/spring-security-social

A simple Web app to demo adding Spring Social features to an app that uses Spring Security.

Primary LanguageJava

This is a simple Web application that demonstrates adding Spring Social to an
existing application that uses Spring Security for authentication and
authorization, and that manages its own user accounts (with usernames and 
passwords).

The goal is to add as much Spring Social functionality as possible, including:

- new users signing in using a provider (e.g. Twitter, Facebook, etc.)
- users connecting their local accounts to provider accounts
- users viewing their connected provider accounts
- users with connected provider accounts signing in using a provider
- users disconnecting their local accounts from provider accounts

To use this application you must create Twitter and Facebook apps:

https://dev.twitter.com/apps/new
https://developers.facebook.com/apps

In order to start up this application you will need to create a file in
src/main/resources called "spring-security-social.properties". You must provide
values for all of the following properties:

- site.url - URL used in the OAuth process
- social.crypto.password - password for encrypting/decrypting store OAuth secrets
- twitter.app.consumerKey - the consumer key for your Twitter application
- twitter.app.consumerSecret - the consumer secret for your Twitter application
- facebook.app.clientId - the client id for your Facebook application
- facebook.app.clientSecret - the client secret for your Facebook application

This app uses an in-memory database, so once you've got the properties file
configured, you should be able to build and run the app (e.g. using
"mvn jetty:run"). Navigate to the root of the application in your browser and
you should be redirected to the login page. From here you have a few options:

- sign in using Twitter or Facebook
- sign in using a username and password
- sign up (create an account with a username and password)

Once you've signed in you have the following options:

- connect or disconnect a Twitter account
- connect or disconnect a Facebook account
- log out

NOTE: 
Spring Social allows for many-to-many relationships between local accounts and
provider accounts. This provides maximum flexibility but probably is not the most
common use case. In this application users may only connect one account from a
provider to one local account. Attempts to connect, for example, one Twitter
account to two local accounts, will fail. Similarly attempts to connect two
Twitter accounts to one local account will fail. This enforcement is handled in
the ConnectionRepository.addConnection() implementation in 
SocialUserConnectionRepositoryImpl.