9:16 p.m.
Hi,
I'm playing OAuth integration feature with GateIn Tomcat packaging.
Unfortunately it doesn't work for me.
I'm testing with latest code of GateIn master. It doesn't login into portal
after registration, the login form with a message "Sign in failed. Wrong
username or password." is displayed instead.
Moreover, I have also tested on JBoss packaging. It works well for Facebook
and Google BUT it doesn't work with Twitter.
Is there anybody having the same problem ? are this bugs OR I missed
something in configuration ?
Thanks
--
*Trong Tran*
*(+84) 983841909 | *trongtt(a)gmail.com
Twitter: http://twitter.com/trongtt**
11:40 p.m.
Hi Trong,
On 3.7.2013 14:16, Trong Tran wrote:
Hi,
I'm playing OAuth integration feature with GateIn Tomcat packaging.
Unfortunately it doesn't work for me.
I'm testing with latest code of GateIn master. It doesn't login into
portal after registration, the login form with a message "Sign in
failed. Wrong username or password." is displayed instead.
There is one
additional needed thing for Tomcat integration and seems
that I forgot to add it to docs:-\ You need to add ServletAccessValve
into conf/context.xml or conf/server.xml (host section) as mentioned in
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
The valve is needed for SSO and OAuth integration. It's used to add
HttpServletRequest to ThreadLocal before JAAS authentication is
triggered, so that Login modules have access to current
HttpServletRequest. In JBoss, it's automatically possible via
javax.security.jacc.PolicyContext.getContext, however in Tomcat it's not
automatically possible, so we need to manually add it via Valve.
I will update the docs. I am thinking about adding the
ServletAccessValve into Tomcat packaging by default, which would mean
one less step for SSO and OAuth integration on Tomcat. Will likely send
PR soon.
Moreover, I have also tested on JBoss packaging. It works well for
Facebook and Google BUT it doesn't work with Twitter.
yes, unfortunately we
used older version of twitter4j-core library
(2.2.6), which is using Twitter API 1.0. Twitter recently updated to 1.1
and stopped to support this API from July 2013, so it doesn't work anymore.
The fix is to update twitter4j-core to latest version 3.0.3, which is
using Twitter API v1.1. I will send PR later today after performing some
more tests. The fix will be in JPP 6.1, but unfortunately not in already
released GateIn 3.6:-(
The workaround for GateIn 3.6 is to upgrade the JAR. You can download
twitter4j-core-3.0.3.jar from
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
and replace the old twitter4j-core-2.2.6.jar in GATEIN_TOMCAT_HOME/lib/
(on Tomcat7) or in GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on
JBoss7. You will need to update version in
GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml as well)
Thanks for the feedback!
Marek
Is there anybody having the same problem ? are this bugs OR I missed
something in configuration ?
Thanks
--
*Trong Tran*
/(+84) 983841909 | /trongtt(a)gmail.com <mailto:trongtt@gmail.com>
Twitter: http://twitter.com/trongtt//
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev
2:41 a.m.
PR for both changes (upgrade twitter4j-core and adding Valve for Tomcat)
is here https://github.com/gatein/gatein-portal/pull/551 . After merging
it, you shouldn't have issues anymore.
Marek
On 3.7.2013 16:40, Marek Posolda wrote:
Hi Trong,
On 3.7.2013 14:16, Trong Tran wrote:
> Hi,
>
> I'm playing OAuth integration feature with GateIn Tomcat packaging.
> Unfortunately it doesn't work for me.
> I'm testing with latest code of GateIn master. It doesn't login into
> portal after registration, the login form with a message "Sign in
> failed. Wrong username or password." is displayed instead.
There is one additional needed thing for Tomcat integration and seems
that I forgot to add it to docs:-\ You need to add ServletAccessValve
into conf/context.xml or conf/server.xml (host section) as mentioned
in
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
The valve is needed for SSO and OAuth integration. It's used to add
HttpServletRequest to ThreadLocal before JAAS authentication is
triggered, so that Login modules have access to current
HttpServletRequest. In JBoss, it's automatically possible via
javax.security.jacc.PolicyContext.getContext, however in Tomcat it's
not automatically possible, so we need to manually add it via Valve.
