This Spring Boot Application demonstrates 2 different ways of authenticating users:
- Self managed account authentication using dbms
- Integration with 3rd party OAuth2 authentication server such as Faceebook and Google
- Remember to get client-id and client secret for both Facebook and Google and fill up in the application properties.
- A self-signed certificate is generated to serve the site on HTTPS because Facebook enforces OAuth2 client to be on HTTPS before authenticating against Facebook server.
- If you decided to terminate your SSL cert on a load balancer, you should enable
server.use-forward-headersunder the properties file. Refer to https://stackoverflow.com/questions/49765687/redirect-uri-using-http-instead-of-https/50808675#50808675. Please also disable the SSL key configuration in the application.properties file. - Enable
server.tomcat.accesslog.enabledin the application properties for troubleshooting on the oauth2 access log.
- Webjars on Bootstrap and JQuery
- H2 in memory database
- thymeleaf-extras-springsecurity4 for usage of Spring Security authentication library on thymeleaf.
- Good tutorial on Spring security OAuth2 - https://spring.io/blog/2018/03/06/using-spring-security-5-to-integrate-with-oauth-2-secured-services-such-as-facebook-and-github
- Special thanks to Spring Lemon project - https://github.com/naturalprogrammer/spring-lemon
- Official Documentation - https://docs.spring.io/spring-security/site/docs/5.0.5.RELEASE/reference/htmlsingle/#jc-oauth2login
- Official Documentation - https://docs.spring.io/spring-security/site/docs/current/reference/html/oauth2login-advanced.html
- Facebook Graph Explorer - https://developers.facebook.com/tools/explorer/