Product

Fusion 5.10

    Set Up Google Authentication

    To authenticate against Google services, perform the steps in this article.

    1 Add the security provider dependency

    To add Google as a security provider in the Oauth Security module:

    1. Remove any existing security provider dependency from the pom.xml under the root of the project.

    2. Add a security provider dependency for Google to the dependencies tag in pom.xml:

      <dependency>
          <groupId>twigkit</groupId>
          <artifactId>twigkit.security.provider.oauth.google</artifactId>
          <version>${project.parent.version}</version>
      </dependency>
    3. Configure Appkit to invoke this module on startup. Change the security.conf file in src/main/resources/conf/security/ to contain:

      type: oauth
    4. Remove any existing spring-security.xml file, because this module encapsulates all Spring configuration automatically.

    2 Configure the OAuth module for application setup in Google Developer Console

    Add the relevant configuration in a file in conf/security/oauth.conf:

    client-id: 419084461435-2370lvl0rpcr8b8lu0ljkv3l2ib2ahfc.apps.googleusercontent.com
    client-secret: 5p-Ph7AcvnFBfMQSSUNv-umQ
    scope: https://www.googleapis.com/auth/userinfo.profile

    Including the user profile scope lets Appkit automatically pull the user profile information into their Appkit user details.

    This guide assumes the client-id and client-secret settings have already been generated in the Google Developer Console and provided to you as an application developer. For more information about this, see the Google documentation on OAuth.

    The authorized redirect URI must be configured in the Google Developer Console as http://your-application-url/oauthLogin.

    3 Add the Spring filter to the web.xml

    Add this to the web.xml of the project:

    <!-- Spring Security -->
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:spring-security.xml</param-value>
        </context-param>
    
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
    
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
    
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    
        <listener>
          <listener-class>
            org.springframework.web.context.request.RequestContextListener
          </listener-class>
        </listener>
    <!-- Spring Security Ends -->

    Inclusion of a 'RequestContextListener' is not required in a standard Appkit-plus-Spring Security application.

    4 Test the authentication

    If a user is not logged into a Google account prior to visiting the application they will be redirected to the Google login page. They will then be asked if they want to approve the application to access the services defined in the scopes parameter. If the user profile scope is included the Appkit user’s details will also be populated with any basic information available from the decoded OAuth token such as first name, last name and email address.

    Using OAuth can create a seamless experience where, after the token handshake and approval is complete, the user will always be logged into the application as long as their session with Google is active.

    User logs in:

    Google account login screen example

    User approves application:

    Google approval screen example

    The user is signed into the application with an OAuth token, and will be signed in automatically from now on unless the token expires or the user logs out of Google entirely.

    Google application example