Announcement Announcement Module
No announcement yet.
Spring MVC + Spring Security + Spring Social Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring MVC + Spring Security + Spring Social

    Hi all!
    I need your help. I started to develop Social project, but i don't know how to integrate Spring Social to it. I have a good Spring MVC config with Spring Security. But how can i add Spring Social dependencies to it.

    I've tried this one, but it very hard to understand, how can i use it on my project.

    Could you give me a good example of it. I'll very appreciate you, if you can help me.

    Please, help.

    Best regards!


  • #2
    There are two ways to use Spring Social with Spring Security. The first (which is probably not the one you want) is to simply use Spring Security as the security mechanism for your app and tie it into Spring Social with a custom Spring Security-based SignInAdapter. That's what the Spring Social Showcase example does. (See

    The other way makes Spring Social's connection flow more a part of Spring Security, by way of a Spring Social-based Spring Security authentication filter. In this way, authenticating via Facebook/Twitter/etc, is really no different from Spring Security's perspective than authenticating with a login form or via HTTP Basic. (See

    Note that the SocialAuthenticationFilter that makes tighter Spring Security integration possible is only available in the not-yet-GA-released Spring Social 1.1.0. You can use Spring Social 1.1.0.M2 or 1.1.0.BUILD-SNAPSHOT as the version when trying it out. Seeing how security is an important thing, I'd really appreciate it if you could give it a shot and provide feedback so that (if necessary) I have time to make any adjustments before cutting another release.


    • #3
      Hello habuma,
      I've an hard time to understand the differences between the two ways to use spring security, could you be more specific on which are the differences between the two approaches?


      • #4
        Again, the two options that are now available in Spring Social 1.1.0.M2 and up are:

        * ProviderSignInController
        * SocialAuthenticationFilter

        ProviderSignInController has been around since the beginning of Spring Social and it does *not* assume any particular security implementation. It works fine whether you use Spring Security or not, because *you* tell it how to obtain the local user's ID when creating a connection. (Prior to 1.1.0.M1 you did this when you configured the ConnectionRepository bean in JavaConfig; with the new configuration improvements, you do this with a custom implementation of UserIdSource.)

        The good thing about ProviderSignInController is that it doesn't care what security mechanism you use. The downside of it is that it only integrates with Spring Security on the surface and doesn't truly work itself into Spring Security's filter chain (to take advantage of things like Remember-Me and other Spring Security features).

        SocialAuthenticationFilter, on the other hand, *does* integrate deep into Spring Social's filter chain. It's a real authentication filter, just like Spring Security's existing authentication filters. Therefore, if you use it you get the full benefits of Spring Security. The obvious downside of this approach is that it demands that you use Spring Security. It won't work with any other security implementation.


        • #5
          Thanks you Craig, much appreciated.