Spring Social Login with Broadleaf

Question

I am looking to provide the Facebook and Gmail login on Broadleaf application for which i am referring the below mentioned link

https://www.broadleafcommerce.com/blog/why-your-ecommerce-site-should-integrate-with-spring-social

however the link is quite older, can anyone please help me to send a link or pointers to do Spring Social login with Broadleaf version 5.2

Thanks in advance

Answer 1

I have not actually implemented this, but I think I can provide some pointers. The steps below are taken from the blog post. In general, the blog post is still correct, but declaring beans has moved from XML to Java since that post was written.

1) Add the Spring Social dependencies to your root POM

Follow the blog post.

You may want to update to the newest version of Spring Social (1.1.6 as of Jan 2020). Consult the Spring Social Documentation for updated dependencies. Specifically, you would need to add an additional dependency from what the blog post listed:

<dependency>
    <groupId>org.springframework.social</groupId>
    <artifactId>spring-social-core</artifactId>
    <version>1.1.6.RELEASE</version>
</dependency>

The latest spring-social-facebook is 1.1.1 and the latest spring-social-twitter is 1.1.2.

2) Create a new applicationContext-social.xml

This is the step with the biggest changes. Broadleaf 5.2 supports declaring beans using Spring's @Configuration annotation on classes. This means that the beans defined in XML from the blog post can be defined in Java in a @Configuration class for Broadleaf 5.2.

The bean definitions for applicationContext-social.xml could be added to SiteConfig.java (or to a a new configuration class that gets component scanned from SiteConfig), and the bean definition for applicationContext-servlet.xml would go in SiteServletConfig.

Here is an example of the first bean listed in the blog post as Java configuration:

@Value("${facebook.clientId}")
private String facebookClientId;

@Value("${facebook.clientSecret}")
private String facebookClientSecret;

@Value("${twitter.consumerKey}")
private String twitterConsumerKey;

@Value("${twitter.consumerSecret}")
private String twitterConsumerSecret;

@Bean
public ConnectionFactoryRegistry connectionFactoryLocator() {
    FacebookConnectionFactory facebookConnectionFactory = new FacebookConnectionFactory(facebookClientId, facebookClientSecret);
    TwitterConnectionFactory twitterConnectionFactory = new TwitterConnectionFactory(twitterConsumerKey, twitterConsumerSecret);

    ConnectionFactoryRegistry connectionFactoryRegistry = new ConnectionFactoryRegistry();
    connectionFactoryRegistry.setConnectionFactories(Arrays.asList(facebookConnectionFactory, twitterConnectionFactory));
    return connectionFactoryRegistry;
}

The entry for applicationContext-security.xml would go in SiteSecurityConfig, but it will need to be updated to comply with the new standards of Spring Security Java configuration. The configuration snippet from the blog post <sec:intercept-url pattern="/signin/**" requires-channel="https" /> simply requires that URLs under /signin are served over https. Serving the entire site over https has become standard since the blog post was written in 2012, so this step may not be necessary if your site is already doing that. Looking at our reference Heat Clinic application, its SiteSecurityConfig.java is already configured to serve all URLs over https.

If you do need to add an entry, in SiteSecurityConfig.java, find the method configure(HttpSecurity http) and add this to the configuration:

.requiresChannel()
    .antMatchers("/signin/**")
    .requiresSecure()

You can also add the String /signin/** to an existing requiresChannel antMatcher if it exists.

3) Modify your Broadleaf Runtime Properties

Same as blog post

4) Add your new applicationContext-social.xml to web.xml

This step is not necessary when using component scanning. I doubt you are using a web.xml file with Broadleaf 5.2.

5) Change your RegisterController to extend BroadleafSocialRegisterController

Same as blog post. You can see the framework controller at org.broadleafcommerce.core.web.controller.account.BroadleafSocialRegisterController

6) Finally, add the sign in buttons to your login page

Same as blog post. Adapt to your site's HTML.

I hope this helps. Feel free to ask any follow up questions.