I will update the docs. I am thinking about adding the
ServletAccessValve into Tomcat packaging by default, which would mean
one less step for SSO and OAuth integration on Tomcat. Will likely
send PR soon.
>
> Moreover, I have also tested on JBoss packaging. It works well for
> Facebook and Google BUT it doesn't work with Twitter.
yes, unfortunately we used older version of twitter4j-core library
(2.2.6), which is using Twitter API 1.0. Twitter recently updated to
1.1 and stopped to support this API from July 2013, so it doesn't work
anymore.
The fix is to update twitter4j-core to latest version 3.0.3, which is
using Twitter API v1.1. I will send PR later today after performing
some more tests. The fix will be in JPP 6.1, but unfortunately not in
already released GateIn 3.6:-(
The workaround for GateIn 3.6 is to upgrade the JAR. You can download
twitter4j-core-3.0.3.jar from
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
and replace the old twitter4j-core-2.2.6.jar in
GATEIN_TOMCAT_HOME/lib/ (on Tomcat7) or in
GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on JBoss7. You will
need to update version in
GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml as well)
Thanks for the feedback!
Marek
>
> Is there anybody having the same problem ? are this bugs OR I missed
> something in configuration ?
>
> Thanks
>
> --
> *Trong Tran*
> /(+84) 983841909 | /trongtt(a)gmail.com <mailto:trongtt@gmail.com>
> Twitter: http://twitter.com/trongtt//
>
>
> _______________________________________________
> gatein-dev mailing list
> gatein-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/gatein-dev
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev
11:30 a.m.
Thank you very much for your quick response.
On 4 July 2013 00:41, Marek Posolda <mposolda(a)redhat.com> wrote:
PR for both changes (upgrade twitter4j-core and adding Valve for
Tomcat)
is here https://github.com/gatein/gatein-portal/pull/551 . After merging
it, you shouldn't have issues anymore.
Marek
On 3.7.2013 16:40, Marek Posolda wrote:
Hi Trong,
On 3.7.2013 14:16, Trong Tran wrote:
Hi,
I'm playing OAuth integration feature with GateIn Tomcat packaging.
Unfortunately it doesn't work for me.
I'm testing with latest code of GateIn master. It doesn't login into
portal after registration, the login form with a message "Sign in failed.
Wrong username or password." is displayed instead.
There is one additional needed thing for Tomcat integration and seems that
I forgot to add it to docs :-\ You need to add ServletAccessValve into
conf/context.xml or conf/server.xml (host section) as mentioned in
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
The valve is needed for SSO and OAuth integration. It's used to add
HttpServletRequest to ThreadLocal before JAAS authentication is triggered,
so that Login modules have access to current HttpServletRequest. In JBoss,
it's automatically possible via
javax.security.jacc.PolicyContext.getContext, however in Tomcat it's not
automatically possible, so we need to manually add it via Valve.
I will update the docs. I am thinking about adding the ServletAccessValve
into Tomcat packaging by default, which would mean one less step for SSO
and OAuth integration on Tomcat. Will likely send PR soon.
Moreover, I have also tested on JBoss packaging. It works well for
Facebook and Google BUT it doesn't work with Twitter.
yes, unfortunately we used older version of twitter4j-core library
(2.2.6), which is using Twitter API 1.0. Twitter recently updated to 1.1
and stopped to support this API from July 2013, so it doesn't work anymore.
The fix is to update twitter4j-core to latest version 3.0.3, which is
using Twitter API v1.1. I will send PR later today after performing some
more tests. The fix will be in JPP 6.1, but unfortunately not in already
released GateIn 3.6 :-(
The workaround for GateIn 3.6 is to upgrade the JAR. You can download
twitter4j-core-3.0.3.jar from
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
replace the old twitter4j-core-2.2.6.jar in GATEIN_TOMCAT_HOME/lib/ (on
Tomcat7) or in GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on JBoss7.
You will need to update version in
GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml as well)
Thanks for the feedback!
Marek
Is there anybody having the same problem ? are this bugs OR I missed
something in configuration ?
