socialauth-您可以在重定向中使用同一会话吗? [英] socialauth - can you use same session across a redirect?
问题描述
我正在尝试使用 socialauth 使用google,facebook等登录(我将在此处使用google),并对它的工作方式有疑问.我正在使用没有Seam的JSF 2.基本想法是您:
I'm trying to use socialauth to login with google, facebook et al (I'll assume google here) and have a question about how it works. I'm using JSF 2 without Seam. The basic idea is that you:
-
进行一些API调用,指示您要使用google登录.
make a few API calls indicating that you want to login with google.
进行另一个API调用,该API返回Google的URL.
make another API call which returns a URL for google.
提供一个结果URL,谷歌将使用该结果URL重定向回您的网站.
supply a result URL which will be used by google to redirect back to your site.
重定向到Google URL.
redirect to the google URL.
然后Google会立即重定向到您的网站,或者首先询问登录详细信息.
then google will either immediately redirect back to your site or first ask for login details.
我的困惑是将出站和入站的数据链接在一起.在入门页面(上面链接)中,他们提出了以下建议:
My confusion is about linking together the data from the outbound and inbound sides. In the getting started page (linked above) they suggest this:
出站
SocialAuthManager manager = new SocialAuthManager();
String successUrl = "http://my.domain.com/socialauthd/successAction.xhtml";
String url = manager.getAuthenticationUrl(id, successUrl);
// Store in session
session.setAttribute("authManager", manager);
入站
// get the auth provider manager from session
SocialAuthManager manager = (SocialAuthManager)session.getAttribute("authManager");
我的问题是我看不到它如何工作,并且没有进行测试.他们建议在会话中存储对SocialAuthManager实例的引用,但是,当从Google收到请求时,会创建一个新会话.它没有JSESSIONID cookie,因此也不是首先将请求发送给google的会话的一部分.
The problem I have is that I don't see how this can work, and it doesn't in testing. They suggest storing a reference to an instance of SocialAuthManager in the session, however when the request is received from google a new session is created. It doesn't have the JSESSIONID cookie and so isn't part of the session that sent the request to google in the first place.
要解决此问题,我从socialauth api获得了每个请求的唯一ID(openid.assoc_handle-作为查询参数发送),将其放在应用程序范围内的bean中的currentHashMap中,然后在preRenderView中检索引用完成页面中的侦听器(successUrl-在示例中命名错误,因为无论哪种方式都被引用).
To work around this I got a unique per-request id from the socialauth api (openid.assoc_handle - it's sent as a query param), put it in a concurrentHashMap in an app scoped bean, and retrieve the reference in a preRenderView listener in the completion page (successUrl - badly named in the example as it is called either way).
对于文档中未包含的某些内容,这似乎很麻烦.尽管我通常使用CODI @ViewAccessScoped,但我已经使用@RequestScoped CDI bean进行了尝试.使用CODI,我尝试将windowId添加到成功URL中,并且还将JSESSIONID cookie添加到重定向中,但是这两种方法均无效.我认为bean范围不相关,但是信息越多越好.
This all seems like a lot of hassle for something that isn't included in the documentation. I've tried this with @RequestScoped CDI beans, although I usually use CODI @ViewAccessScoped. With CODI I've tried adding the windowId to the success URL, and also adding the JSESSIONID cookie to the redirect, but neither approaches work. I don't think the bean scope is relevant but the more information the better.
我可以深入研究spring,seam和struts的示例,但是对于纯EE 6开发人员来说,这会产生很多开销,并且对这个问题有了更好的了解之后,我可以制作一个简单的,可工作的,仅JSF的示例.适用于socialauth团队,可在Google代码上使用.
I could dive into the spring, seam and struts examples but for a pure EE 6 developer it's a lot of overhead, and with a better understanding of this issue I can produce a simple, working, JSF only example which I will make available to the socialauth team for use on google code.
我是否遗漏了一些明显的东西,或者这是否必须很复杂?如果是的话,为什么他们记录了根本行不通的方法?
Am I missing something obvious or does this just have to be complicated? and if so why did they document an approach that simply doesn't work?
我认为successUrl的命名可能比我想象的要恰当,因为在与Yahoo进行测试时,我意识到除非正确的登录详细信息正确,否则您将不会被重定向回自己的站点.假如.我希望所有提供商都一样.我已经向Socialauth网站添加了有关此解决方案的一些评论,也向我记录了有关此问题的问题添加了评论(这两个问题均未收到来自参与socialauth项目的任何人的任何答复).
I think that the successUrl may be named more appropriately than I thought, because in testing with Yahoo I realise that you won't be redirected back to your own site unless correct login details are provided. I expect this is the same for all providers. I have added some comments regarding this solution to the socialauth site, and also to an issue I logged about this problem (neither of which have received any response from anyone involved in the socialauth project).
推荐答案
在回调URL中包含jsessionid路径参数.
Include the jsessionid path parameter in the callback URL.
String successUrl = "http://my.domain.com/socialauthd/successAction.xhtml"
+ ";jsessionid=" + session.getId();
请注意,这并非特定于JSF API,而是特定于 Servlet API (第7.1.3章,URL重写).
Note that this is not specific to JSF API, but to Servlet API (chapter 7.1.3, URL rewriting).
这篇关于socialauth-您可以在重定向中使用同一会话吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
