Roughly, you'd: 1) create an Oauth redirect page and extract the Oauth token from the response 2) call Subject.login with the authentication token as the credential 3) Implement another custom realm where you validate the Oauth for example by fetching "me" data with the given credentials (plus any other mixed local/federated security checks you might want to have such as accountLocked etc.)
You can and should have multiple realms with Shiro, I'd leave the code below as is for authenticating against your local database. Kalle On Mon, Jun 14, 2010 at 10:24 PM, Fernando Wermus <[email protected]> wrote: > Hi all, > Some users could authenticate through facebook or stand alone mode. So, > I need to reimplement the following method > @Override > protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken > authcToken) throws AuthenticationException { > UsernamePasswordToken token = (UsernamePasswordToken) authcToken; > UsuarioDAO usuarioDAO=new UsuarioDAO(); > Usuario user = usuarioDAO.buscarPorMail(token.getUsername()); > > if( user != null ) { > return new SimpleAuthenticationInfo(user.getEmail(), > user.getClave(), "realmA"); > } else { > return null; > } > } > As I don't have anything similar to a password in a facebook authentication > - I don't know the password and I don't know anything that can work > similarly. > How can I incorporate facebook authentication to my shiro implementation? > Any help would be appreciate it. > My implementation is wicket-shiro impl. > Thanks in advance. > > -- > Fernando Wermus. > > www.linkedin.com/in/fernandowermus >