Thanks
--
*Trong Tran*
*(+84) 983841909 | *trongtt(a)gmail.com
Twitter: http://twitter.com/trongtt**
_______________________________________________
gatein-dev mailing
listgatein-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/gatein-dev
_______________________________________________
gatein-dev mailing
listgatein-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/gatein-dev
--
*Trong Tran*
*(+84) 983841909 | *trongtt(a)gmail.com
Twitter: http://twitter.com/trongtt**
6:06 p.m.
It's merged and available in GateIn master.
Marek
On 4.7.2013 04:30, Trong Tran wrote:
Thank you very much for your quick response.
On 4 July 2013 00:41, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
PR for both changes (upgrade twitter4j-core and adding Valve for
Tomcat) is here https://github.com/gatein/gatein-portal/pull/551 .
After merging it, you shouldn't have issues anymore.
Marek
On 3.7.2013 16:40, Marek Posolda wrote:
> Hi Trong,
>
> On 3.7.2013 14:16, Trong Tran wrote:
>> Hi,
>>
>> I'm playing OAuth integration feature with GateIn Tomcat
>> packaging. Unfortunately it doesn't work for me.
>> I'm testing with latest code of GateIn master. It doesn't login
>> into portal after registration, the login form with a message
>> "Sign in failed. Wrong username or password." is displayed
instead.
> There is one additional needed thing for Tomcat integration and
> seems that I forgot to add it to docs:-\ You need to add
> ServletAccessValve into conf/context.xml or conf/server.xml (host
> section) as mentioned in
>
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
>
> The valve is needed for SSO and OAuth integration. It's used to
> add HttpServletRequest to ThreadLocal before JAAS authentication
> is triggered, so that Login modules have access to current
> HttpServletRequest. In JBoss, it's automatically possible via
> javax.security.jacc.PolicyContext.getContext, however in Tomcat
> it's not automatically possible, so we need to manually add it
> via Valve.
>
> I will update the docs. I am thinking about adding the
> ServletAccessValve into Tomcat packaging by default, which would
> mean one less step for SSO and OAuth integration on Tomcat. Will
> likely send PR soon.
>>
>> Moreover, I have also tested on JBoss packaging. It works well
>> for Facebook and Google BUT it doesn't work with Twitter.
> yes, unfortunately we used older version of twitter4j-core
> library (2.2.6), which is using Twitter API 1.0. Twitter recently
> updated to 1.1 and stopped to support this API from July 2013, so
> it doesn't work anymore.
>
> The fix is to update twitter4j-core to latest version 3.0.3,
> which is using Twitter API v1.1. I will send PR later today after
> performing some more tests. The fix will be in JPP 6.1, but
> unfortunately not in already released GateIn 3.6:-(
>
> The workaround for GateIn 3.6 is to upgrade the JAR. You can
> download twitter4j-core-3.0.3.jar from
>
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
> and replace the old twitter4j-core-2.2.6.jar in
> GATEIN_TOMCAT_HOME/lib/ (on Tomcat7) or in
> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on JBoss7. You
> will need to update version in
> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml as well)
>
> Thanks for the feedback!
> Marek
>
>>
>> Is there anybody having the same problem ? are this bugs OR I
>> missed something in configuration ?
>>
>> Thanks
>>
>> --
>> *Trong Tran*
>> /(+84) 983841909 | /trongtt(a)gmail.com <mailto:trongtt@gmail.com>
>> Twitter: http://twitter.com/trongtt//
>>
>>
>> _______________________________________________
>> gatein-dev mailing list
>> gatein-dev(a)lists.jboss.org <mailto:gatein-dev@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/gatein-dev
>
>
>
> _______________________________________________
> gatein-dev mailing list
> gatein-dev(a)lists.jboss.org <mailto:gatein-dev@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/gatein-dev
--
*Trong Tran*
/(+84) 983841909 | /trongtt(a)gmail.com <mailto:trongtt@gmail.com>
Twitter: http://twitter.com/trongtt//
9:02 p.m.
Hi, I've just tried to use OAuth with gatein master branch (include your
PR). After user authenticated by Twitter, it redirect back to portal, but
the OAuthLoginModule doesn't work --> show "sign in fail ..."
