In this tutorial, we will integrate Spring Security with OAuth2 to enable authentication using GitHub. This allows users to log in to our application using their GitHub credentials, streamlining the login process.
Prerequisites
- Basic knowledge of Spring Boot
- A GitHub account
- Java Development Kit (JDK) installed
- Maven or Gradle for dependency management
Step 1: Create a GitHub OAuth App
- Go to GitHub Developer Settings.
- Click on New OAuth App.
- Fill in the details:
- Application Name: Your app name
- Homepage URL:
http://localhost:8080 - Authorization callback URL:
http://localhost:8080/login/oauth2/code/github
- After creating, note the Client ID and Client Secret.
Step 2: Set Up Spring Boot Project
Create a new Spring Boot project using Spring Initializr with the following dependencies:
- Spring Web
- Spring Security
- Spring Boot DevTools
- Spring OAuth2 Client
Step 3: Configure application.yml
Add your GitHub client credentials to src/main/resources/application.yml:
spring:
security:
oauth2:
client:
registration:
github:
client-id: YOUR_CLIENT_ID
client-secret: YOUR_CLIENT_SECRET
scope: read:user
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
provider:
github:
authorization-uri: https://github.com/login/oauth/authorize
token-uri: https://github.com/login/oauth/access_token
user-info-uri: https://api.github.com/userStep 4: Create a Security Configuration
Create a configuration class to set up security:
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/login").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login();
}
}Step 5: Create a Controller
Create a simple controller to handle requests:
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.core.user.OAuth2User;
@Controller
public class HomeController {
@GetMapping("/")
public String home() {
return "home";
}
@GetMapping("/user")
public String user(@AuthenticationPrincipal OAuth2User principal, Model model) {
model.addAttribute("name", principal.getAttribute("name"));
return "user";
}
}Step 6: Create HTML Templates
Create two HTML files in src/main/resources/templates:
home.html:
<!DOCTYPE html>
<html>
<head>
<title>Home</title>
</head>
<body>
<h1>Welcome to the Spring Security OAuth2 Example</h1>
<a href="/oauth2/authorization/github">Login with GitHub</a>
</body>
</html>user.html:
<!DOCTYPE html>
<html>
<head>
<title>User</title>
</head>
<body>
<h1>Hello, ${name}!</h1>
<a href="/">Logout</a>
</body>
</html>Step 7: Run the Application
Run our Spring Boot application. Navigate to http://localhost:8080, and click on the “Login with GitHub” link. We will be redirected to GitHub for authentication. Upon successful login, we will be redirected back to our application.
Conclusion
we have successfully integrated Spring Security with GitHub OAuth2 authentication. This setup allows users to authenticate using their GitHub accounts, enhancing user experience and security. we can further customize the application according to our needs, such as adding more user information or handling different OAuth providers.