Open deanguyton opened 9 years ago
I can reproduce in dev environment by purposely throwing an IOException, it triggers a state where all of the sec:ifLoggedIn tags are true so the view displays all of the nav bars and the sign out link. However, none of the links are actually accessible as the user is still not identified as ROLE_USER.
Background: Facebook authentication works initially, then after a short period of inactivity (say 12 hours), on the next next facebook login attempt the login page will display the standard spring security access violation message "Sorry, you're not authorized to view this page". Additionally, spring security is stuck in a strange state where the sec:ifLoggedIn tags allow access (which triggers the display of the nav bar that a logged in user would normally see) yet none of the links are accessible because the user isn't really authenticated.
With spring security in debug the following is logged (I've masked my id/secret):
Now if I actually cut and paste the URL, FB responds with:
I will try to override the FacebookAuthUtils class to experiment with handling this somehow or to figure out why the IOException is consistently thrown on this. But I wanted to report what I am experiencing.