The AuthenticationRegistry component that is used to save a map of
sessionID and oAuth authenticated user, but notice that with tomcat7, when
you access to /portal/dologin URL, it always generate a new session. That's
why OAuthLoginModule can't work properly
On Thu, Jul 4, 2013 at 4:06 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
It's merged and available in GateIn master.
Marek
On 4.7.2013 04:30, Trong Tran wrote:
Thank you very much for your quick response.
On 4 July 2013 00:41, Marek Posolda <mposolda(a)redhat.com> wrote:
> PR for both changes (upgrade twitter4j-core and adding Valve for
> Tomcat) is here https://github.com/gatein/gatein-portal/pull/551 . After
> merging it, you shouldn't have issues anymore.
>
> Marek
>
>
> On 3.7.2013 16:40, Marek Posolda wrote:
>
> Hi Trong,
>
> On 3.7.2013 14:16, Trong Tran wrote:
>
> Hi,
>
> I'm playing OAuth integration feature with GateIn Tomcat packaging.
> Unfortunately it doesn't work for me.
> I'm testing with latest code of GateIn master. It doesn't login into
> portal after registration, the login form with a message "Sign in
> failed. Wrong username or password." is displayed instead.
>
> There is one additional needed thing for Tomcat integration and seems
> that I forgot to add it to docs :-\ You need to add ServletAccessValve
> into conf/context.xml or conf/server.xml (host section) as mentioned in
>
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
>
> The valve is needed for SSO and OAuth integration. It's used to add
> HttpServletRequest to ThreadLocal before JAAS authentication is triggered,
> so that Login modules have access to current HttpServletRequest. In JBoss,
> it's automatically possible via
> javax.security.jacc.PolicyContext.getContext, however in Tomcat it's not
> automatically possible, so we need to manually add it via Valve.
>
> I will update the docs. I am thinking about adding the ServletAccessValve
> into Tomcat packaging by default, which would mean one less step for SSO
> and OAuth integration on Tomcat. Will likely send PR soon.
>
>
> Moreover, I have also tested on JBoss packaging. It works well for
> Facebook and Google BUT it doesn't work with Twitter.
>
> yes, unfortunately we used older version of twitter4j-core library
> (2.2.6), which is using Twitter API 1.0. Twitter recently updated to 1.1
> and stopped to support this API from July 2013, so it doesn't work anymore.
>
> The fix is to update twitter4j-core to latest version 3.0.3, which is
> using Twitter API v1.1. I will send PR later today after performing some
> more tests. The fix will be in JPP 6.1, but unfortunately not in already
> released GateIn 3.6 :-(
>
> The workaround for GateIn 3.6 is to upgrade the JAR. You can download
> twitter4j-core-3.0.3.jar from
>
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
replace the old twitter4j-core-2.2.6.jar in GATEIN_TOMCAT_HOME/lib/ (on
> Tomcat7) or in GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on JBoss7.
> You will need to update version in
> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml as well)
>
> Thanks for the feedback!
> Marek
>
>
> Is there anybody having the same problem ? are this bugs OR I missed
> something in configuration ?
>
> Thanks
>
> --
> *Trong Tran*
> *(+84) 983841909 | *trongtt(a)gmail.com
> Twitter: http://twitter.com/trongtt**
>
>
> _______________________________________________
> gatein-dev mailing
listgatein-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/gatein-dev
>
>
>
>
> _______________________________________________
> gatein-dev mailing
listgatein-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/gatein-dev
>
>
>
--
*Trong Tran*
*(+84) 983841909 | *trongtt(a)gmail.com
Twitter: http://twitter.com/trongtt**
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev
10:33 p.m.
Thanks for the detailed analysis!
However I am seeing different behaviour. I am seeing the same as you
that on Tomcat7 the HTTP request to /portal/dologin will return "302
Found" and it will change the value of cookie JSESSIONID. But for me,
the JAAS call to OAuthLoginModule is still done with original session
ID, so the authenticated user is properly returned from
AuthenticationRegistry and authentication ends successfully.
Which Tomcat version do you have? I have 7.0.32
Are you seeing any difference if you change URL on line 232 of file
webapps/portal/WEB-INF/conf/sso/oauth-configuration.xml like this?
