Spring Social Additions to a Spring Security App

This post looks at the additions and modifications to NixMash Spring v0.2.8 where Spring Social is added to an application with Spring Security in place. Our goal is to present a snapshot of the pieces that comprise a Spring Social implementation.

I covered the user account creation and sign-in workflow of NixMash Spring in a previous post which provides some background and describes the various pieces of the process.

Application Layout

Before focusing on the components that comprise Spring Social, it's helpful to quickly cover the layout of the NixMash Spring application. The child projects are named by function as you can see, with nixmash-spring as the parent Gradle project. Nearly all of the Spring Social action happens in the MVC project. The MVC (Web) project references JPA and SOLR, so we'll be looking at the changes to MVC and JPA.

Spring Boot Dependencies

Below are the Spring Boot Dependencies added to the MVC Project. We are using the default starter libraries with Spring Boot 1.3.3. If we were using, say, Spring Boot 1.3.0 we would have to list specific library versions due to issues that have been resolved in 1.3.3. I covered some of that in an earlier post on Spring Boot Showcase.

MVC Project File Additions

What you're looking at below is a Git Comparison View in Eclipse, comparing the state of the MVC project with its pre-Spring Social v0.2.7 branch. The Git Status Icons aren't clearly visible, so it's difficult to separate new files with those updated, but you can probably guess the new files from those updated. SocialConfig.java is a new config file, SigninController.java is a new controller, and the 3 class files in the security package are new with Spring Social. I think you'll agree that we added very little code to get a lot of OAuth muscle.

On the HTML side, login.html has been renamed to signin.html to conform to Spring Social Url conventions (login.html should be deleted as it isn't used), and signup.html is new. Signup.html is the return file from the OAuth service where the user creates a local site account.

SecurityConfig Class Additions

Since we've been using Spring Security for some time, SecurityConfig.java was not new. Here are the additions and changes to support Spring Social.

UserController Updates

The updates in the UserController class can be summarized in the following code excerpt. Basically, the existing Registration logic was duplicated and slimmed-down to support the Spring Social Sign-Up step occurring the first time a user signs-in with Facebook or Twitter.

JPA Project Updates

As we covered at the top, the MVC Web Project references JPA for its data objects and data handling processes.

Very little was added or modified here. Of most interest is the SocialUserDTO object used for the Spring Social Sign-Up process we saw above in UserController. SocialMediaService.java is a simple Enum to identify the Social Service. SocialUserFormValidator.java is used with the Sign-Up form to ensure, among other things, that the username and email address are unique. That gets wired up with a Spring @InitBinder(“socialUserDTO”) call in UserController.

Data Schema Addition

Last but not least is the addition of the Spring UserConnection table to H2 and MySQL. You can find that schema on the Spring Social Reference Guide.

Source Code Notes for this Post

All source code discussed in this post can be found in my NixMash Spring GitHub repo and viewed online here.

Posted March 08, 2016 05:24 PM EST

More Like This Post