I've received the code from Martijn Dashorst. It should be enough to get
you up and running.
This page is mounted like this: mountPage("/oidc/#{action}",
KeyhubOidcPage.class);
Redirect to this page to start the authentication.
package nl.topicus.iridium.conversie.web.pages.public_pages.keyhub;
import static
nl.topicus.iridium.conversie.keyhub.KeyhubEnvironmentVariables.Names.*;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nl.topicus.iridium.conversie.environment.Environment;
import nl.topicus.iridium.conversie.web.app.ConversieWebSession;
import nl.topicus.iridium.conversie.web.pages.dashboard.DashboardPage;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.request.Url;
import org.apache.wicket.request.http.WebRequest;
import org.apache.wicket.request.http.WebResponse;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.JEESessionStore;
import org.pac4j.core.exception.http.RedirectionAction;
import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
import org.pac4j.oidc.profile.OidcProfile;
public class KeyhubOidcPage extends WebPage
{
private static final long serialVersionUID = 1L;
@Inject
private Environment environment;
public KeyhubOidcPage(PageParameters pars)
{
super(pars);
OidcConfiguration configuration = new OidcConfiguration();
configuration.setClientId(environment.getRequiredValue(KEYHUB_API_CLIENTID));
configuration.setSecret(environment.getRequiredValue(KEYHUB_API_SECRET));
configuration.setConnectTimeout(2000);
configuration.setReadTimeout(5000);
configuration
.setDiscoveryURI("https://keyhub.topicusonderwijs.nl/.well-known/openid-configuration";);
HttpServletRequest request =
(HttpServletRequest) ((WebRequest)
getRequest()).getContainerRequest();
HttpServletResponse response =
(HttpServletResponse) ((WebResponse)
getResponse()).getContainerResponse();
JEEContext context = new JEEContext(request, response);
OidcClient keyhub = new OidcClient(configuration);
keyhub.setCallbackUrl(getAuthenticateCallbackUrl());
if (pars.isEmpty())
{
keyhub.getRedirectionAction(context,
JEESessionStore.INSTANCE)
.ifPresent(action -> apply(action, context));
}
else
{
OidcCredentials credentials =
(OidcCredentials) keyhub.getCredentials(context,
JEESessionStore.INSTANCE).get();
OidcProfile profile =
(OidcProfile)
keyhub.getUserProfile(credentials, context,
JEESessionStore.INSTANCE)
.get();
ConversieWebSession.get().setKeyhubProfile(profile);
continueToOriginalDestination();
setResponsePage(DashboardPage.class);
}
}
private String getAuthenticateCallbackUrl()
{
PageParameters callbackPars = new PageParameters();
callbackPars.set("action", "callback");
return getRequestCycle().getUrlRenderer()
.renderFullUrl(Url.parse(urlFor(KeyhubOidcPage.class,
callbackPars)))
.toString();
}
private void apply(RedirectionAction action, JEEContext context)
{
JEEHttpActionAdapter.INSTANCE.adapt(action, context);
}
}
On Wed, Jan 19, 2022 at 8:36 AM Emond Papegaaij
wrote:
> Hi Boris,
>
> I would go for pac4j-oidc. It does not provide Wicket integration out of
> the box, but it is very easy to setup and you only need a few lines of code
> to check the authentication. Perhaps @dashorst can share the code:
> https://twitter.com/dashorst/status/280001847054336
>
> You can find an example of the pac4j code in a presentation a gave some
> time ago:
> https://blog.topicus-keyhub.com/oauth-2-0-demystified-j-spring-2019/
>
> Best regards,
> Emond
>
> On Tue, Jan 18, 2022 at 11:39 PM Boris Goldowsky
> wrote:
>
>> What is the current best practice for allowing users to sign in to a
>> Wicket application using an OAuth2 provider (eg Google account, Twitter,
>> Canvas, etc).
>>
>> * Is Apache Shiro a possibility? Looks like it’s got some Wicket
>> integration, but OAuth2 is listed as “coming”.
>> * PicketLink?
>> * Something from https: