Callback not redirecting to JSF page after google OAuth
135 views
Skip to first unread message
Rob Young
Jul 9, 2016, 11:28:26 AM7/9/16
to pac4j-users
Hi there,
I've set up a basic web server using JSF, I've attached my shiro config below. When I browse to the file I've set up under /google/**, I get redirected to google, sign in, but then am always redirected to the error500.xhtml page. Any idea what I'm doing wrong here?
Shiro.ini
[main]
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory
googleClient = org.pac4j.oauth.client.Google2Client
googleClient.key = <my key>
googleClient.secret = <my secret>
simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator
formClient = org.pac4j.http.client.indirect.FormClient
formClient.loginUrl = http://localhost:8080/loginForm.jsp
formClient.authenticator = $simpleAuthenticator
basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator
clients = org.pac4j.core.client.Clients
clients.callbackUrl = http://localhost:8080/DashboardTest/callback
clients.clients = $googleClient,$formClient
clientsRealm = io.buji.pac4j.ClientRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients
clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.xhtml
googleRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
googleRoles.client = $googleClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
[urls]
/google/** = googleRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = anon
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>DashboardTest</display-name>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<resource-env-ref>
<!-- Enable Weld CDI, also needs META-INF/context.xml entry -->
<resource-env-ref-name>BeanManager</resource-env-ref-name>
<resource-env-ref-type>javax.enterprise.inject.spi.BeanManager</resource-env-ref-type>
</resource-env-ref>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
<url-pattern>/javax.faces.resource/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
</web-app>
I've set up a basic web server using JSF, I've attached my shiro config below. When I browse to the file I've set up under /google/**, I get redirected to google, sign in, but then am always redirected to the error500.xhtml page. Any idea what I'm doing wrong here?
Shiro.ini
[main]
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory
googleClient = org.pac4j.oauth.client.Google2Client
googleClient.key = <my key>
googleClient.secret = <my secret>
simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator
formClient = org.pac4j.http.client.indirect.FormClient
formClient.loginUrl = http://localhost:8080/loginForm.jsp
formClient.authenticator = $simpleAuthenticator
basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator
clients = org.pac4j.core.client.Clients
clients.callbackUrl = http://localhost:8080/DashboardTest/callback
clients.clients = $googleClient,$formClient
clientsRealm = io.buji.pac4j.ClientRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients
clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.xhtml
googleRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
googleRoles.client = $googleClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
[urls]
/google/** = googleRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = anon
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>DashboardTest</display-name>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<resource-env-ref>
<!-- Enable Weld CDI, also needs META-INF/context.xml entry -->
<resource-env-ref-name>BeanManager</resource-env-ref-name>
<resource-env-ref-type>javax.enterprise.inject.spi.BeanManager</resource-env-ref-type>
</resource-env-ref>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
<url-pattern>/javax.faces.resource/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
</web-app>
Rob Young
Jul 9, 2016, 5:42:34 PM7/9/16
to pac4j-users
Additionally, I'm not sure how to get debug information about what's going on, I seem to get redirected from the callback URL to the error500 page, but there's no debug info pushed to the tomcat logs. Is there some debug logging I can turn on?
Jérôme LELEU
Jul 11, 2016, 4:37:43 AM7/11/16
to Rob Young, pac4j-users
Hi,
I'm surprised you don't get any logs...
In all cases, you should turn on DEBUG logs on org.pac4j, this will output logs for the pac4j modules as well as for implementations.
I you want to do some debug, it's in the clientFilter (defined on the /callback url).
Thanks.
Best regards,
Jérôme
--
You received this message because you are subscribed to the Google Groups "pac4j-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Rob Young
Jul 11, 2016, 11:01:04 AM7/11/16
to pac4j-users, bobb...@gmail.com
Thanks Jérôme!
That was helpful, turning on debug logging indicated I hadn't set up my google credentials quite correct. Corrected and now I can log in.
Regards,
Rob
That was helpful, turning on debug logging indicated I hadn't set up my google credentials quite correct. Corrected and now I can log in.
Regards,
Rob
Reply all
Reply to author
Forward
0 new messages