# Spring Security 5 Integrated Authing OIDC Single Sign-On Guide
This article takes Spring Security 5, which provides authentication and access control in the Spring ecosystem, as an example, and introduces in detail how Spring Security 5 accesses Authing OIDC.
Spring Security is a security framework that provides secure access control solutions. It provides a set of Beans that can be configured in the Spring application context, making full use of Spring IoC, DI (Inversion of Control, DI: Dependency Injection) and AOP (Aspect Oriented Programming) functions to provide application systems The declarative security access control function enhances the security of enterprise systems and reduces the burden of writing a large amount of repetitive code.
The main functions of Spring Security mainly include: -Certification -Authorization -Attack protection
Taking the OIDC service provided by Authing as an example, the following will introduce in detail the method of integrating Authing OIDC single sign-on with Spring Security 5:
# 1. Initialize the Spring boot project
Open IDEA, click New Project to create a new project, and select Spring Initializr to create a Spring Boot project.
Enter the Group and Artifact information of the project.
Add Spring Web and Spring Security dependencies.
After creating the project, run the project in IDEA.
After the project is running, use a browser to visit localhost:8080 (opens new window) and it will automatically jump to /login. You can see that a basic login form appears on the page, indicating that the project is initialized successfully.
# 2. Configure Authing
First, register an account with Authing, then enter the console and follow the guided steps to create a new user pool.
Click the "Application" menu item on the left, and you will see an application created by default on the right.
Click "Configuration" and you will see the App ID, App Secret and Issuer url. Please save them properly. You will use these information later.
Then you need to add http://localhost:8080/login/oauth2/code/authing (opens new window) to the callback address. The options after that are consistent with the following figure .
# 3. Configure Spring Security
Go back to the project, find src/main/resources/application.properties, rename it to application.yml, and add the following:
spring:
security:
oauth2:
client:
registration:
authing:
client-id: {Replace with your App ID such as: App Secret5e72d72e3798fb03e1d57b13}
client-secret: {Replace with your App Secret such as: 931f19ce2161e5560c072f586c706ee6}
redirect-uri:'{baseUrl}/login/oauth2/code/{registrationId}'
client-authentication-method: post
scope:
-openid
-profile
provider:
authing:
issuer-uri: https://{Replace with your Issuer, such as: authing-net-sdk-demo}.authing.cn/oauth/oidc
user-name-attribute: preferred_username
You need to replace {clientId}, {secret}, {issuerUrl} here with the actual information in the previous step application configuration. Next, you need to add some dependencies and update in pom.xml:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
Everything is ready, now start the project and visit localhost:8080 (opens new window) to see the Authing login window.
Spring Security will protect the homepage by default, and will authenticate when accessing the homepage, and unauthenticated access requests will jump to /login. After registering and logging in, you will be redirected back to the homepage, and you can see the welcome message on the page showing the username of the currently logged in user.
For a more comprehensive sample project, please click https://github.com/Authing/authing-spring-oidc-demo (opens new window) For more information, please visit Authing (opens new window) official website
â SDK for WeChat Mini Program Express â