Fork me on GitHub

spring-social-security by socialsignin

Delegating the authentication and security of your application to Spring Social

Many applications using Spring Security for authentication will need to:

For applications which already use spring-social to connect with external authenticated apis (eg. Facebook, Twitter) , SocialSignIn’s spring-social-security module removes these authentication concerns by delegating authentication in Spring Security via spring-social to the third party api. Authenticating your website users via spring-social api providers means:


Build and install locally using mvn install

Add spring-social-security as a dependency for your webapp

For a simple "Hello World" app demonstrating spring-social-security see:

To delegate the authentication for your app to Spring-Social, a number of spring beans must be set up.

To use the default beans/implementations/configuration, simply component scan:

<context:component-scan base-package="" />

and register springSocialSecurityAuthenticationFilter as a custom filter in place of FORM_LOGIN_FILTER.

<security:custom-filter position="FORM_LOGIN_FILTER" ref="springSocialSecurityAuthenticationFilter" />

Also configure the entry-point for your app's authentication to be the page from which users can login/connect with a Spring-Social provider (usually a page with a form submit to ProviderSignInController or ConnectController), and configure an environmental property (socialsignin.signUpView) for a page where user can choose a username when creating an account which posts a "userId" to the url "/signup" (handled by SpringSocialSecuritySignUpController)

For example:

<bean id="springSocialSecurityEntryPoint" class=""> <property name="loginFormUrl" value="/oauthlogin.jsp"/> </bean>

<security:http use-expressions="true" entry-point-ref="springSocialSecurityEntryPoint" ....

As an alternative to component-scanning for the default implementations, you have the option to register your own beans/provide custom implementations.

The classes which are registered as beans by default through component-scanning are:


Michael Lavelle (




You can download this project in either zip or tar formats.

You can also clone the project with Git by running:

$ git clone git://