Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 1.1.0 Backlog, 1.1.0.M2
    • Component/s: None
    • Labels:
      None

      Activity

      Hide
      Keith Donald added a comment -

      We're going to need some more information. Being specific about what functionality you require helps, referencing prior integration work helps e.g. https://github.com/molindo/spring-social/commits/security.

      Show
      Keith Donald added a comment - We're going to need some more information. Being specific about what functionality you require helps, referencing prior integration work helps e.g. https://github.com/molindo/spring-social/commits/security .
      Hide
      Marcel Overdijk added a comment -

      OK fair point

      What I mean is to have a Spring Social / Spring Security integration.
      Logging in e.g. with Facebook but then going through Spring Security to be authorized in the application (and loading details from local datastore like roles).

      I read somewhere that Spring Social 1.1 would focus on this integration, am I right?

      Show
      Marcel Overdijk added a comment - OK fair point What I mean is to have a Spring Social / Spring Security integration. Logging in e.g. with Facebook but then going through Spring Security to be authorized in the application (and loading details from local datastore like roles). I read somewhere that Spring Social 1.1 would focus on this integration, am I right?
      Hide
      Keith Donald added a comment -

      The link above is a first cut at full Spring Security + Social integration. It's planned for integration in the 1.1 timeframe, yes.

      Show
      Keith Donald added a comment - The link above is a first cut at full Spring Security + Social integration. It's planned for integration in the 1.1 timeframe, yes.
      Hide
      Marcel Overdijk added a comment -

      OK can we keep a JIRA issue open to track progress and people can watch/vote?

      Show
      Marcel Overdijk added a comment - OK can we keep a JIRA issue open to track progress and people can watch/vote?
      Hide
      Scott Murphy added a comment -

      Provider sign ins should support Remember Me functionality.

      Show
      Scott Murphy added a comment - Provider sign ins should support Remember Me functionality.
      Hide
      Sébastien Deleuze added a comment -

      I hope Spring Source will use its own dog food, ie make Spring Social use Spring Security OAuth2 bits (mostly consumer stuff) ...
      Is it the idea behind this issue ?

      Show
      Sébastien Deleuze added a comment - I hope Spring Source will use its own dog food, ie make Spring Social use Spring Security OAuth2 bits (mostly consumer stuff) ... Is it the idea behind this issue ?
      Hide
      Deejay added a comment -

      I'd love to use this functionality - I sadly assumed it was already present in Spring Social! Is there any indication of when this may be implemented?

      Show
      Deejay added a comment - I'd love to use this functionality - I sadly assumed it was already present in Spring Social! Is there any indication of when this may be implemented?
      Hide
      Sinan Inel added a comment -

      It's really great that you're adding this feature. Several questions on the scope:

      1. Will you support the use case where authentication is done via the social provider and spring security is used mainly for authorization - that is no local signin/signup. I have been struggling with this issue and the few discussions that I could find on the internet suggest using a fake password field in the database, which is hacky and I would like to avoid. I was implementing my own authentication provider which skips the password check, inspired by your approach in the greenhouse, yet now I'm considering waiting for 1.1.0.M1, since it's due in a few weeks. However, would you please let me know if this use case will be covered by the ongoing implementation.

      2. I second the need for supporting Remember Me functionality. I haven't been able to figure out an approach on how to go about this looking at any of the spring social samples or the greenhouse. Will this be included?

      3. How would the integration address other issues such as session management while supporting multiple providers? For example, would it support detecting concurrent sessions by the same user signing in via different providers? How about detecting and merging multiple provider accounts belonging to the same user?

      Thanks again for your efforts and the great code.

      Show
      Sinan Inel added a comment - It's really great that you're adding this feature. Several questions on the scope: 1. Will you support the use case where authentication is done via the social provider and spring security is used mainly for authorization - that is no local signin/signup. I have been struggling with this issue and the few discussions that I could find on the internet suggest using a fake password field in the database, which is hacky and I would like to avoid. I was implementing my own authentication provider which skips the password check, inspired by your approach in the greenhouse, yet now I'm considering waiting for 1.1.0.M1, since it's due in a few weeks. However, would you please let me know if this use case will be covered by the ongoing implementation. 2. I second the need for supporting Remember Me functionality. I haven't been able to figure out an approach on how to go about this looking at any of the spring social samples or the greenhouse. Will this be included? 3. How would the integration address other issues such as session management while supporting multiple providers? For example, would it support detecting concurrent sessions by the same user signing in via different providers? How about detecting and merging multiple provider accounts belonging to the same user? Thanks again for your efforts and the great code.
      Hide
      Craig Walls added a comment -

      FYI: I've just moved this issue out to be part of 1.1.0.M2. I was working to get it into M1 and it's working well, thanks to a contribution from Stefan Fussenegger. But, in its current form it is inconsistent with how some similar functionality works in ConnectController/ProviderSignInController and also inconsistent with other work I've done for simplified configuration. The Spring Security/Spring Social stuff needs to be unified with the other parts of Spring Social before I work it in.

      My options are
      (1) delay the 1.1.0.M1 release even further, continuing a streak of no releases
      (2) push it in anyway and unify it later, knowing that it will likely change in a later milestone
      (3) push 1.1.0.M1 without the Spring Security integration and unify it in M2

      I've chosen #3 so that I can re-establish some momentum on the Spring Social project and so that I can feel confident that when I do push the Spring Security code into a milestone it will be consistent with the rest of the Spring Social codebase.

      You can count on this being the primary focus of 1.1.0.M2.

      Show
      Craig Walls added a comment - FYI: I've just moved this issue out to be part of 1.1.0.M2. I was working to get it into M1 and it's working well, thanks to a contribution from Stefan Fussenegger. But, in its current form it is inconsistent with how some similar functionality works in ConnectController/ProviderSignInController and also inconsistent with other work I've done for simplified configuration. The Spring Security/Spring Social stuff needs to be unified with the other parts of Spring Social before I work it in. My options are (1) delay the 1.1.0.M1 release even further, continuing a streak of no releases (2) push it in anyway and unify it later, knowing that it will likely change in a later milestone (3) push 1.1.0.M1 without the Spring Security integration and unify it in M2 I've chosen #3 so that I can re-establish some momentum on the Spring Social project and so that I can feel confident that when I do push the Spring Security code into a milestone it will be consistent with the rest of the Spring Social codebase. You can count on this being the primary focus of 1.1.0.M2.

        People

        • Assignee:
          Craig Walls
          Reporter:
          Marcel Overdijk
        • Votes:
          7 Vote for this issue
          Watchers:
          10 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved: