How to allow anonymous twitter connections in an MVC configuration
Using - spring-social 1.1.4 - spring-social-twitter 1.1.2 - spring-mvc-4.2 - on tomcat 7
Below is my tomcat config for my MVC Application including twitter set up and usersConnectionRepository.
This is all working fine for the logged in MVC user.
The problem for me arises when I want to allow clients to tweet from a public link available to non MVC authenticated users. (#{request.userPrincipal.name} will be null)
I have looked through many examples. Most examples use old 1.0.0 spring-social. I noticed that the new 1.1.2 version of spring-social-twitter Does not have a zero argument Twitter() constructor, which is in some examples is shown to be a way to work without the connectionRepository.
I am looking for a way to configure or code an option to allow both user logged in to my app and anonymous users to use some options on my site.
In the configuration below an anonymous user being redirected to connect/twitter will result in a problem getting a connetionRepository. usersConnectionRepository must have a "#{request.userPrincipal.name}" because my connectController relies on this.
I am thinking maybe I need a custom connect controller... There must be a correct approach to this.
Any suggestions welcome.
my web.xml
<listener>
<listener-class>
org.springframework.web.util.Log4jConfigListener
</listener-class>
</listener>
<display-name>Central Portal</display-name>
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>dev</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>dev</param-value>
</context-param>
<context-param>
<param-name>spring.liveBeansView.mbeanDomain</param-name>
<param-value>dev</param-value>
</context-param>
<!-- Spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF//pages/error.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/pages/error.jsp</location>
</error-page>
<error-page>
<location>/WEB-INF/pages/error.jsp</location>
</error-page>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml,
/WEB-INF/spring-database.xml
</param-value>
</context-param>
<!-- Enable POST -->
<filter>
<filter-name>hiddenHttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>hiddenHttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Concurrency listener -->
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
one bit of java config
mvc-dispatcher-servlet.xml
<context:component-scan base-package="org.schoolit.usermanager.config" />
<!-- component-scan / controllers -->
<context:component-scan base-package="org.schoolit.webapplication.*" />
<context:component-scan base-package="org.schoolit.spring.social.*"/>
<!-- property-placeholder's -->
<context:property-placeholder location="classpath:oauth.properties"/>
<!-- resource mapping -->
<mvc:resources mapping="/gen/**" location="/WEB-INF/gen/" cache-period="31556926"/>
<mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" cache-period="31556926"/>
<!-- JSP ViewResolver -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<!-- twitter stuff start -->
<bean id="handlerExceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<prop key="Exception">error</prop>
</props>
</property>
</bean>
<bean id="twitterTemplate"
class="org.springframework.social.twitter.api.impl.TwitterTemplate">
<constructor-arg value="${twitter.oauth.consumerKey}"/>
<constructor-arg value="${twitter.oauth.consumerSecret}"/>
<!--<constructor-arg value="${twitter.oauth.accessToken}"/>
<constructor-arg value="${twitter.oauth.accessTokenSecret}"/> -->
</bean>
<bean id="connectionFactoryLocator" class="org.springframework.social.connect.support.ConnectionFactoryRegistry">
<property name="connectionFactories">
<list>
<bean class="org.springframework.social.twitter.connect.TwitterConnectionFactory">
<constructor-arg value="${twitter.oauth.consumerKey}" />
<constructor-arg value="${twitter.oauth.consumerSecret}" />
</bean>
</list>
</property>
</bean>
<bean id="connectionRepository" factory-method="createConnectionRepository" factory-bean="usersConnectionRepository" scope="request">
<constructor-arg value="#{request.userPrincipal.name}" />
<aop:scoped-proxy proxy-target-class="true" />
</bean>
<bean id="usersConnectionRepository"
class="org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository">
<constructor-arg ref="dataSource" />
<constructor-arg ref="connectionFactoryLocator" />
<constructor-arg ref="textEncryptor" />
</bean>
<bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors"
factory-method="noOpText" />
<bean id="connectController" class="org.springframework.social.connect.web.ConnectController">
<constructor-arg ref="connectionFactoryLocator"/>
<constructor-arg ref="connectionRepository"/>
<property name="applicationUrl" value="http://localhost:8080/CentralPortal/" />
<property name="connectInterceptors">
<list>
<bean class="org.schoolit.spring.social.TweetAfterConnectInterceptor"/>
</list>
</property>
</bean>
spring-database.xml
<!-- App's dataSource used by jdbcTemplate,jdbc-user-service and connectController -->
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/spring_me" />
<property name="username" value="root" />
<property name="password" value="<mypassword>" />
</bean>
<!-- jdbcTemplate used in usermanager bit only for now. -->
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<constructor-arg ref="dataSource" />
</bean>
spring-security.xml
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<!-- Set up rolefilter's for requestmapping's -->
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/usermanager**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/users**" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<!-- loginform-setup Spring Security -->
<form-login
login-page="/login"
default-target-url="/home"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection default is enabled from 4.0 spring
<csrf /> <csrf disabled="true"/> -->
<csrf request-matcher-ref="connect/*" disabled="true"/>
<!-- Prevent Clickjacking iframe's -->
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<!-- One login per username should be one set to 5 for testing-->
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/login?error" />
</session-management>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from users where username=?"
