You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Jérôme Leleu (Commented JIRA)" <ji...@apache.org> on 2012/02/15 19:53:00 UTC
[jira] [Commented] (SHIRO-119) Oauth support
[ https://issues.apache.org/jira/browse/SHIRO-119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13208670#comment-13208670 ]
Jérôme Leleu commented on SHIRO-119:
------------------------------------
Hi everybody,
As I'm using the CAS open source project, I submitted a pull request to the CAS community to add OAuth support to the CAS server.
I reused the OAuth client part of my code to create a shiro-oauth module to add OAuth support in Shiro.
As someone suggested, it's built on the great Scribe library.
As I wanted to use my code for both CAS community and Shiro community, I created an open source library : Scribe UP. It's a web-oriented extension to Scribe to get user profile after OAuth authentication process.
Source code is here : https://github.com/leleuj/scribe-up. It's available under Apache 2 licence. Current version : 1.0.0-SNAPSHOT is available in Sonatype snapshots repository : https://oss.sonatype.org/content/repositories/snapshots.
My shiro-oauth module is built on my Scribe UP library. This module makes Shiro acts as an OAuth client and therefore authentication process can be delegated to an identity provider like Facebook, GitHub, Google, LinkedIn, Twitter, Yahoo... When using this module, applications can handle security as usual and delegate login process to OAuth providers. After authentication process, the authenticated user has a profile with identifier and attributes.
I created a demo application to test all the providers and it works great. Just to give you an idea, I copy a configuration sample :
[main]
oauthProvider = org.scribe.up.provider.impl.FacebookProvider
oauthProvider.key = mykey
oauthProvider.secret = mysecret
oauthProvider.callbackUrl = http://myserver/myapp/shiro-oauth
oauthFilter = org.apache.shiro.oauth.OAuthFilter
oauthFilter.provider = $oauthProvider
oauthFilter.failureUrl = /error.jsp
oauthRealm = org.apache.shiro.oauth.OAuthRealm
oauthRealm.defaultRoles = ROLE_USER
#oauthRealm.defaultPermissions = defaultPermission
oauthRealm.provider = $oauthProvider
roles2 = org.apache.shiro.oauth.filter.OAuthRolesAuthorizationFilter
roles2.provider = $oauthProvider
[urls]
/protected/** = roles2[ROLE_USER]
/shiro-oauth = oauthFilter
/** = anon
I join the SVN patch : shiro-oauth-svn.patch and a complete documention on how the module has to be configured and works technically : shiro-oauth-documentation.pdf.
Hope you can find my module usefull and integrate it in a further release...
Thanks,
Best regards,
Jérôme
> Oauth support
> -------------
>
> Key: SHIRO-119
> URL: https://issues.apache.org/jira/browse/SHIRO-119
> Project: Shiro
> Issue Type: New Feature
> Reporter: Jason Eacott
> Assignee: Kalle Korhonen
> Attachments: shiro-oauth.patch
>
>
> Create support for OAuth provider support 'out of the box'.
> This could involve a standalone provider webapp with some flexible mechanism for data storage, and/or remote data retrieval & management,
> and a customisable way to integrate application/transport specific OAuth based authentication with Shiro (HTTP/XMPP etc).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira