On Fri, Jun 17, 2016 at 11:24 PM, kaosko [via Shiro User] < [email protected]> wrote:
> On Fri, Jun 17, 2016 at 7:34 PM, mbaranski <[hidden email] > <http:///user/SendEmail.jtp?type=node&node=7581071&i=0>> wrote: > >> I'm having trouble understanding how to tie my filter and realm together. >> Is there a simple example of doing this, or am I approaching it >> incorrectly? >> I have this method in a filter that extends AccessControlFilter: >> @Override >> protected boolean onAccessDenied(ServletRequest request, ServletResponse >> response) throws Exception { >> if(isGoogleResponse(request)){ >> AuthenticationToken = getMyCustomGoogleAuthToken(request); >> // >> I get my username from google, and can create an authentication token at >> this point >> // and need to pass it to my realm, but I can't figure out how to >> do >> that >> } else { >> sendForwardToGoogleOauthLink(request, response); >> // This forwards the page and when the user approves we come back >> here and the "if" part of this returns true >> } >> This is clearly psuedo code, but what method do I implement to return the >> token and have it passed to my realm? >> > > Is your getMyCustomGoogleAuthToken just returning the authorization code > from the request or also handling exchanging it for an access token? In > either case, you'd call login, e.g. > SecurityUtils.getSubject().login(googleAuthenticationToken). > Your realm should register to handle these tokens (i.e. > setAuthenticationTokenClass(GoogleAuthToken.class). For some sample code > I've written (that doesn't directly match your case), see > > https://github.com/tynamo/tynamo-federatedaccounts/blob/master/tynamo-federatedaccounts-facebook/src/main/java/org/tynamo/security/federatedaccounts/facebook/pages/FacebookOauth.java > > Here the page (in your case the filter) is also handling the token > exchange, so the Oauth login flow is already complete at that point and the > realm is primarily handling federation with a local db user (i.e. is user > found & active, storing the access token and user information, local > roles/permissions etc.). > > Thank you, this is exactly what I needed, and I had been searching for example but didn't come across your example. If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/Trouble-with-OAuth-filter-realm-integration-tp7581070p7581071.html > To unsubscribe from Trouble with OAuth filter / realm integration, click > here > <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7581070&code=bWlrZS5iYXJhbnNraUBnbWFpbC5jb218NzU4MTA3MHwxNTExNzI2OTE0> > . > NAML > <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- -------------------------------- http://www.mikeski.net -- View this message in context: http://shiro-user.582556.n2.nabble.com/Trouble-with-OAuth-filter-realm-integration-tp7581070p7581072.html Sent from the Shiro User mailing list archive at Nabble.com.
