Springboot, Oauth and Wso2

[Eddie Mc Greal]

Current situation

We are builing a REST API that currently uses a Shiro realm to authenticate a user against the DB.

The application is running as a Springboot web application

What we'd like to achieve:

We want to move authentication out of our web application and into an authentication server e.g. Wso2 

We'd like to use Oauth2 as the interface to the authentication server.

What are the dependencies?

Add the dependencies (gradle)

'org.pac4j:pac4j-core:1.7.1'

'org.pac4j:pac4j-oauth:1.7.1'

Do we need a pac4j servlet jar as well? I read somewhere that we need some servlet filters but I don't see any pac4j-servlet on MVN Central (http://mvnrepository.com/artifact/org.pac4j)

We want the token to be passed to the REST client e.g. Angular/JS

How do I configure the Realm

We're not using shiro.ini but rather using spring java configuration.

I'm using https://github.com/bujiio/buji-pac4j as a guide but I don't see support for a generic OAuth client or do we use something like CasOAuthWrapperClient?

Any tips on how to set this up would be much apprecited!

 

[Jérôme LELEU]

Hi,

You need pac4j-core which is a generic authentication (/authorization) engine. pac4j-oauth provides OAuth support in pac4j for many providers: Facebook, Twitter...

And you need an adapter for pac4j to your current environment (Shiro): here, it is the buji-pac4j bridge.

So you need all these three libraries.

The OAuth clients target specific identity providers like Facebook, Twitter except the CasOAuthWrapperClient which is a generic OAuth client for all CAS servers (using the OAuth server support).

For your specific need (Wso2), you need to create a new Wso2Client based on https://github.com/pac4j/pac4j/blob/master/pac4j-oauth/src/main/java/org/pac4j/oauth/client/BaseOAuth20Client.java: you will need to implement the internalInit and the extractUserProfile methods.

pac4j-oauth is based on the OAuth Scribe library for the OAuth protocol implementation, so you need to create a Scribe Api for Wso2 (https://github.com/pac4j/pac4j/tree/master/pac4j-oauth/src/main/java/org/scribe/builder/api).

You'll certainly need to create a specific Wso2Profile (inheriting from https://github.com/pac4j/pac4j/blob/master/pac4j-oauth/src/main/java/org/pac4j/oauth/profile/OAuth20Profile.java) to define the returned attributes and the appropriate mappings for the https://github.com/pac4j/pac4j/blob/master/pac4j-core/src/main/java/org/pac4j/core/profile/CommonProfile.java

I hope it's clearer for you. If you finally achieve your Wso2Client, I'd like you to contribute it back to pac4j.

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "pac4j-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.