-
1. Re: Errai Security with Picketlink
vwjugow Feb 26, 2014 5:44 PM (in response to vwjugow)EDIT:
I've removed Errai Security, and the same is still happening..
I get different instances of DefaultIdentity before and after a user logs in, and the later lacks the user information, is as it never logged in.
-
2. Re: Errai Security with Picketlink
shane.bryzak Feb 26, 2014 7:00 PM (in response to vwjugow)Hi Victor,
Can you confirm if other session-scoped beans are behaving in the same manner (i.e. losing their state)?
-
3. Re: Errai Security with Picketlink
vwjugow Feb 26, 2014 10:34 PM (in response to shane.bryzak)Hi Shane. Thanks for answering. Mm I don't have the app right now, but we are migrating from Shiro and it was working ok.. we used their Session class.
-
4. Re: Errai Security with Picketlink
shane.bryzak Feb 26, 2014 11:31 PM (in response to vwjugow)Is it a CDI @SessionScoped bean? Confirming that other session-scoped beans are working is the first step in diagnosing this issue
-
5. Re: Errai Security with Picketlink
vwjugow Feb 27, 2014 8:20 AM (in response to shane.bryzak)We use CDI, yes.
I've placed another SessionScoped bean in the same class that holds the Identity object, and its instance also changed but keeps the information I've set during login.
EDIT: I've upgraded to Picketlink 2.6.0-SNAPSHOT. Now I use set/getAccount in my Authenticator, but still same issue
-
6. Re: Re: Errai Security with Picketlink
vwjugow Feb 27, 2014 10:50 AM (in response to vwjugow)@PicketLink public class MagickAuthenticator extends BaseAuthenticator implements Authenticator { private static final Logger log = Logger.getLogger(MagickAuthenticator.class); @Inject DefaultLoginCredentials loginCredentials; @Inject private UserDAO userDAO; @Inject private Event<User> userEvent; @Override public void authenticate() { String username = loginCredentials.getUserId(); String password = loginCredentials.getPassword(); log.info("Logging in username=" + username); User user = userDAO.fetchUserByName(username); if (!BCrypt.checkpw(password, user.getPasswordHash())) { setStatus(AuthenticationStatus.FAILURE); log.info("Wrong password"); return; // throw new AuthenticationException("Failure in authentication"); } userEvent.fire(user); log.info("Setting Status"); setStatus(AuthenticationStatus.SUCCESS); log.info("Setting Account"); org.picketlink.idm.model.basic.User picketLinkUser = new org.picketlink.idm.model.basic.User(username); setAccount(picketLinkUser);
@Portable public class SessionHelperImpl implements SessionHelper { private final static String SESSION_USER = "session.user"; private static final Logger log = Logger.getLogger(SessionHelperImpl.class); @Inject Identity identity; @Inject AppSessionContext sessionContext; @Inject DefaultLoginCredentials loginCredentials; @Inject UserDAO userDao; @Override public com.magick.models.shared.User getCurrentUser() throws MGSessionException { User user = (User) identity.getAccount(); if (user != null && user.getLoginName() != null) { return userDao.fetchUserByName(user.getLoginName()); }else{ return sessionContext.getCurrentUser(); } } @Override public boolean login(String username, String password) throws MGSessionException { try { loginCredentials.setPassword(password); loginCredentials.setUserId(username); Identity.AuthenticationResult result = identity.login(); if (result.equals(Identity.AuthenticationResult.FAILED)) { return false; } else { com.magick.models.shared.User u = new com.magick.models.shared.User(); u.setUsername(username); sessionContext.setUser(u);// return true; } } catch (SecurityException se) { log.info("Not authenticated"); } log.info("IsAuthenticated" + identity.isLoggedIn()); return false; } @Override public void logout() throws MGSessionException { identity.logout(); }
-
7. Re: Re: Errai Security with Picketlink
shane.bryzak Feb 27, 2014 6:08 PM (in response to vwjugow)Your code looks ok as far as I can tell. Could you confirm if the authentication quickstart works ok for you?
Otherwise I'd be happy to take a closer look if you could package up a minimal project for me that duplicates the issue.