.FacebookAuthProvider.authenticate(FacebookAuthProvider.groovy:80)
    at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:65)
    ... 3 more

When I user server side authentication it works fine for login and logout. But, how do I trigger automatic login, when facebook places its cookies in the users browser? As far as I know this can only be handled with client side authentication.

Hi everyone,

tried to change the default login button as described in the docs (section 4.3)
http://splix.github.com/grails-spring-security-facebook/guide/4%20Configuration.html

grails.plugins.springsecurity.facebook.taglib.button.defaultImg '/images/connect.png'

which didn't work. In fact the correct parameter seems to be
grails.plugins.springsecurity.facebook.taglib.button.img (img instead of defaultImg)

Not a huge deal at all but wanted to let you know.
Btw.: Thanks for providing this Plugin Igor!

Grails web run very slow when concurrent user number > 10.

Response time always take more than 20 seconds.

I've test with ab (apache benchmark tool).

Seems the server always check facebook auth every time (without sign-in), and it takes a lot of time.

2013-02-21 16:44:56,638 [ajp-bio-8009-exec-11] DEBUG facebook.FacebookAuthTagLib  - Do default server-side authentication redirect
2013-02-21 16:44:56,638 [ajp-bio-8009-exec-11] DEBUG facebook.FacebookAuthTagLib  - Apply server side connect

Is possible to prevent redirect filter to check auth every time?
I think fresh token is good.
But it make performance bottleneck.

Hi,

When i connect with fb and then later I remove the authorization from FB, I retry to login again but I receive this error
facebook.FacebookAuthUtils Can't read data from Facebook

loggs:
facebook.FacebookAuthProvider Create new facebook user with uid xxxxxxxxxxxxx
facebook.FacebookAuthUtils Can't read data from Facebook
java.io.IOException: Server returned HTTP response code: 400 for URL: https://graph.facebook.com/oauth/access_token?client_id=368482616562345&redirect_uri=&client_secret=xxxxx&code=xxxxx

it seems that the redirect_url is missing:
{"error":{"message":"Missing redirect_uri parameter.","type":"OAuthException","code":191}}

in the FacebookAuthUtils such parameter is never set. Could be the problem?

Igor,

I am not sure if we have missed anything but is there a handling for authorization expiration (it seems like they expire access token often) and revoke (user deleting authorization for the app in his/her facebook account settings) in the plug-in.

I see in the notes that update(FacebookUser user) supposed to be called but I was not able to find it and also I do not see any logic for expiring/deleting FacebookUser domain entries.

Please, really need your help with these.

Thanks,
Vladimir

I keep getting this error. Does anyone know what this might be related to?

URI
/s2-facebook-example/
Class
java.lang.IllegalStateException
Message
No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.

When processing a login from different parts of a website it is often nice if you can specify different redirect urls depending on where the user hits the facebook connect button.

I.e., if the user is at the login page, you want him to redirect to index after successful login.
If the user is at, let's say, an itempage and clicks on the facebook connect button we want him to stay at the itempage after successful login and not redirect him to the index page.

How can I do that?

Using your example and changing:

grails.plugins.springsecurity.facebook.filter.type='transparent'

and

grails.plugins.springsecurity.facebook.filter.transparent.failureHandler='redirectFailureHandlerExample'

It gives the following error:

ERROR context.GrailsContextLoader - Error initializing the application: Error creating bean with name 'facebookAuthCookieTransparentFilter': Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'authenticationFailureHandler' of bean class [com.the6hours.grails.springsecurity.facebook.FacebookAuthCookieTransparentFilter]: Bean property 'authenticationFailureHandler' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?
Message: Error creating bean with name 'facebookAuthCookieTransparentFilter': Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'authenticationFailureHandler' of bean class [com.the6hours.grails.springsecurity.facebook.FacebookAuthCookieTransparentFilter]: Bean property 'authenticationFailureHandler' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?
Line | Method
->> 334 | innerRun in java.util.concurrent.FutureTask$Sync

| 166 | run in java.util.concurrent.FutureTask
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 722 | run . . . in java.lang.Thread
Caused by NotWritablePropertyException: Invalid property 'authenticationFailureHandler' of bean class [com.the6hours.grails.springsecurity.facebook.FacebookAuthCookieTransparentFilter]: Bean property 'authenticationFailureHandler' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?
->> 334 | innerRun in java.util.concurrent.FutureTask$Sync

| 166 | run in java.util.concurrent.FutureTask
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 722 | run . . . in java.lang.Thread

Hi,

this is not an issue but an enhancement request.

I am building an app for android using phonegap + phonegap-facebook-plugin.
I have switched to the new Json Filter, but in the scenario I am working JSON calls are not valid, because of the cross domain security restrictions. (domain of the WebView is local, and ajax calls need to be made to a remote server).

Could you add support for JSONP ? or give some guidance on how to include it in the plugin?

I have changed JsonAuthenticationHandler to support both JSONP or JSON but it could be nice to have it included in the plugin.

