Right after my blog was flooded with spams, I decided to add social login to my website, which means users can login without username and password, just use his/her social network account from a social networking service, such as Google+, Twitter, or Facebook. Spring Social project has fantastic support for this, and I always want to try something new with excitement. However, to get it to work properly really took me lots of time. Fortunately it is functioning now, with many hacks. Here I want to record the challenges I had during this interesting experience.

Data Model and Connection Framework

The first change to my blog project is updating my data model and adding connection framework to support social login. My old UserAccount class has username, password, profile etc. In order to use Spring Social, I have to follow its example to add UserSocialConnection class to store user's social connection data such as user id, provider id (like "google", "facebook"), provider user id (your account id at the social website), image URL, profile URL, etc. Spring Social already has a jdbc implementation for connection framework, but I'm using MongoDB, so I have to add MongoDB implementation for ConnectionRepository and UsersConnectionRepository

With the help of Spring Data project, it is easy to add the MongoDB version of UserSocialConnection, much simpler than the jdbc version. And by copying the source code in spring-social-core module, I add MongoConnectionRepository and MongoUsersConnectionRepository to extend Service Provider 'Connect' Framework.

Social Security

The second challenge is much harder. To enable Spring Social to work with Spring Security, I have to use spring-social-security module, but unfortunately this module was not released yet at the end of 2012. The good news is right now all Spring projects are in Github, so it is extremely easy to clone the Spring Social project and hack it, by following Craig Walls’ instruction: Contributing to Spring Social.

I forked Spring Social project and refactored social security module. I did a trick, changing project version to 1.1.0.YUAN in spring-social/gradle.properties, and installed it to my local maven repository. So I only need to change my blog project dependency to Spring Social version 1.1.0.YUAN.

Auto Signup

To simplify signup process, the first time a user logs in through a social network account, if the system cannot find it in the database, it will automatically create a new UserAccount, as well as a new record in UserSocialConnection. In order to do that, I have to hack spring social security even more. All my refactoring changes are in Github now, and I sent a pull request, hoping it will be helpful to Spring Social project.

Local Test

At first I used my google account for testing, with the Spring Social Google project. It works very well. Later I wanted to add Twitter and Facebook support, with some difficulties. The problem was I couldn't get it to work on my local test machine. After research and trial and error, the trick is to use http://127.0.0.1:8080 instead of http://localhost:8080, because Twitter cannot accept localhost as URL. And for Facebook, set the Site URL to http://127.0.0.1:8080 as well for "Website with Facebook Login".

Add Social Connections

After users signed up with Twitter, we should allow users to add their Facebook account to my blog website, so user can log in later through Facebook. Spring Social provides a ConnectController, “a Spring MVC controller that coordinates the connection flow between an application and service providers”. I just extend it with my own connect controller to always redirect to account page after successful or failed connection.

There are still several issues in my blog project, such as the RememberMe function seems not to be working with social security. I will investigate this later.

Overall, I have had lots of fun working with Spring Social, Spring Data and Spring Security, and feel a sense of big accomplishment when it works.