- <value>/@@portal.container.name@(a)/dologin</value>
+ <value>/@@portal.container.name@(a)/login</value>
Marek
On 4.7.2013 14:02, Phuong Viet VU wrote:
Hi, I've just tried to use OAuth with gatein master branch
(include
your PR). After user authenticated by Twitter, it redirect back to
portal, but the OAuthLoginModule doesn't work --> show "sign in fail
..."
The AuthenticationRegistry component that is used to save a map of
sessionID and oAuth authenticated user, but notice that with tomcat7,
when you access to /portal/dologin URL, it always generate a new
session. That's why OAuthLoginModule can't work properly
On Thu, Jul 4, 2013 at 4:06 PM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
It's merged and available in GateIn master.
Marek
On 4.7.2013 04:30, Trong Tran wrote:
> Thank you very much for your quick response.
>
>
> On 4 July 2013 00:41, Marek Posolda <mposolda(a)redhat.com
> <mailto:mposolda@redhat.com>> wrote:
>
> PR for both changes (upgrade twitter4j-core and adding Valve
> for Tomcat) is here
> https://github.com/gatein/gatein-portal/pull/551 . After
> merging it, you shouldn't have issues anymore.
>
> Marek
>
>
> On 3.7.2013 16:40, Marek Posolda wrote:
>> Hi Trong,
>>
>> On 3.7.2013 14:16, Trong Tran wrote:
>>> Hi,
>>>
>>> I'm playing OAuth integration feature with GateIn Tomcat
>>> packaging. Unfortunately it doesn't work for me.
>>> I'm testing with latest code of GateIn master. It doesn't
>>> login into portal after registration, the login form with a
>>> message "Sign in failed. Wrong username or password." is
>>> displayed instead.
>> There is one additional needed thing for Tomcat integration
>> and seems that I forgot to add it to docs:-\ You need to add
>> ServletAccessValve into conf/context.xml or conf/server.xml
>> (host section) as mentioned in
>>
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
>>
>> The valve is needed for SSO and OAuth integration. It's used
>> to add HttpServletRequest to ThreadLocal before JAAS
>> authentication is triggered, so that Login modules have
>> access to current HttpServletRequest. In JBoss, it's
>> automatically possible via
>> javax.security.jacc.PolicyContext.getContext, however in
>> Tomcat it's not automatically possible, so we need to
>> manually add it via Valve.
>>
>> I will update the docs. I am thinking about adding the
>> ServletAccessValve into Tomcat packaging by default, which
>> would mean one less step for SSO and OAuth integration on
>> Tomcat. Will likely send PR soon.
>>>
>>> Moreover, I have also tested on JBoss packaging. It works
>>> well for Facebook and Google BUT it doesn't work with Twitter.
>> yes, unfortunately we used older version of twitter4j-core
>> library (2.2.6), which is using Twitter API 1.0. Twitter
>> recently updated to 1.1 and stopped to support this API from
>> July 2013, so it doesn't work anymore.
>>
>> The fix is to update twitter4j-core to latest version 3.0.3,
>> which is using Twitter API v1.1. I will send PR later today
>> after performing some more tests. The fix will be in JPP
>> 6.1, but unfortunately not in already released GateIn 3.6:-(
>>
>> The workaround for GateIn 3.6 is to upgrade the JAR. You can
>> download twitter4j-core-3.0.3.jar from
>>
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
>> and replace the old twitter4j-core-2.2.6.jar in
>> GATEIN_TOMCAT_HOME/lib/ (on Tomcat7) or in
>> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on JBoss7.
>> You will need to update version in
>> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml as well)
>>
>> Thanks for the feedback!
>> Marek
>>
>>>
>>> Is there anybody having the same problem ? are this bugs OR
>>> I missed something in configuration ?
>>>
>>> Thanks
>>>
>>> --
>>> *Trong Tran*
>>> /(+84) 983841909 | /trongtt(a)gmail.com
>>> <mailto:trongtt@gmail.com>
>>> Twitter: http://twitter.com/trongtt//
>>>
>>>
>>> _______________________________________________
>>> gatein-dev mailing list
>>> gatein-dev(a)lists.jboss.org
<mailto:gatein-dev@lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/gatein-dev
>>
>>
>>
>> _______________________________________________
>> gatein-dev mailing list
>> gatein-dev(a)lists.jboss.org <mailto:gatein-dev@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/gatein-dev
>
>
>
>
> --
> *Trong Tran*
> /(+84) 983841909 | /trongtt(a)gmail.com <mailto:trongtt@gmail.com>
> Twitter: http://twitter.com/trongtt//
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org <mailto:gatein-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/gatein-dev
11:42 p.m.
