On Fri, Jun 17, 2016 at 7:34 PM, mbaranski <[email protected]> wrote:
> I'm having trouble understanding how to tie my filter and realm together.
> Is there a simple example of doing this, or am I approaching it
> incorrectly?
> I have this method in a filter that extends AccessControlFilter:
> @Override
> protected boolean onAccessDenied(ServletRequest request, ServletResponse
> response) throws Exception {
> if(isGoogleResponse(request)){
> AuthenticationToken = getMyCustomGoogleAuthToken(request);
> //
> I get my username from google, and can create an authentication token at
> this point
> // and need to pass it to my realm, but I can't figure out how to
> do
> that
> } else {
> sendForwardToGoogleOauthLink(request, response);
> // This forwards the page and when the user approves we come back
> here and the "if" part of this returns true
> }
> This is clearly psuedo code, but what method do I implement to return the
> token and have it passed to my realm?
>
Is your getMyCustomGoogleAuthToken just returning the authorization code
from the request or also handling exchanging it for an access token? In
either case, you'd call login, e.g.
SecurityUtils.getSubject().login(googleAuthenticationToken).
Your realm should register to handle these tokens (i.e.
setAuthenticationTokenClass(GoogleAuthToken.class). For some sample code
I've written (that doesn't directly match your case), see
https://github.com/tynamo/tynamo-federatedaccounts/blob/master/tynamo-federatedaccounts-facebook/src/main/java/org/tynamo/security/federatedaccounts/facebook/pages/FacebookOauth.java
Here the page (in your case the filter) is also handling the token
exchange, so the Oauth login flow is already complete at that point and the
realm is primarily handling federation with a local db user (i.e. is user
found & active, storing the access token and user information, local
roles/permissions etc.).
Kalle
