shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jérôme Leleu (Commented) (JIRA) <>
Subject [jira] [Commented] (SHIRO-119) Oauth support
Date Wed, 15 Feb 2012 18:53:00 GMT


Jérôme Leleu commented on SHIRO-119:

Hi everybody,

As I'm using the CAS open source project, I submitted a pull request to the CAS community
to add OAuth support to the CAS server.

I reused the OAuth client part of my code to create a shiro-oauth module to add OAuth support
in Shiro.

As someone suggested, it's built on the great Scribe library.

As I wanted to use my code for both CAS community and Shiro community, I created an open source
library : Scribe UP. It's a web-oriented extension to Scribe to get user profile after OAuth
authentication process.
Source code is here : It's available under Apache 2 licence.
Current version : 1.0.0-SNAPSHOT is available in Sonatype snapshots repository :

My shiro-oauth module is built on my Scribe UP library. This module makes Shiro acts as an
OAuth client and therefore authentication process can be delegated to an identity provider
like Facebook, GitHub, Google, LinkedIn, Twitter, Yahoo... When using this module, applications
can handle security as usual and delegate login process to OAuth providers. After authentication
process, the authenticated user has a profile with identifier and attributes.

I created a demo application to test all the providers and it works great. Just to give you
an idea, I copy a configuration sample :
oauthProvider = org.scribe.up.provider.impl.FacebookProvider
oauthProvider.key = mykey
oauthProvider.secret = mysecret
oauthProvider.callbackUrl = http://myserver/myapp/shiro-oauth
oauthFilter = org.apache.shiro.oauth.OAuthFilter
oauthFilter.provider = $oauthProvider
oauthFilter.failureUrl = /error.jsp
oauthRealm = org.apache.shiro.oauth.OAuthRealm
oauthRealm.defaultRoles = ROLE_USER
#oauthRealm.defaultPermissions = defaultPermission
oauthRealm.provider = $oauthProvider
roles2 = org.apache.shiro.oauth.filter.OAuthRolesAuthorizationFilter
roles2.provider = $oauthProvider
/protected/** = roles2[ROLE_USER]
/shiro-oauth = oauthFilter
/** = anon

I join the SVN patch : shiro-oauth-svn.patch and a complete documention on how the module
has to be configured and works technically : shiro-oauth-documentation.pdf.

Hope you can find my module usefull and integrate it in a further release...

Best regards,

> Oauth support
> -------------
>                 Key: SHIRO-119
>                 URL:
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Jason Eacott
>            Assignee: Kalle Korhonen
>         Attachments: shiro-oauth.patch
> Create support for OAuth provider  support 'out of the box'. 
> This could involve a standalone provider webapp with some flexible mechanism for data
storage, and/or remote data retrieval & management,
> and a customisable way to integrate application/transport specific OAuth based authentication
with Shiro (HTTP/XMPP etc).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message