Re: OAuth authentication

Emond Papegaaij Wed, 19 Jan 2022 00:10:30 -0800

I've received the code from Martijn Dashorst. It should be enough to get
you up and running.
This page is mounted like this: mountPage("/oidc/#{action}",
KeyhubOidcPage.class);
Redirect to this page to start the authentication.



package nl.topicus.iridium.conversie.web.pages.public_pages.keyhub;

import static 
nl.topicus.iridium.conversie.keyhub.KeyhubEnvironmentVariables.Names.*;

import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import nl.topicus.iridium.conversie.environment.Environment;
import nl.topicus.iridium.conversie.web.app.ConversieWebSession;
import nl.topicus.iridium.conversie.web.pages.dashboard.DashboardPage;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.request.Url;
import org.apache.wicket.request.http.WebRequest;
import org.apache.wicket.request.http.WebResponse;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.JEESessionStore;
import org.pac4j.core.exception.http.RedirectionAction;
import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
import org.pac4j.oidc.profile.OidcProfile;

public class KeyhubOidcPage extends WebPage
{
        private static final long serialVersionUID = 1L;

        @Inject
        private Environment environment;

        public KeyhubOidcPage(PageParameters pars)
        {
                super(pars);

                OidcConfiguration configuration = new OidcConfiguration();
                
configuration.setClientId(environment.getRequiredValue(KEYHUB_API_CLIENTID));
                
configuration.setSecret(environment.getRequiredValue(KEYHUB_API_SECRET));
                configuration.setConnectTimeout(2000);
                configuration.setReadTimeout(5000);
                configuration
                        
.setDiscoveryURI("https://keyhub.topicusonderwijs.nl/.well-known/openid-configuration";);

                HttpServletRequest request =
                        (HttpServletRequest) ((WebRequest) 
getRequest()).getContainerRequest();
                HttpServletResponse response =
                        (HttpServletResponse) ((WebResponse) 
getResponse()).getContainerResponse();

                JEEContext context = new JEEContext(request, response);

                OidcClient keyhub = new OidcClient(configuration);
                keyhub.setCallbackUrl(getAuthenticateCallbackUrl());

                if (pars.isEmpty())
                {
                        keyhub.getRedirectionAction(context, 
JEESessionStore.INSTANCE)
                                .ifPresent(action -> apply(action, context));
                }
                else
                {
                        OidcCredentials credentials =
                                (OidcCredentials) keyhub.getCredentials(context,
JEESessionStore.INSTANCE).get();
                        OidcProfile profile =
                                (OidcProfile) 
keyhub.getUserProfile(credentials, context,
JEESessionStore.INSTANCE)
                                        .get();

                        ConversieWebSession.get().setKeyhubProfile(profile);
                        continueToOriginalDestination();
                        setResponsePage(DashboardPage.class);
                }
        }

        private String getAuthenticateCallbackUrl()
        {
                PageParameters callbackPars = new PageParameters();
                callbackPars.set("action", "callback");

                return getRequestCycle().getUrlRenderer()
                        .renderFullUrl(Url.parse(urlFor(KeyhubOidcPage.class, 
callbackPars)))
                        .toString();
        }

        private void apply(RedirectionAction action, JEEContext context)
        {
                JEEHttpActionAdapter.INSTANCE.adapt(action, context);
        }
}


On Wed, Jan 19, 2022 at 8:36 AM Emond Papegaaij <emond.papega...@gmail.com>
wrote:

> Hi Boris,
>
> I would go for pac4j-oidc. It does not provide Wicket integration out of
> the box, but it is very easy to setup and you only need a few lines of code
> to check the authentication. Perhaps @dashorst can share the code:
> https://twitter.com/dashorst/status/1111280001847054336
>
> You can find an example of the pac4j code in a presentation a gave some
> time ago:
> https://blog.topicus-keyhub.com/oauth-2-0-demystified-j-spring-2019/
>
> Best regards,
> Emond
>
> On Tue, Jan 18, 2022 at 11:39 PM Boris Goldowsky <bgoldow...@cast.org>
> wrote:
>
>> What is the current best practice for allowing users to sign in to a
>> Wicket application using an OAuth2 provider (eg Google account, Twitter,
>> Canvas, etc).
>>
>>   *   Is Apache Shiro a possibility?  Looks like it’s got some Wicket
>> integration, but OAuth2 is listed as “coming”.
>>   *   PicketLink?
>>   *   Something from https://oauth.net/code/java/ ?
>>
>> Anyone with a working implementation care to give some pointers?
>>
>> Looks like there may have been some discussion of this 10 years ago on
>> this list, but not more recently that I can find.
>>
>> Thank you!
>>
>> Boris
>>
>>

Re: OAuth authentication

Reply via email to