Spring Security Hybrid Mix with Spring Social

[digid]

What would be the best way to do a hybrid of the two? I am currently using spring security and would like to offer login access with facebook for existing and new users. However I would like to keep the option for users to sign up without facebook with my existing spring security setup. Anyone have a recommended approach? Would this work with spring-social?

[habuma]

The Spring Social Showcase (https://github.com/SpringSource/spri...ocial-showcase) example does almost what you describe. It still requires an explicit signup with the application so that the user's account can be linked to their Facebook profile, though. The Spring Social Quickstart (https://github.com/SpringSource/spri...ial-quickstart) demonstrates a different approach where a user account is created implicitly from the user's Facebook profile.

Between these two examples you should be able to find what you need. Let me know if I've misunderstood what you're trying to do and how these two examples differ from your goals.

[digid]

Thanks for the quick help on this. I'm still a little unclear how my existing spring security rules will apply to users that sign up with the facebook option in the quickstart. It seems I would still have quite a bit of work to get this integrated with spring security with the facebook first method.

I found this project (http://code.google.com/p/spring-security-social/) but it seems to be abandoned as it hasn't been updated in some time. It doesn't use Spring Social but uses the Spring Security OAuth module to implement org.springframework.security.authentication.Authen ticationProvider and provides an implementation of an AuthenticationProvider to tie spring security with facebook. I might try and refactor this code to make it work but I was hoping there might be a reason this project was abandoned because of a better more standard way of doing this is being provided within the Spring Social project.

Thanks again.

[habuma]

For the quickstart sample, take a close look at the SimpleConnectionSignUp (https://github.com/SpringSource/spri...ionSignUp.java) class. Right now it doesn't do anything terribly interesting. But you could use the connection given to implicitly create an account on your app. Or you could use it to create a for-this-session User and sign them in (which is essentially what the SimpleSignInAdapter does in this example).

I can't speak to why other projects are abandoned (or put on hold). But yes, there are a handful of attempts to create a tighter integration between Spring Security and Spring Social. And yes, there is a plan to officially bring that into Spring Social in the 1.1.0 release (currently underway, but no date for delivery yet).

[sdouglass]

I tried to write up how I integrate Spring Social and Spring Security on my blog here:

http://harmonicdevelopment.tumblr.co...mvc-and-spring

I'm working on making a sample app so there is a full set of code to go along with the posts, too. That probably won't be ready for a while though. In the posts I at least try to highlight the places where I found that I needed to connect Spring Social with Spring Security.

The two most important things, I think, were that I created local user accounts in my ConnectionSignUp implementation, and that I manually set up a Spring Security context in my SignInAdapter implementation. (Read the Spring Social docs if you don't know about ConnectionSignUp and SignInAdapter yet.)

[lucas1223]

I was able to integrate into my gwt project

using spring-social-security and spring-social-jpa

I believe I tried to integrate spring-social-showcase jsp, and redirected after successful login to my gwt app

problem is that the normal authentication was not working, meaning, if they tried to log in with my website credentials (if the user signs in with twitter or facebook, he still needs to create an account to the website)

I tried to write up how I integrate Spring Social and Spring Security on my blog here:

http://harmonicdevelopment.tumblr.co...mvc-and-spring

I'm working on making a sample app so there is a full set of code to go along with the posts, too. That probably won't be ready for a while though. In the posts I at least try to highlight the places where I found that I needed to connect Spring Social with Spring Security.

The two most important things, I think, were that I created local user accounts in my ConnectionSignUp implementation, and that I manually set up a Spring Security context in my SignInAdapter implementation. (Read the Spring Social docs if you don't know about ConnectionSignUp and SignInAdapter yet.)

nice blog, did not find it on google when I was trying to look for ways to integrate to my app

[digid]

Thanks for the pointers everyone. After becoming very familiar with the framework and looking at the sample code projects mentioned I was able to retrofit a solution into my project.