I'm just getting to grips with Shiro (which I have to say has been very nice and intuitive nice use so far), and also now trying to use Facebook / OAuth as a login mechanism.
I have read of other discussion around this area, http://shiro-user.582556.n2.nabble.com/Advice-on-Shira-with-FB-Connect-Session-Clustering-Efficiency-td6832777.htm but as it covers other questions I thought I'd post a new topic. Basically I've got Facebook login working but not sure if my approach is correct. I've implemented a new Facebook realm, with associated Credentials matcher and token, see link below for a blog post with more details. I've decided that my credentials matcher doesn't actually need to do anything because by the time it is called upon Facebook has already done the job of gathering credentials and checking them. I've also ended up with a FacebookToken class which holds a code for use in calls to facebook, but which just returns null for getPrincipal and getCredentials as when it comes to authentication I consider Facebook to be responsible for determining the Principal and getting credentials. Does this sound right to anyone with more experience in this area ? Anyway, any thoughts on this appreciated, or if there's anyone else who's already done this I'd be more than happy to not be reinventing the wheel. Blog posts of what I've done so far. http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-1/ http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/ thanks Mike -- View this message in context: http://shiro-user.582556.n2.nabble.com/Implementing-Facebook-Login-tp7038905p7038905.html Sent from the Shiro User mailing list archive at Nabble.com.