Yes, you're right, after change the oauth-configuration.xml to use loginUrl
/portal/login instead of /portal/dologin --> it works :)
My tomcat is 7.0.37, and it doesn't work for me if I don't change the
loginUrl (notice that access to /portal/login url will not create a new
session, but /portal/dologin does)
On Thu, Jul 4, 2013 at 8:33 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
Thanks for the detailed analysis!
However I am seeing different behaviour. I am seeing the same as you that
on Tomcat7 the HTTP request to /portal/dologin will return "302 Found" and
it will change the value of cookie JSESSIONID. But for me, the JAAS call to
OAuthLoginModule is still done with original session ID, so the
authenticated user is properly returned from AuthenticationRegistry and
authentication ends successfully.
Which Tomcat version do you have? I have 7.0.32
Are you seeing any difference if you change URL on line 232 of file
webapps/portal/WEB-INF/conf/sso/oauth-configuration.xml like this?
- <value>/@@portal.container.name@(a)/dologin</value>
+ <value>/@@portal.container.name@(a)/login</value>
Marek
On 4.7.2013 14:02, Phuong Viet VU wrote:
Hi, I've just tried to use OAuth with gatein master branch (include your
PR). After user authenticated by Twitter, it redirect back to portal, but
the OAuthLoginModule doesn't work --> show "sign in fail ..."
The AuthenticationRegistry component that is used to save a map of
sessionID and oAuth authenticated user, but notice that with tomcat7, when
you access to /portal/dologin URL, it always generate a new session. That's
why OAuthLoginModule can't work properly
On Thu, Jul 4, 2013 at 4:06 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
> It's merged and available in GateIn master.
>
> Marek
>
>
> On 4.7.2013 04:30, Trong Tran wrote:
>
> Thank you very much for your quick response.
>
>
> On 4 July 2013 00:41, Marek Posolda <mposolda(a)redhat.com> wrote:
>
>> PR for both changes (upgrade twitter4j-core and adding Valve for
>> Tomcat) is here https://github.com/gatein/gatein-portal/pull/551 .
>> After merging it, you shouldn't have issues anymore.
>>
>> Marek
>>
>>
>> On 3.7.2013 16:40, Marek Posolda wrote:
>>
>> Hi Trong,
>>
>> On 3.7.2013 14:16, Trong Tran wrote:
>>
>> Hi,
>>
>> I'm playing OAuth integration feature with GateIn Tomcat packaging.
>> Unfortunately it doesn't work for me.
>> I'm testing with latest code of GateIn master. It doesn't login into
>> portal after registration, the login form with a message "Sign in
>> failed. Wrong username or password." is displayed instead.
>>
>> There is one additional needed thing for Tomcat integration and seems
>> that I forgot to add it to docs :-\ You need to add ServletAccessValve
>> into conf/context.xml or conf/server.xml (host section) as mentioned in
>>
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
>>
>> The valve is needed for SSO and OAuth integration. It's used to add
>> HttpServletRequest to ThreadLocal before JAAS authentication is triggered,
>> so that Login modules have access to current HttpServletRequest. In JBoss,
>> it's automatically possible via
>> javax.security.jacc.PolicyContext.getContext, however in Tomcat it's not
>> automatically possible, so we need to manually add it via Valve.
>>
>> I will update the docs. I am thinking about adding the
>> ServletAccessValve into Tomcat packaging by default, which would mean one
>> less step for SSO and OAuth integration on Tomcat. Will likely send PR soon.
>>
>>
>> Moreover, I have also tested on JBoss packaging. It works well for
>> Facebook and Google BUT it doesn't work with Twitter.
>>
>> yes, unfortunately we used older version of twitter4j-core library
>> (2.2.6), which is using Twitter API 1.0. Twitter recently updated to 1.1
>> and stopped to support this API from July 2013, so it doesn't work anymore.
