") mentioned above, since this will not change throughout the application, i have put it as a constant in my ApplicationConstants.java interface.
this will be the url, to which the user will be redirected by Facebook after login/cancellation from the
. Our next set of code needs to be put here, how to handle the post authentication process. I used like "http://localhost:8080/your_app_name/facebookAuthentication.htm"
The scope parameter allows us to specify a comma separated list of additional permissions which we need the user to grant our application, the complete list can be found
. Add these according to your requirements.
this is like a key we used to keep the conversation between our application and Facebook safe, "to ensure the security of the response when the user returns to your app after the authentication step". This can be any string eg:- "justtotestfbresponseafterlogin"-this too is a constant
The requested response type, one of code or token, I tried to get the token staright, but I failed, so I'm getting the "code" and using the code we receive, we can get the access token.
can be found a complete list of parameters with details to the above URL.
Now its time to see howto handle the response we receive from Facebook when the user redirect to our application from the above URL. this is my code in the controller,
@RequestMapping(value = "/facebookAuthentication", method=RequestMethod.GET)
public String facebookAuthentication(HttpServletRequest request,HttpServletResponse response) {
//Get the parameter "code" from the request
String code=request.getParameter("code");
//Check if its null or blank or empty
if(StringUtils.isNotEmpty(code)){
//If we received a valid code, we can continue to the next step
//Next we want to get the access_token from Facebook using the code we got,
//use the following url for that, in this url,
//client_id-our app id(same as above), redirect_uri-same as above, client_secret-same as //above, code-the code we just got
String url="https://graph.facebook.com/oauth/access_token?"
+ "client_id=" + ApplicationConstants.FACEBOOK_APP_ID
+ "&redirect_uri=" + ApplicationConstants.FACEBOOK_REDIRECT_URL
+ "&client_secret=" + ApplicationConstants.FACEBOOK_SECRET_KEY
+ "&code=" + code;
// Create an instance of HttpClient.
HttpClient client = new HttpClient();
// Create a method instance.
GetMethod method = new GetMethod(url);
// Provide custom retry handler is necessary
method.getParams().setParameter(HttpMethodParams.RETRY_HANDLER,
new DefaultHttpMethodRetryHandler(3, false));
try {
// Execute the method.
int statusCode = client.executeMethod(method);
if (statusCode != HttpStatus.SC_OK) {
System.err.println("Method failed: " + method.getStatusLine());
}
// Read the response body.
byte[] responseBody = method.getResponseBody();
// Deal with the response.Use caution: ensure correct character encoding and is
// not binary data
String responseBodyString=new String(responseBody);
//will be like below, //access_token=AAADD1QFhDlwBADrKkn87ZABAz6ZCBQZ//DZD&expires=5178320
//now get the access_token from the response
if(responseBodyString.contains("access_token")){
//success
String[] mainResponseArray=responseBodyString.split("&");
//like //{"access_token=
AAADD1QFhDlwBADrKkn87ZABAz6ZCBQZ//DZD ","expires=5178320"}
String accesstoken="";
for (String string : mainResponseArray) {
if(string.contains("access_token")){
accesstoken=string.replace("access_token=", "").trim();
}
}
//now we have the access token :)
//Great. Now we have the access token, I have used restfb to get the user details here
FacebookClient facebookClient = new DefaultFacebookClient(accesstoken);
User user = facebookClient.fetchObject("me", User.class);
//In this user object, you will have the details you want from Facebook, Since we have the access token with us, can play around and see what more can be done
//CAME UP TO HERE AND WE KNOW THE USER HAS BEEN AUTHENTICATED BY FACEBOOK, LETS AUTHENTICATE HIM IN OUR APPLICATION
//NOW I WILL CALL MY doAutoLogin METHOD TO AUTHENTICATE THE USER IN MY SPRING SECURITY CONTEXT
}else{
//failed
return "redirect:loginPage.htm";
}
} catch (HttpException e) {
System.err.println("Fatal protocol violation: " + e.getMessage());
e.printStackTrace();
} catch (IOException e) {
System.err.println("Fatal transport error: " + e.getMessage());
e.printStackTrace();
} finally {
// Release the connection.
method.releaseConnection();
}
}else{
//failed
return "redirect:loginPage.htm";
}
}