Swiftorial Logo
Home
Swift Lessons
Tutorials
Learn More
Career
Resources

Spring Security and Social Login

Social login allows users to authenticate with your application using their social media accounts. This guide covers key concepts and steps for setting up social login in your Spring Boot application, including adding dependencies, configuring social login providers, and securing endpoints.

Key Concepts of Social Login

  • Social Login: A method for users to authenticate using their social media accounts.
  • OAuth2: An authorization framework that enables third-party applications to obtain limited access to user accounts on an HTTP service.
  • Security Configuration: Configuring Spring Security to use OAuth2 for social login.

Adding Dependencies

Include the Spring Security OAuth2 Client dependency in your pom.xml file:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>

Configuring Social Login Providers

Configure social login providers in the application.yml file:

Example: application.yml

spring:
  security:
    oauth2:
      client:
        registration:
          google:
            client-id: YOUR_GOOGLE_CLIENT_ID
            client-secret: YOUR_GOOGLE_CLIENT_SECRET
            scope: profile, email
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
            authorization-grant-type: authorization_code
        provider:
          google:
            authorization-uri: https://accounts.google.com/o/oauth2/auth
            token-uri: https://oauth2.googleapis.com/token
            user-info-uri: https://www.googleapis.com/oauth2/v3/userinfo

Configuring Security

Configure security by extending WebSecurityConfigurerAdapter and overriding the configure(HttpSecurity http) method:

Example: SecurityConfiguration.java

// SecurityConfiguration.java
package com.example.myapp.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .authorizeRequests()
            .antMatchers("/", "/login**", "/error").permitAll()
            .anyRequest().authenticated()
            .and()
            .oauth2Login()
            .loginPage("/login")
            .defaultSuccessUrl("/home", true)
            .failureUrl("/login?error=true");
    }
}

Creating Login Page

Create a custom login page to handle social login:

Example: login.html

<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
    <link rel="stylesheet" type="text/css" href="/css/styles.css" />
</head>
<body>
    <div class="swf-lsn-container">
        <h2>Login</h2>
        <form method="post" action="/login">
            <div>
                <label>Username:</label>
                <input type="text" name="username" />
            </div>
            <div>
                <label>Password:</label>
                <input type="password" name="password" />
            </div>
            <div>
                <input type="submit" value="Login" />
            </div>
        </form>
        <div>
            <a href="/oauth2/authorization/google">Login with Google</a>
        </div>
        <div class="swf-lsn-error-message">
            <#if error?string?trim != "">
                Invalid username or password.
            </#if>
            <#if logout?string?trim != "">
                You have been logged out.
            </#if>
        </div>
    </div>
</body>
</html>

Securing Endpoints

Protect specific endpoints by specifying access rules:

Example: SecurityConfiguration.java

// SecurityConfiguration.java
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/", "/login**", "/error").permitAll()
        .anyRequest().authenticated()
        .and()
        .oauth2Login()
        .loginPage("/login")
        .defaultSuccessUrl("/home", true)
        .failureUrl("/login?error=true");
}

Key Points

  • Social Login: A method for users to authenticate using their social media accounts.
  • OAuth2: An authorization framework that enables third-party applications to obtain limited access to user accounts on an HTTP service.
  • Security Configuration: Configuring Spring Security to use OAuth2 for social login.
  • Include the Spring Security OAuth2 Client dependency in your pom.xml file.
  • Configure social login providers in the application.yml file.
  • Configure security by extending WebSecurityConfigurerAdapter and overriding the configure(HttpSecurity http) method.
  • Create a custom login page to handle social login.
  • Protect specific endpoints by specifying access rules.

Conclusion

Integrating social login with Spring Security allows users to authenticate using their social media accounts, providing a seamless and convenient login experience. By understanding and configuring social login providers, security settings, and authentication flows, you can enhance the user experience and security of your Spring Boot application. Happy coding!