Development how to – Simple integration of a Facebook login with Spring Security Framework (v2)

Kevin Deyne

A 25-year-old Software Engineer with a passion for Web, Java and Writing. Working at RealDolmen, he focuses on customer-centric projects that can actually help people and move organisations forward. Most hours of the day, he's thinking about code, integrating architectures and how to solve the next big problem. He also wrote a Lovecraft-inspired thriller called Whitewood and is working on Envir, a high-end project management tool.

  • Alan Varghese Aniyan

    Hello kevin,
    This project works perfectly when I tried running as an independent project but failed when I tried to integrate it with my existing Spring Security project.
    The /connect/facebook redirects it to /connect/facebookConnect.html(which I gave in configuration to be permitted),but instead of redirecting it to facebook authentication url,it returns back to login page,which might be possibly because the spring security restricts it from further redirecting.
    Please suggest me a solution.

    1. Kevin Deyne

      Sounds like you’re bumping into a location you’re not allowed in, assuming you’re getting no stacktraces anywhere – or the connection is failing and you’re redirected to your login error page. To be safe, check that you’ve got no errors anywhere and that your facebook api has registered a successful authentication in its dashboard. If that doesn’t seem the case, maybehaps there’s an API key you’ve forgotten somewhere, etc.

      If everything’s on the up there, consider that there are two files it can redirect to: /connect/facebookConnect.html and /connect/facebookConnected.hmtl (as per Both need to be accessible to all (they are and should only be HTTP redirects; there’s no reason to block them).

      If you’re using the static redirects such as specified there, make sure those also redirect to a navigable page, not any custom login page. You want Spring to bring you to the login pages, not manually go there.

      Note that these static redirects are just some defaults. You can add custom urls and such to this too, but I’ve generally had mixed results with changing these depending on your setup. At a certain point it becomes easier to have redirects in place, than try and figure out every different security context people have.

      If you’re still having issues with it, try downloading the sources and debug through it step by step – until you see where it fails.

  • Sergii Getman

    Hi Kevin,

    About this connectController bean:

    public ConnectController connectController() {
    ConnectController controller = new ConnectController(connectionFactoryLocator(), connectionRepository());
    controller.addInterceptor(new CustomConnectInterceptor());
    return controller;

    It don’t rely on connectionFactoryLocator, connectionRepository (including usersConnectionRepository) you have defined in WebSecurityConfig. Spring injects their own objects created by ConfigurationClassEnhancer. So to injects beans defined by ourself we to do some additional manipulation.

Leave a Reply