Aug 6th, 2012, 06:10 AM
Spring Security OAuth vs. Spring Social?
It is not clear to me what the similaries / differences are between Spring Security OAuth and Spring Social. Can any one shed some light on the following questions.
1. Does Spring Social use Spring Security OAuth?
2. Can Spring Security OAuth and Spring Social be used at the same time?
3. Does Spring Social depend on Spring Security?
4. When should I use Spring Social and When Should I used Spring Security OAuth?
Aug 7th, 2012, 04:55 AM
To #1 and #3 the answer is "no". The two projects started independently and we agreed to keep them separate until they have a chance to mature a bit. If there are any common abstractions we might introduce a shared dependency in the future.
To #2, "yes". No reason why not that I know of. Spring Social specifically targets particular API providers (Facebook, github etc.) and Spring Security is generic (and does not necessarily attempt to cover all possible flavours of oauth provider, although it does work with quite a wide range).
#4 is an open-ended question, and of course the answer is "it depends." Spring Social has no oauth provider features, so if you are building a provider you probably need Spring Security. On the client side the emphasis with Spring Security is to make oauth usage as invisible to clients as possible through the use of servlet filters and the RestTemplate that you would use with Spring in a non secure client. Spring Social is less declarative, and more of a library. You choose, basically, based in the programming model you prefer.