Jérôme Thanks. Yes, the signature is odd. I'll see if Maven 3 does something, but it seems very unlikely as signatures are normally fine. I have the libraries now, but its definitely an issue. Source is also needed, otherwise its very hard to see what is going on.
I think I see what you're saying, although I'm not quite clear about step 5. What happens when I go these URLs? Tim On 11 October 2012 20:13, jleleu [via Shiro User] < [email protected]> wrote: > Hi, > > OK. I see the checksum error. This is the cause of all your problems. It's > very strange. Hard to say what's going wrong here. Did you try with maven 3 > (after cleaning your repo from buji-oauth) ? > > You're right, the Google2Provider is missing in demo because I already > have 8 other providers, I thought it was enough. There are 3 libraries > because scribe-up is also used for the CAS project and a Spring security > library for OAuth. > > > 1. You need to define the providers (coming from the scribe-up project) : > in your case, Facebook and Google in the shiro.ini file : > > *facebookProvider = org.scribe.up.provider.impl.FacebookProvider > facebookProvider.key = your_key > facebookProvider.secret = your_secret > facebookProvider.callbackUrl = http://localhost:8080/shiro-facebook > facebookProvider.scope = email # to request just email permission > facebookProvider.fields = id,email # just to get the FB identifier and the > email > > googleProvider = org.scribe.up.provider.impl.Google2Provider > googleProvider.key = your_key > googleProvider.secret = your_secret > googleProvider.callbackUrl = http://localhost:8080/shiro-google > googleProvider.scope = EMAIL # because you just want to get the email > * > It means you will have two urls (/shiro-facebook and /shiro-google) to > validate the FB and Google OAuth authentication. > > > 2. You need to define the OAuth realms : one realm for each provider > because I assume you can have different roles and permissions granted > according to your provider (in the shiro.ini file) : > > *facebookRealm = com.you.ExtendedOAuthRealm > facebookRealm.provider = $facebookProvider > > googleRealm = com.you.ExtendedOAuthRealm > googleRealm.provider = $googleProvider > * > This ExtendedOAuthRealm deals with your custom logic and extends the > io.buji.oauth.OAuthRealm. > > > 3. You need to define the filters which will handle the end of the OAuth > authentication process in your web app for both providers (in the shiro.ini > file). A filter creates an AuthenticationToken handled by the appropriate > OAuthRealm. > > *facebookFilter = io.buji.oauth.OAuthFilter > facebookFilter.provider = $facebookProvider > facebookFilter.failureUrl = /error.jsp # the error page if the OAuth > authentication fails > > googleFilter= io.buji.oauth.OAuthFilter > googleFilter.provider = $googleProvider > googleFilter.failureUrl = /error.jsp # the error page if the OAuth > authentication fails* > > > 4. You DON'T need to define other OAuth filters to protect your > application and redirect the user to the OAuth provider for authentication. > The filters in the io.buji.oauth.filters are not necessary for you. > > > 5. On your login page, I understand that your user choose on which > provider to authenticate. You can do that by generating the authorization > url to redirect the user to the OAuth provider for authentication : > *<a href="<%=facebookProvider.getAuthorizationUrl(null)%>">Authenticate > at Facebook > <a href="<%=googleProvider.getAuthorizationUrl(null)%>">Authenticate at > Google* > > > 6. Your security configuration would be : > *[urls] > /shiro-facebook = facebookFilter > /shiro-google = googleFilter > /login.jsp = authc > /settings.ftl = authc > /listUsers.ftl = authc > /logout = socialLogout* > > > 7. You need an extended OAuth realm with your custom logic : you want to > check if the user is in database and load the roles. I don't know what you > use as a principal, but with buji-oauth, it will be the "typed id", > something like FacebookProfile#1234 or GoogleProfile#1234. > So I think you can simply create the ExtendedOAuthRealm by extending the > io.buji.oauth.OAuthRealm and putting your doGetAuthorizationInfo method in > it if you can use this typed id as a key to match data coming from OAuth > providers and your internal data. > > The second principal filled by the OAuthRealm (doGetAuthenticationInfo > method) in buji-oauth is the user profile. > So you can access some property on profile if you want to use it as > username : > if (profile instanceof FacebookProfile) { > FacebookProfile fp = (Facebookprofile) profile; > email = fp.getEmail(); > } else if (profile instanceof Google2Profile) { > Google2Profile gp = (Google2Profile) profile; > email = gp.getEmail(); > } > A common profile here would simplify work. I plan it for scribe-up 1.3.0. > > > I didn't test anything so there might be some adjustments to do. > Hope it's clear enough for you to try to switch to buji-oauth. > > Best regards, > Jérôme > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > http://shiro-user.582556.n2.nabble.com/OAuth-demo-tp7577850p7577862.html > To start a new topic under Shiro User, email > [email protected] > To unsubscribe from Shiro User, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=dGltLm5pYmxldHRAY2lsb2dpLmNvbXw1ODI1NTZ8MTMwMDYyMTY=> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/OAuth-demo-tp7577850p7577863.html Sent from the Shiro User mailing list archive at Nabble.com.