authorities-by-username-query="select username, role from user_roles where username =? " />
</authentication-provider>
</authentication-manager>
<!-- encoder bean. Used for password encryption -->
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>
Solution
I see that you have twitterTemplate bean configured, if you are able to use it in the application you won't need to do anything else.
Use TwitterTemplate instead of Twitter.
TwitterTemplate implements Twitter interface, so all methods are available.
Examples:
//1. Search Twitter
SearchResults results = twitterTemplate.searchOperations().search("#WinterIsComing");
List<Tweet> tweets = results.getTweets();
int i =0;
for (Tweet tweet : tweets) {
System.out.println(tweet.getUser().getName() + " Tweeted : "+tweet.getText() + " from " + tweet.getUser().getLocation()
+ " @ " + tweet.getCreatedAt() + tweet.getUser().getLocation() );
}
//2. Search Place by GeoLocation
RestTemplate restTemplate = twitterTemplate.getRestTemplate();
GeoTemplate geoTemplate = new GeoTemplate(restTemplate, true, true);
List<Place> place = geoTemplate.search(37.423021, -122.083739);
for (Place p : place) {
System.out.println(p.getName() + " " + p.getCountry() + " "+p.getId());
}
//3. Get Twitter UserProfile
TwitterProfile userProfile = twitterTemplate.userOperations().getUserProfile();
System.out.println(userProfile.getName()+" has " +userProfile.getFriendsCount() + " friends");
Using TwitterTemplate, users don't need to login. Hope this helps!
- Postgres / hibernate operator does not exist: text = bytea
- Spring boot not loading log4j2.xml
- How to verify 'Open xdg-open popup' in Chrome via Selenium Webdriver?
- Junit is throwing error with the com.fasterxml.jackson.databind.exc.InvalidDefinitionException
- @Repository not necessary when implementing JpaRepository?
- Implementing custom methods of Spring Data repository and exposing them through REST
- How to add custom method to Spring Data JPA
- How to use the Netbeans Profiler programmatically?
- Unknown entity: com.sun.proxy.$Proxy87
- What is an object graph in the Java garbage collector?
- Why does the paging library stop loading data after several calls?
- What is the fastest way to create a 2GB file containing random bytes in Java?
- SAXParseException; src-resolve: Cannot resolve the name '...' to a(n) 'type definition' component
- Is it good idea to use the DAO design pattern with spring Boot, instead of using repository design pattern provided by spring data jpa?
- Can i sum two String values without using Wrapper Class in java if yes than how ?
- How to debug the below flux code when expected log is missing?
- Implementing a simple turn-based game in Java using the wait-notify approach
- Why is Spring initialising my Aspect twice?
- AndroidManifest.xml - specified for property 'manifest' does not exist
- java.lang.RuntimeException: Duplicate class org.intellij.lang.annotations.Flow found in modules annotations-16.0.1.jar and annotations-java5-15.0.jar
- JFrame doesn't appear with ActionListener
- Escaping special character when generating an XML in Java
- Is it possible to override package path of Maven dependency?
- IntelliJ gradle add module dependency
- Paging Compile Issue : Not sure how to convert a Cursor to this method's return type
- Weird behaviour of Java MethodHandle.invokeExact
- How do I use a custom Serializer with Jackson?
- loadInitial method not getting called in PositionalDataSource<Item>
- How to use "=toString" in modify-overwrite-beta operation in input with objects?
- Ignore unused local variable warnings in VS Code