实施社交媒体登录春季安全

Question

我正在使用Spring 3和spring security.我正在整合社交帐户,例如:Facebook,Twitter和Google.我正在使用javascript sdk版本,但我的问题是我可以注册用户,但我不知道如何验证它们.

例如:

当用户点击任何链接(Facebook,Twitter,谷歌)后,在成功通过身份验证后打开新对话框我可以获得他们的基本个人资料详细信息:电子邮件,身份证,姓名,图像,我使用ajax将所有这些信息传递给我的控制器如果用户尚未注册,则调用service和dao来保存用户.

直到这里一切都对我很好.我使用用户ID并使用salt加密它们并将其作为密码保存到数据库中(我不确定这是否是正确的处理方式)但现在我的困惑是如何验证用户并允许它们登录系统.

我的security.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- Configuration for master level user login -->
    <http auto-config="true" use-expressions="true"
        disable-url-rewriting="true">
        <!-- <csrf /> -->
        <headers>
            <cache-control />
            <content-type-options />
            <hsts />
            <frame-options />
            <xss-protection />
        </headers>
        <!-- requires-channel="https" -->
        <intercept-url pattern="/favicon.ico" access="permitAll" />
        <intercept-url pattern="/login*" access="permitAll" />
        <intercept-url pattern="/login/facebook-login*" access="permitAll" />
        <intercept-url pattern="/validateUserCredentials*"
            access="permitAll" />
        <intercept-url pattern="/register*" access="permitAll" />
        <intercept-url pattern="/activation*" access="permitAll" />
        <intercept-url pattern="/restore*" access="permitAll" />
        <intercept-url pattern="/resend*" access="permitAll" />
        <intercept-url pattern="/resources/**" access="permitAll" />
        <intercept-url pattern="/license*"
            access="hasAnyRole('${role.admin}', '${role.master}')" />
        <intercept-url pattern="/**"
            access="hasAnyRole('${role.admin}', '${role.master}', '${role.owner}', '${role.simple}')" />
        <access-denied-handler error-page="/denied" />
        <form-login login-page="/login" default-target-url="/logged"
            authentication-failure-url="/loginfailed" login-processing-url="/j_spring_security_check" />
        <logout logout-success-url="/login" invalidate-session="true"
            delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE" />
        <session-management session-fixation-protection="migrateSession">
            <concurrency-control error-if-maximum-exceeded="true"
                max-sessions="1" expired-url="/login" />
        </session-management>
        <remember-me token-validity-seconds="86400" />
    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="daoAuthenticationProvider" />
    </authentication-manager>

    <beans:bean id="daoAuthenticationProvider"
        class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userDetailsService" />
        <beans:property name="saltSource" ref="saltSource" />
        <beans:property name="passwordEncoder" ref="passwordEncoder" />
    </beans:bean>

    <beans:bean id="passwordEncoder"
        class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />

    <beans:bean id="saltSource"
        class="org.springframework.security.authentication.dao.ReflectionSaltSource">
        <beans:property name="userPropertyToUse" value="salt" />
    </beans:bean>

    <beans:bean id="userDetailsService" name="userAuthenticationProvider"
        class="com.luffy.security.AuthenticationUserDetailService">
    </beans:bean>
</beans:beans>

任何帮助将不胜感激.我尽我所能来解决这个问题,但我无法找到任何可靠的解决方案.