Databases
StackOverflow2013
Postsdbo
POSpring Social + Spring Security HTTPS/HTTP
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSpring Social + Spring Security HTTPS/HTTP
    primarykey
    data
    text
    <p>How can I make the remember me cookie and session accessible through http when requesting a facebook login from either http or https with spring social. Currently if a user logs in through https the cookie is not readable through http pages (no user logged in). I am using use-secure-cookie="false" but that doesn't help.</p> <pre><code> &lt;s:remember-me key="mykey" services-ref="rememberMeServices" use-secure-cookie="false"/&gt; &lt;bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"&gt; &lt;property name="userDetailsService" ref="userService" /&gt; &lt;property name="tokenRepository" ref="persistentTokenRepository" /&gt; &lt;property name="key" value="mykey" /&gt; &lt;property name="cookieName" value="rmb" /&gt; &lt;property name="useSecureCookie" value="false" /&gt; &lt;property name="tokenValiditySeconds" value="946708560" /&gt; &lt;property name="alwaysRemember" value="true"&gt;&lt;/property&gt; &lt;/bean&gt; </code></pre> <p>My Social Config:</p> <pre><code>@Configuration public class SocialConfig { @Inject private Environment environment; @Inject private DataSource dataSource; @Inject private TextEncryptor textEncryptor; @Value("${app.url}") private String applicationUrl; @Value("${facebook.clientId}") private String facebookClientId; @Value("${facebook.clientSecret}") private String facebookClientSecret; @Bean public ConnectionFactoryLocator connectionFactoryLocator() { ConnectionFactoryRegistry registry = new ConnectionFactoryRegistry(); registry.addConnectionFactory(new FacebookConnectionFactory( facebookClientId, facebookClientSecret)); return registry; } @Bean @Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES) public ConnectionRepository connectionRepository() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { throw new IllegalStateException("Unable to get a ConnectionRepository: no user signed in"); } return usersConnectionRepository().createConnectionRepository(authentication.getName()); } @Bean public UsersConnectionRepository usersConnectionRepository() { JdbcUsersConnectionRepository repository = new JdbcUsersConnectionRepository( dataSource, connectionFactoryLocator(), textEncryptor); repository.setConnectionSignUp(connectionSignUp()); return repository; } @Bean public TextEncryptor textEncryptor() { return Encryptors.noOpText(); } @Bean public ConnectController connectController() { ConnectController controller = new ConnectController( connectionFactoryLocator(), connectionRepository()); controller.setApplicationUrl(applicationUrl); return controller; } @Bean public ProviderSignInController providerSignInController(RequestCache requestCache) { ProviderSignInController controller = new ProviderSignInController(connectionFactoryLocator(), usersConnectionRepository(), signInAdapter()); controller.setSignUpUrl("/register"); controller.setSignInUrl("/socialSignIn"); controller.setPostSignInUrl("socialSignIn"); controller.addSignInInterceptor(new RedirectAfterConnectInterceptor()); return controller; } @Bean public SignInAdapter signInAdapter() { return new SignInAdapterImpl(); } @Bean public ConnectionSignUp connectionSignUp() { return new ConnectionSignUpImpl(); } } </code></pre>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USuser979051
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. COThe use-secure-cookie attribute only impacts rememberme. You need to ensure that the HTTP Session is also allowed over HTTP. NOTE: Allowing either of these over HTTP is a BAD!!! idea. Google for Firesheep for why you should not submit session cookies over HTTP.
      singulars
      1. POSpring Social + Spring Security HTTPS/HTTP
      1. USRob Winch
    2. COThank you...google sslstrip, or hacker's manifesto..a machine is secure only if its offline..
      singulars
      1. POSpring Social + Spring Security HTTPS/HTTP
      1. USuser979051
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload