Grails - ShiroSecurity - manually login user

I am trying to do relatively simple thing: log in user manually. I am using FacebookGraph plugin to connect to facebook. If user logs in via Facebook, i get his ID and I want to authenticate him in ShiroSecurity. Of course such trivial thing like

session.user = user

does not work. I have found the code in the wiki, which should do the trick:

Object userIdentity = user.email
String realmName = "username";
PrincipalCollection principals = new SimplePrincipalCollection(userIdentity, realmName);
Subject subject = new Subject.Builder().principals(principals).buildSubject();

However it does not work. I still get redirected to auth/login with log.debug message that ShiroSubject is null. Maybe it be because I invoke this code in a service. Any ideas how to make this work?

UPDATE:

 def authenticate(authToken) {
    log.info "Attempting to authenticate ${authToken.u开发者_C百科sername} in DB realm..."+authToken.encodeAsJSON()
    def username = authToken.username

    // Null username is invalid
    if (username == null) {
        throw new AccountException("Null usernames are not allowed by this realm.")
    }

    // Get the user with the given username. If the user is not
    // found, then they don't have an account and we throw an
    // exception.
    log.debug "reached this point2"
    def user = ShiroUser.findByUsername(username)
    log.debug "reached this point"
    if (!user) {
        throw new UnknownAccountException("No account found for user [${username}]")
    }

    log.info "Found user '${user.username}' in DB"

    // Now check the user's password against the hashed value stored
    // in the database.
    def account = new SimpleAccount(username, user.passwordHash, "ShiroDbRealm")
    if (!credentialMatcher.doCredentialsMatch(authToken, account)) {
        log.info "Invalid password (DB realm)"
        throw new IncorrectCredentialsException("Invalid password for user '${username}'")
    }

    return account
}

---

Take a look at the AuthController.groovy -> the signIn action.

This is exactly the code you need to login. The Main Step is

SecurityUtils.subject.login(new UsernamePasswordToken(username,password))

Hope that helps...

ok. This is only the starting point... take a look at your Realm-Code on /Realms . There you'll find an authenticate(authToken) closure. It seems that this gets called through SecurityUtils.subject.login() and handles the credentials check...

This should solve your problem with the hashed password....

---

According to the Javadoc, Subject.Builder() does not automatically bind the subject to the current application thread. Try adding this after building your Subject instance:

ThreadContext.bind(subject)