>>
>> The fix is to update twitter4j-core to latest version 3.0.3, which is
>> using Twitter API v1.1. I will send PR later today after performing some
>> more tests. The fix will be in JPP 6.1, but unfortunately not in already
>> released GateIn 3.6 :-(
>>
>> The workaround for GateIn 3.6 is to upgrade the JAR. You can download
>> twitter4j-core-3.0.3.jar from
>>
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
replace the old twitter4j-core-2.2.6.jar in GATEIN_TOMCAT_HOME/lib/ (on
>> Tomcat7) or in GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on JBoss7.
>> You will need to update version in
>> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml as well)
>>
>> Thanks for the feedback!
>> Marek
>>
>>
>> Is there anybody having the same problem ? are this bugs OR I missed
>> something in configuration ?
>>
>> Thanks
>>
>> --
>> *Trong Tran*
>> *(+84) 983841909 | *trongtt(a)gmail.com
>> Twitter: http://twitter.com/trongtt**
>>
>>
>> _______________________________________________
>> gatein-dev mailing
listgatein-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/gatein-dev
>>
>>
>>
>>
>> _______________________________________________
>> gatein-dev mailing
listgatein-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/gatein-dev
>>
>>
>>
>
>
> --
> *Trong Tran*
> *(+84) 983841909 | *trongtt(a)gmail.com
> Twitter: http://twitter.com/trongtt**
>
>
>
> _______________________________________________
> gatein-dev mailing list
> gatein-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/gatein-dev
>
8:33 a.m.
Thanks for the confirmation. I've send PR
https://github.com/gatein/gatein-portal/pull/554 for it. The fix should
work on all Tomcat versions (I tried on the newest 7.0.41).
I hope you won't see more issues:-)
Marek
On 4.7.2013 16:42, Phuong Viet VU wrote:
Yes, you're right, after change the oauth-configuration.xml to
use
loginUrl /portal/login instead of /portal/dologin --> it works :)
My tomcat is 7.0.37, and it doesn't work for me if I don't change the
loginUrl (notice that access to /portal/login url will not create a
new session, but /portal/dologin does)
On Thu, Jul 4, 2013 at 8:33 PM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
Thanks for the detailed analysis!
However I am seeing different behaviour. I am seeing the same as
you that on Tomcat7 the HTTP request to /portal/dologin will
return "302 Found" and it will change the value of cookie
JSESSIONID. But for me, the JAAS call to OAuthLoginModule is still
done with original session ID, so the authenticated user is
properly returned from AuthenticationRegistry and authentication
ends successfully.
Which Tomcat version do you have? I have 7.0.32
Are you seeing any difference if you change URL on line 232 of
file webapps/portal/WEB-INF/conf/sso/oauth-configuration.xml like
this?
- <value>/@@portal.container.name@(a)/dologin</value>
+ <value>/@@portal.container.name@(a)/login</value>
Marek
On 4.7.2013 14:02, Phuong Viet VU wrote:
> Hi, I've just tried to use OAuth with gatein master branch
> (include your PR). After user authenticated by Twitter, it
> redirect back to portal, but the OAuthLoginModule doesn't work
> --> show "sign in fail ..."
>
> The AuthenticationRegistry component that is used to save a map
> of sessionID and oAuth authenticated user, but notice that with
> tomcat7, when you access to /portal/dologin URL, it always
> generate a new session. That's why OAuthLoginModule can't work
> properly
>
>
> On Thu, Jul 4, 2013 at 4:06 PM, Marek Posolda
> <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote:
>
> It's merged and available in GateIn master.
>
> Marek
>
>
> On 4.7.2013 04:30, Trong Tran wrote:
>> Thank you very much for your quick response.
>>
>>
>> On 4 July 2013 00:41, Marek Posolda <mposolda(a)redhat.com
>> <mailto:mposolda@redhat.com>> wrote:
>>
>> PR for both changes (upgrade twitter4j-core and adding
>> Valve for Tomcat) is here
>> https://github.com/gatein/gatein-portal/pull/551 . After
>> merging it, you shouldn't have issues anymore.
