Re: Using OAuth2Login Google authenticator with Security constraint

[Jamie]

That is something that is not going to happen... the servlet container knows nothing about OpenID or OAuth2Login.

Well, at least, any servlet container that I've worked with.

Your best bet would probably be to write a Filter that checks for a session variable login token;  

If the token does exists, then you're okay.

If the token does not exist

{

    check to see if the response contains the OAuth2Login response.

    if it does

        set the session variable login token

    else

        redirect to the OAuth2 URL

}

Then apply the filter to any protected resources or servlets.

On Monday, 12 November 2012 20:55:29 UTC-5, Allen Zhou wrote:

I want to use the Google authenticator as described here: https://developers.google.com/accounts/docs/OAuth2Login 

as the authentication link used for a security constraint.

  <security-constraint>

      <web-resource-collection>

          <url-pattern>/</url-pattern>

      </web-resource-collection>

      <auth-constraint>

          <role-name>*</role-name>

      </auth-constraint>

  </security-constraint>

Does anyone know where I can configure security constraint so that it uses a different login url than the default setting?