Thanks for the confirmation. I've send PR
for it. The fix should
work on all Tomcat versions (I tried on the newest 7.0.41).
I hope you won't see more issues:-)
Marek
On 4.7.2013 16:42, Phuong Viet VU wrote:
Yes, you're right, after change the oauth-configuration.xml to
use
loginUrl /portal/login instead of /portal/dologin --> it works :)
My tomcat is 7.0.37, and it doesn't work for me if I don't change the
loginUrl (notice that access to /portal/login url will not create a
new session, but /portal/dologin does)
On Thu, Jul 4, 2013 at 8:33 PM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
Thanks for the detailed analysis!
However I am seeing different behaviour. I am seeing the same as
you that on Tomcat7 the HTTP request to /portal/dologin will
return "302 Found" and it will change the value of cookie
JSESSIONID. But for me, the JAAS call to OAuthLoginModule is still
done with original session ID, so the authenticated user is
properly returned from AuthenticationRegistry and authentication
ends successfully.
Which Tomcat version do you have? I have 7.0.32
Are you seeing any difference if you change URL on line 232 of
file webapps/portal/WEB-INF/conf/sso/oauth-configuration.xml like
this?
- <value>/@@portal.container.name@(a)/dologin</value>
+ <value>/@@portal.container.name@(a)/login</value>
Marek
On 4.7.2013 14:02, Phuong Viet VU wrote:
> Hi, I've just tried to use OAuth with gatein master branch
> (include your PR). After user authenticated by Twitter, it
> redirect back to portal, but the OAuthLoginModule doesn't work
> --> show "sign in fail ..."
>
> The AuthenticationRegistry component that is used to save a map
> of sessionID and oAuth authenticated user, but notice that with
> tomcat7, when you access to /portal/dologin URL, it always
> generate a new session. That's why OAuthLoginModule can't work
> properly
>
>
> On Thu, Jul 4, 2013 at 4:06 PM, Marek Posolda
> <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote:
>
> It's merged and available in GateIn master.
>
> Marek
>
>
> On 4.7.2013 04:30, Trong Tran wrote:
>> Thank you very much for your quick response.
>>
>>
>> On 4 July 2013 00:41, Marek Posolda <mposolda(a)redhat.com
>> <mailto:mposolda@redhat.com>> wrote:
>>
>> PR for both changes (upgrade twitter4j-core and adding
>> Valve for Tomcat) is here
>>
https://github.com/gatein/gatein-portal/pull/551 . After
>> merging it, you shouldn't have issues anymore.
>>
>> Marek
>>
>>
>> On 3.7.2013 16:40, Marek Posolda wrote:
>>> Hi Trong,
>>>
>>> On 3.7.2013 14:16, Trong Tran wrote:
>>>> Hi,
>>>>
>>>> I'm playing OAuth integration feature with GateIn
>>>> Tomcat packaging. Unfortunately it doesn't work for me.
>>>> I'm testing with latest code of GateIn master. It
>>>> doesn't login into portal after registration, the
>>>> login form with a message "Sign in failed. Wrong
>>>> username or password." is displayed instead.
>>> There is one additional needed thing for Tomcat
>>> integration and seems that I forgot to add it to
>>> docs:-\ You need to add ServletAccessValve into
>>> conf/context.xml or conf/server.xml (host section) as
>>> mentioned in
>>>
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
>>>
>>> The valve is needed for SSO and OAuth integration. It's
>>> used to add HttpServletRequest to ThreadLocal before
>>> JAAS authentication is triggered, so that Login modules
>>> have access to current HttpServletRequest. In JBoss,
>>> it's automatically possible via
>>> javax.security.jacc.PolicyContext.getContext, however
>>> in Tomcat it's not automatically possible, so we need
>>> to manually add it via Valve.
>>>
>>> I will update the docs. I am thinking about adding the
>>> ServletAccessValve into Tomcat packaging by default,
>>> which would mean one less step for SSO and OAuth
>>> integration on Tomcat. Will likely send PR soon.
>>>>
>>>> Moreover, I have also tested on JBoss packaging. It
>>>> works well for Facebook and Google BUT it doesn't work
>>>> with Twitter.
>>> yes, unfortunately we used older version of
>>> twitter4j-core library (2.2.6), which is using Twitter
>>> API 1.0. Twitter recently updated to 1.1 and stopped to
>>> support this API from July 2013, so it doesn't work
>>> anymore.
>>>
>>> The fix is to update twitter4j-core to latest version
>>> 3.0.3, which is using Twitter API v1.1. I will send PR
>>> later today after performing some more tests. The fix
>>> will be in JPP 6.1, but unfortunately not in already
>>> released GateIn 3.6:-(
>>>
>>> The workaround for GateIn 3.6 is to upgrade the JAR.
>>> You can download twitter4j-core-3.0.3.jar from
>>>
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
>>> and replace the old twitter4j-core-2.2.6.jar in
>>> GATEIN_TOMCAT_HOME/lib/ (on Tomcat7) or in
>>> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on
>>> JBoss7. You will need to update version in
>>> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml
>>> as well)
>>>
>>> Thanks for the feedback!
>>> Marek
>>>
>>>>
>>>> Is there anybody having the same problem ? are this
>>>> bugs OR I missed something in configuration ?
>>>>
>>>> Thanks
>>>>
>>>> --
>>>> *Trong Tran*
>>>> /(+84) 983841909 | /trongtt(a)gmail.com
>>>> <mailto:trongtt@gmail.com>
>>>> Twitter:
http://twitter.com/trongtt//
>>>>
>>>>
>>>> _______________________________________________
>>>> gatein-dev mailing list
>>>> gatein-dev(a)lists.jboss.org
<mailto:gatein-dev@lists.jboss.org>
>>>>
https://lists.jboss.org/mailman/listinfo/gatein-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> gatein-dev mailing list
>>> gatein-dev(a)lists.jboss.org
<mailto:gatein-dev@lists.jboss.org>
>>>
https://lists.jboss.org/mailman/listinfo/gatein-dev
>>
>>
>>
>>
>> --
>> *Trong Tran*
>> /(+84) 983841909 | /trongtt(a)gmail.com <mailto:trongtt@gmail.com>
>> Twitter:
http://twitter.com/trongtt//
>
>
> _______________________________________________
> gatein-dev mailing list
> gatein-dev(a)lists.jboss.org <mailto:gatein-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/gatein-dev
>
>