public void authenticate( OAuthAccessToken oAuthAccessToken, HttpServletRequest request, HttpServletResponse response) throws FacebookException, IOException, ServletException { Facebook facebook = Face4jFactory.getInstance().getFacebookFactory().getInstance(oAuthAccessToken); User fbUser = facebook.getCurrentUser(); PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(fbUser, null); token.setDetails(ads.buildDetails((HttpServletRequest) request)); try { Authentication authentication = authenticationManager.authenticate(token); SecurityContextHolder.getContext().setAuthentication(authentication); HttpSession session = request.getSession(true); session.setAttribute("username", fbUser.getEmail()); LOG.info("Facebook user " + fbUser.getName()); if (authentication.getAuthorities().contains(AppRole.NEW_USER)) { LOG.debug("New user authenticated. Redirecting to registration page"); ((HttpServletResponse) response).sendRedirect(REGISTRATION_URL); return; } } catch (AuthenticationException e) { failureHandler.onAuthenticationFailure( (HttpServletRequest) request, (HttpServletResponse) response, e); return; } }