>>
>> Marek
>>
>>
>> On 3.7.2013 16:40, Marek Posolda wrote:
>>> Hi Trong,
>>>
>>> On 3.7.2013 14:16, Trong Tran wrote:
>>>> Hi,
>>>>
>>>> I'm playing OAuth integration feature with GateIn
>>>> Tomcat packaging. Unfortunately it doesn't work for me.
>>>> I'm testing with latest code of GateIn master. It
>>>> doesn't login into portal after registration, the
>>>> login form with a message "Sign in failed. Wrong
>>>> username or password." is displayed instead.
>>> There is one additional needed thing for Tomcat
>>> integration and seems that I forgot to add it to
>>> docs:-\ You need to add ServletAccessValve into
>>> conf/context.xml or conf/server.xml (host section) as
>>> mentioned in
>>>
https://docs.jboss.org/author/display/GTNPORTAL36/Central+Authentication+...
>>>
>>> The valve is needed for SSO and OAuth integration. It's
>>> used to add HttpServletRequest to ThreadLocal before
>>> JAAS authentication is triggered, so that Login modules
>>> have access to current HttpServletRequest. In JBoss,
>>> it's automatically possible via
>>> javax.security.jacc.PolicyContext.getContext, however
>>> in Tomcat it's not automatically possible, so we need
>>> to manually add it via Valve.
>>>
>>> I will update the docs. I am thinking about adding the
>>> ServletAccessValve into Tomcat packaging by default,
>>> which would mean one less step for SSO and OAuth
>>> integration on Tomcat. Will likely send PR soon.
>>>>
>>>> Moreover, I have also tested on JBoss packaging. It
>>>> works well for Facebook and Google BUT it doesn't work
>>>> with Twitter.
>>> yes, unfortunately we used older version of
>>> twitter4j-core library (2.2.6), which is using Twitter
>>> API 1.0. Twitter recently updated to 1.1 and stopped to
>>> support this API from July 2013, so it doesn't work
>>> anymore.
>>>
>>> The fix is to update twitter4j-core to latest version
>>> 3.0.3, which is using Twitter API v1.1. I will send PR
>>> later today after performing some more tests. The fix
>>> will be in JPP 6.1, but unfortunately not in already
>>> released GateIn 3.6:-(
>>>
>>> The workaround for GateIn 3.6 is to upgrade the JAR.
>>> You can download twitter4j-core-3.0.3.jar from
>>>
http://search.maven.org/remotecontent?filepath=org/twitter4j/twitter4j-co...
>>> and replace the old twitter4j-core-2.2.6.jar in
>>> GATEIN_TOMCAT_HOME/lib/ (on Tomcat7) or in
>>> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/ (on
>>> JBoss7. You will need to update version in
>>> GATEIN_JBOSS_HOME/modules/org/twitter4j/main/module.xml
>>> as well)
>>>
>>> Thanks for the feedback!
>>> Marek
>>>
>>>>
>>>> Is there anybody having the same problem ? are this
>>>> bugs OR I missed something in configuration ?
>>>>
>>>> Thanks
>>>>
>>>> --
>>>> *Trong Tran*
>>>> /(+84) 983841909 | /trongtt(a)gmail.com
>>>> <mailto:trongtt@gmail.com>
>>>> Twitter: http://twitter.com/trongtt//
>>>>
>>>>
>>>> _______________________________________________
>>>> gatein-dev mailing list
>>>> gatein-dev(a)lists.jboss.org
<mailto:gatein-dev@lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/gatein-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> gatein-dev mailing list
>>> gatein-dev(a)lists.jboss.org
<mailto:gatein-dev@lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/gatein-dev
>>
>>
>>
>>
>> --
>> *Trong Tran*
>> /(+84) 983841909 | /trongtt(a)gmail.com <mailto:trongtt@gmail.com>
>> Twitter: http://twitter.com/trongtt//
>
>
> _______________________________________________
> gatein-dev mailing list
> gatein-dev(a)lists.jboss.org <mailto:gatein-dev@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/gatein-dev
>
>
3969
days inactive
3970
days old
8 comments
3 participants
participants (3)
-
Marek Posolda -
Phuong Viet VU -
Trong Tran