User authentication with J2EE

Question

in my website I'm allowing my users to login using their name and their password (this data is stored in my database). But now I want to allow them to login by using their social networks account, like facebook, gmail... My website is running on a JBOSS application server. And the users authentication is done by a form-based authentication, kinda like this example http://dont-panic.eu/blogs/2012/sep/form-based-authentication-against-custom-database-jboss-7. Is it possible to add this new functionality (login with social networks account) and maintaining the older one (simple login) without big changes in the way I'm currently doing the user authentication? If yes, how can I do it?

Thanks a lot!

Answer 1

I am sorry but I think that there is no easy way to accomplish it. The problem is that you would need to implement your custom JAAS provider that utilizes OAuth authentication. The OAuth is simple, you can see my linked project for sample code. But JAAS is much harder. I tried it once several years ago and I gave up.

You can implement some code for authentication (like I did) but without integration with JAAS you cannot use standard features like <security-constraint>.

Some other useful links:

1. http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html
2. http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASLMDevGuide.html

These are my two cents.

Answer 2

Generally social networks have a javascript or jquery plugin for getting the user logged in.

1. Add it in your website.
2. When the user clicks on it. The social network gives your app an authentication token.
3. Using the authentication token you can query the social network for user's registered email. But the user has to approve it.
4. Once you get the user's social email compare it with the existing email in the database, if it matches, allow the user to login.

This is a high level view how social logins are integrated into existing webapps.