tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Preißer <>
Subject RE: [OT] Accessing HREF Target from Servlet
Date Sat, 29 Jun 2013 20:31:40 GMT

> -----Original Message-----
> From: George S. []
> Sent: Saturday, June 29, 2013 7:45 PM
> To: Tomcat Users List
> Subject: Re: [OT] Accessing HREF Target from Servlet
> >
> > 1) Why would you need to access that part after the "#" for Auth stuff ?
> > Intuitively, the part after the "#" is inside of a page. So if access
> > to the page is already granted/forbidden by the Auth stuff, the part
> > inside of the page should not matter.
> I'm doing facebook graph api authentication. In the login cycle, you send the
> user to a page facebook page, and you provide that page with a redirect_url.
> After the user does their login through facebook, they get redirected back to
> the url you supplied. In a case of freakish bizarre (for a server-side
> developer), the access token you get is not a parameter on the request.
> IOW, the redirect is to "your_redirect_url.html#access_token=blah", not
> "your_redirect_url.html?access_token=blah". The whole mess is
> documented
> here:
> no-jssdk/
> The part about the token being in the URL but not in the query string isn't
> documented there, but it's documented on another page. I'm guessing the
> reason they did this is so that the access_token would not show up in the log
> files of the destination server.

I have also implemented Facebook Login a while ago for a Webapp that runs under Tomcat 7.
However, I do not get the fb-code or access_token after a "#" in the redirected url - maybe
you used a JavaScript-only  variant for the Facebook login?

For example, when doing a Facebook Login, my app does the following:

1. It redirects the user to:<client_id>&scope=email&redirect_uri=http%3A%2F%2F<my_redirect_url>

2. After the user logs in, the Facebook site redirects to:
so the App gets a "code" parameter which is needed to get an access_token.

3. The App can now request an access token by making an HTTP request to a URL like<client_id>&redirect_uri=http%3A%2F%2F<my_redirect_url>&&client_secret=<client_secret>&code=<code>

(using the <code> from the previous redirect, and using the same <my_redirect_url>
parameter as on the first redirect to the Facebook site.

 4. Then the app can request user information from the Facebook Graph API by making a request
to a URL like,name,first_name,last_name,email&access_token=<access_token>.

You can see a live demo here: (it is a german
app for sharing pictures). If you click on the Facebook icon, you will be redirected to FB.
After you log in, FB will redirect you to the app with a URL like<code>#_=_
After that, the app will query the user's name from Facebook's Graph API and display it in
the top right corner.

Konstantin Preißer

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message