Jan 12, 2013
Published by Yuan Ji on Jan 12, 2013 at 11:54:00 PM | 9 Comments
Some of my thoughts and experiences.
Right after my blog was flooded with spams, I decided to add social login to my website, which means users can login without username and password, just use his/her social network account from a social networking service, such as Google+, Twitter, or Facebook. Spring Social project has fantastic support for this, and I always want to try something new with excitement. However, to get it to work properly really took me lots of time. Fortunately it is functioning now, with many hacks. Here I want to record the challenges I had during this interesting experience.
The first change to my blog project is updating my data model and adding connection framework to support
UserAccount class has username, password, profile etc.
In order to use Spring Social, I have to follow its example to add
to store user's social connection data such as user id, provider id (like "google", "facebook"),
provider user id (your account id at the social website),
image URL, profile URL, etc. Spring Social already has a jdbc implementation for connection framework,
but I'm using MongoDB, so I have to add MongoDB implementation for
With the help of Spring Data project, it is
easy to add the MongoDB version of
UserSocialConnection, much simpler than the jdbc version.
And by copying the source code in spring-social-core module, I add
MongoUsersConnectionRepository to extend
Service Provider 'Connect' Framework.
The second challenge is much harder. To enable Spring Social to work with Spring Security, I have to use spring-social-security module, but unfortunately this module was not released yet at the end of 2012. The good news is right now all Spring projects are in Github, so it is extremely easy to clone the Spring Social project and hack it, by following Craig Walls’ instruction: Contributing to Spring Social.
I forked Spring Social project and refactored social security module. I did a trick, changing project version
to 1.1.0.YUAN in
spring-social/gradle.properties, and installed it to my local maven repository.
So I only need to change my blog project dependency to Spring Social version 1.1.0.YUAN.
To simplify signup process, the first time a user logs in through a social network account,
if the system cannot find it in the database, it will automatically create a new
as well as a new record in
In order to do that, I have to hack spring social security even more.
All my refactoring changes are in Github now, and I sent a
hoping it will be helpful to Spring Social project.
At first I used my google account for testing, with the
Spring Social Google project. It works very well. Later I wanted to add Twitter and Facebook support,
with some difficulties. The problem was I couldn't get it to work on my local test machine.
After research and trial and error, the trick is to use
http://127.0.0.1:8080 instead of
http://localhost:8080, because Twitter cannot accept localhost as URL. And for Facebook,
set the Site URL to
http://127.0.0.1:8080 as well for "Website with Facebook Login".
After users signed up with Twitter, we should allow users to add their Facebook account to my blog website, so user can log in later through Facebook. Spring Social provides a ConnectController, “a Spring MVC controller that coordinates the connection flow between an application and service providers”. I just extend it with my own connect controller to always redirect to account page after successful or failed connection.
There are still several issues in my blog project, such as the RememberMe function seems not to be working with social security. I will investigate this later.
Overall, I have had lots of fun working with Spring Social, Spring Data and Spring Security, and feel a sense of big accomplishment when it works.
You must sign in to post your comment.