Thanks in advance,
richard.

Since version 0.14 theres a check in SpringSecurityFacebookGrailsPlugin, if the current environment is TEST, which then stops the plugin configuration.

Unfortunately this is not only the case for unit tests, but also for integration or functional tests, which require a fully initialized security configuration.

as mentioned in documentation we will use
compile ":spring-security-facebook:0.15.1"
dependency

but taking a look on
http://repo.grails.org/grails/plugins/org/grails/plugins/spring-security-facebook/
makes us sure that there is no such a version ut 0.15.0

should it be changed?
error in docs or lack of corresponding version in repo?

thanks

I have the neo4j plugin installed (grails.org/plugin/neo4j) and have added a property 'name' to FacebookUser. In the FacebookAuthService.afterCreate method, I set the name to some value,

void afterCreate(FacebookUser user, FacebookAuthToken token) {
....
user.name = 'Test User'
user.save()
}

But this doesn't seem to save the new value. I even wrapped it in a transaction with no difference.

springsecurity package names changed.

org.codehaus.groovy.grails.plugins.springsecurity to grails.plugin.springsecurity

Problem:

When using the CookieTransparent or CookieDirect Filter an eventually changed token (e.g. changed by a quick relogin) with in the valid expiry of the old token does not trigger an update of the DB stored token.

Steps to reproduce:

1. Log in via Facebook Login Dialog (accessToken = token1)
2. Log out via Facebook Logout Button (token1 now invalid but still in DB)
3. Log in via Facebook Login Dialog (accessToken = token2)

The DB now contains accessToken token1 with a valid accessTokenExpires value, but facebook has marked this token as revoked so it cannot be used anymore for Facebook calls.
Spring social facebook throws a RevokedAuthorizationException exception when using this token

Solution:

• Integrate a check, if the token provided by the login process is different to the token stored inside the DB.
• If the token has changed, update accessToken and accessTokenExpires values inside the DB

EDIT:
As I just saw theres no possibility anymore to extract the current access token from the cookie value.
So the only solution would be to query FB for a fresh access token every time an authentication event happens.
This seems not acceptable regarding to the performance of a page.

Maybe this issue should be mentioned in the corresponding section of the documentation

Best solution for me: I'm changing my app to use the JSONFilter instead of the CookieDirectFilter

There should be a parameter in facebookAuth:init to choose the locale, i.e., load the corret all.js

http://splix.github.io/grails-spring-security-facebook/guide/3%20Usage.html have invalid url to Example app

missing redirectUri

java.io.IOException: Server returned HTTP response code: 400 for URL: https://graph.facebook.com/oauth/access_token?client_id=102994276528232&redirect_uri=&client_secret=74aec48530821bdccc61c61633d6d4fd&code=AQAuxQ7qR-b8OUz_zDNTBS6fV8_kMD7TIi5jIw15pfhXBFM3TB4rtvAuRDDZmJFksy0JazL-76GyyHo30VaIDH1laENpJnglq05hgvqU6ytOAcCap75WyTT_zec7lEEfxlqsN6xlmv6QnhjQTJUsI5LsLB9Er9JiIS882ChoUE44DHwR1_-6dpGQZxFy3RJxYhJOk-o9yeT9yzsRWSqjHmUB

fix
lyhcode@d4de3ec

In the documentation in the first section is refers to "roleNames":

User creation/initialization
Name Default Value
grails.plugins.springsecurity.facebook.autoCreate.roleNames 'ROLE_USER', 'ROLE_FACEBOOK'

Later on in the same document (http://splix.github.com/grails-spring-security-facebook/guide/4%20Configuration.html) it refers to just "roles":

Name Default Value
grails.plugins.springsecurity.facebook.autoCreate.enabled true
grails.plugins.springsecurity.facebook.autoCreate.roles 'ROLE_USER', 'ROLE_FACEBOOK'

roleNames does not in fact work, which is what a user will find first.

Hey!
Nice work.
seems as if it has a problem using Chrome. I think it is caused by the missing channel file mentioned here:http://developers.facebook.com/docs/reference/javascript/
I don't know how to solve this. Maybe you have an idea?

cheers!

I've upgrade to 0.10.2 from 0.9 and use the default server-side auth.

But the Connect button redirect url cause an error during redirection after facebook authed.

Following is the url with wrong redirect_uri param:

https://www.facebook.com/dialog/oauth?client_id=102994276528232&redirect_uri=http://codecanaan.comj_spring_security_facebook_check&scope=email&state=6-d3f72

error:
http://codecanaan.comj_spring_security_facebook_check

correct:
http://codecanaan.com/j_spring_security_facebook_check

missing "/" separation

Thanks to 0.10.4 update, it help a lot.

But if my FacebookUser create a "accessTokenExpires" field.

Still get a error, facebook server return 400 http status.
I've save the log file to gist:
https://gist.github.com/4564687

I'll keep look for a way to fix this problem.