Hi, OK. I see the checksum error. This is the cause of all your problems. It's very strange. Hard to say what's going wrong here. Did you try with maven 3 (after cleaning your repo from buji-oauth) ?
You're right, the Google2Provider is missing in demo because I already have 8 other providers, I thought it was enough. There are 3 libraries because scribe-up is also used for the CAS project and a Spring security library for OAuth. 1. You need to define the providers (coming from the scribe-up project) : in your case, Facebook and Google in the shiro.ini file : /facebookProvider = org.scribe.up.provider.impl.FacebookProvider facebookProvider.key = your_key facebookProvider.secret = your_secret facebookProvider.callbackUrl = http://localhost:8080/shiro-facebook facebookProvider.scope = email # to request just email permission facebookProvider.fields = id,email # just to get the FB identifier and the email googleProvider = org.scribe.up.provider.impl.Google2Provider googleProvider.key = your_key googleProvider.secret = your_secret googleProvider.callbackUrl = http://localhost:8080/shiro-google googleProvider.scope = EMAIL # because you just want to get the email / It means you will have two urls (/shiro-facebook and /shiro-google) to validate the FB and Google OAuth authentication. 2. You need to define the OAuth realms : one realm for each provider because I assume you can have different roles and permissions granted according to your provider (in the shiro.ini file) : /facebookRealm = com.you.ExtendedOAuthRealm facebookRealm.provider = $facebookProvider googleRealm = com.you.ExtendedOAuthRealm googleRealm.provider = $googleProvider / This ExtendedOAuthRealm deals with your custom logic and extends the io.buji.oauth.OAuthRealm. 3. You need to define the filters which will handle the end of the OAuth authentication process in your web app for both providers (in the shiro.ini file). A filter creates an AuthenticationToken handled by the appropriate OAuthRealm. /facebookFilter = io.buji.oauth.OAuthFilter facebookFilter.provider = $facebookProvider facebookFilter.failureUrl = /error.jsp # the error page if the OAuth authentication fails googleFilter= io.buji.oauth.OAuthFilter googleFilter.provider = $googleProvider googleFilter.failureUrl = /error.jsp # the error page if the OAuth authentication fails/ 4. You DON'T need to define other OAuth filters to protect your application and redirect the user to the OAuth provider for authentication. The filters in the io.buji.oauth.filters are not necessary for you. 5. On your login page, I understand that your user choose on which provider to authenticate. You can do that by generating the authorization url to redirect the user to the OAuth provider for authentication : /<a href="<%=facebookProvider.getAuthorizationUrl(null)%>">Authenticate at Facebook <a href="<%=googleProvider.getAuthorizationUrl(null)%>">Authenticate at Google / 6. Your security configuration would be : /[urls] /shiro-facebook = facebookFilter /shiro-google = googleFilter /login.jsp = authc /settings.ftl = authc /listUsers.ftl = authc /logout = socialLogout/ 7. You need an extended OAuth realm with your custom logic : you want to check if the user is in database and load the roles. I don't know what you use as a principal, but with buji-oauth, it will be the "typed id", something like FacebookProfile#1234 or GoogleProfile#1234. So I think you can simply create the ExtendedOAuthRealm by extending the io.buji.oauth.OAuthRealm and putting your doGetAuthorizationInfo method in it if you can use this typed id as a key to match data coming from OAuth providers and your internal data. The second principal filled by the OAuthRealm (doGetAuthenticationInfo method) in buji-oauth is the user profile. So you can access some property on profile if you want to use it as username : if (profile instanceof FacebookProfile) { FacebookProfile fp = (Facebookprofile) profile; email = fp.getEmail(); } else if (profile instanceof Google2Profile) { Google2Profile gp = (Google2Profile) profile; email = gp.getEmail(); } A common profile here would simplify work. I plan it for scribe-up 1.3.0. I didn't test anything so there might be some adjustments to do. Hope it's clear enough for you to try to switch to buji-oauth. Best regards, Jérôme -- View this message in context: http://shiro-user.582556.n2.nabble.com/OAuth-demo-tp7577850p7577862.html Sent from the Shiro User mailing list archive at Nabble.com.
