Got Facebook login working yesterday.
It’s been a while since I posted so thought I should do a quick one whilst I’ve got time. I’ve got an idea to go back over the various tasks involved in getting the message board running and write them up as proper “how to” blog posts that might actually be useful to someone, or at least me if I forget how I did it.
Anyway, I got facebook login working, after a bit of googling and reading through the facebook developer documentation. I have resorted to dropping the Spring login stuff, which I’d used to allow ajax logins to work with standard J2EE security. As I couldn’t find away of getting the standard J2EE security to work with logins from Facebook (not facebook specific – would have had the same problem with any OAuth login I think). I did try the new(ish) HttpServletRequest.login method available in Servlet API 3.0 – Tomcat 7.0, but found it only seemed to login that request, not the session, so when the response redirected the user to the message board after the facebook login they were still logged out as far as the session was concerned. So I’ve done what feels like a quick hack and just stored a “logged in” flag in the session.
I will investigate Apache Shiro, http://shiro.apache.org/ , an alternative to J2EE security. I’m not convinced J2EE standard is flexible enough for most uses I’m likely to come accross in the real world, but maybe I’m missing something, but it seems as though the creator of Shiro thought the same.