Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mike10004/pac4j-google-apps-domain-oauth-client
Pac4J OAuth client implementation that restricts authentication to a Google Apps domain.
https://github.com/mike10004/pac4j-google-apps-domain-oauth-client
Last synced: 15 days ago
JSON representation
Pac4J OAuth client implementation that restricts authentication to a Google Apps domain.
- Host: GitHub
- URL: https://github.com/mike10004/pac4j-google-apps-domain-oauth-client
- Owner: mike10004
- License: apache-2.0
- Created: 2015-03-16T21:02:03.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2015-05-05T15:47:02.000Z (over 9 years ago)
- Last Synced: 2024-10-08T09:22:12.964Z (3 months ago)
- Language: Java
- Size: 219 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# pac4j-google-apps-domain-oauth-client
Pac4J OAuth client implementation that restricts authentication to a Google
Apps domain.
## How to use with Shiro
### shiro.ini
Contents of `src/main/resources/shiro.ini`:
[main]
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory
standardCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $standardCacheManager
googleClient = com.github.mike10004.pac4j.oauth.googleappsdomainclient.GoogleAppsDomainClient
googleClient.key = ${google.oauth.client.id}
googleClient.secret = ${google.oauth.client.secret}
googleClient.domain = ${google.oauth.domain}
clients = org.pac4j.core.client.Clients
clients.callbackUrl = ${google.oauth.redirectUri}
clients.clientsList = $googleClient
clientsRealm = io.buji.pac4j.ClientRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients
clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp
googleRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
googleRoles.client = $googleClient
ssl.enabled = ${shiro.main.ssl.enabled}
[urls]
/callback = ssl, clientsFilter
/logout = ssl, logout
/** = ssl, googleRoles[ROLE_USER]
### Project pom.xml
In your project `pom.xml`, include the following:
...
${my-app.shiro.google.domain}
${my-app.shiro.google.client.id}
${my-app.shiro.google.client.secret}
http://localhost:8080/my-app/callback
false
...
...
remote-deployable
${my-app.shiro.google.remoteRedirectUri}
true
...
...
src/main/resources
true
shiro.ini
...
### Maven user settings
In your Maven user settings (`$HOME/.m2/settings.xml`), define the following
properties:
* my-app.shiro.google.domain (e.g. example.com)
* my-app.shiro.google.client.id
* my-app.shiro.google.client.secret
* my-app.shiro.google.remoteRedirectUri
Visit https://console.developers.google.com to get your client ID and client
secret and to set the permitted redirect URI.
These properties must be set in a profile that is activated by default. A good
way to activate a profile default is described in [an answer to this SO
question](http://stackoverflow.com/questions/5309379/how-to-keep-maven-profiles-which-are-activebydefault-active-even-if-another-prof).
Following those instructions, your settings file would look something like this:
...
...
default_profile
!not_default_profile
a78_CLIENT_ID_HERE_yoT.apps.googleusercontent.com
V7H_CLIENT_SECRET_HERE_t4P
https://my-app.appspot.com/callback
...
...
Development builds will use
http://localhost:8080/my-app/callback as the callback
URL, and builds where the `remote-deployable` profile is activated will use
the value of `${my-app.shiro.google.remoteRedirectUri}` defined in your user
settings.