I'm writing a service that would like to allow people options for creating an
account and authenticating. A potential user may choose to:
* create an account specific to the service, with a service-specific set of
credentials
* create an account but authenticate via a third party platform (initially
Facebook, but let's allow for Twitter and Google as well)
The first case is easy enough; I've extended
org.apache.shiro.realm.jdbc.JdbcRealm and have got that working. We
authenticate against a database and we create credentials for new users.
The second case seems like it would be solvable by using buji-oauth and
setting up a org.pac4j.oauth.client.FacebookClient. However, I'm having
difficulties at the last step (got the oauth token back from Facebook, now
let's login) but the specific error suggests that I'm Doing It Wrong -- I
based my configuration on the demo but deep in the Shiro framework something
is bitching about a missing name. Anyway, there seems to be at least one and
probably several missing steps in the oauth demo and I'm not at all sure I
understand how to proceed. Would someone care to engage with me to figure
out how to get this to work?
And finally, this leads to another issue: when a service client comes back
to the service at some later time (let's assume that the session has expired
from the session cache) and it wants to access a protected resource, what
knowledge needs to be persisted on the client in order to reestablish an
authenticated session? From my reading of the Shiro documentation, it
appears that I can restrict access to a resource based on a role criterion
(e.g. "CUSTOMER") but I don't see a way to specify a set of possible
authentication methods (e.g. let the user try to login using any of
{Facebook|Basic Auth}). Am I misunderstanding this?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Authentication-multiple-realms-and-buji-oauth-tp7580876.html
Sent from the Shiro User mailing list archive at Nabble.com.
