2 Replies Latest reply on May 23, 2014 1:26 PM by vwjugow

    Errai security with PicketLink

    xybrek

      I have this CustomAuthenticator for user with Errai Security:

       

       

          public CustomAuthenticator extends BaseAuthenticator {

              @Override

              public void authenticate() {

                  String userId = loginCredentials.getUserId();

                  String password = loginCredentials.getPassword();

                  User user = userDAO.fetchUserByName(userId);

                  if (!BCrypt.checkpw(password, user.getPasswordHash())) {

                      setStatus(AuthenticationStatus.FAILURE);

                  } else {

                      // Add to IDM

                      IdentityQuery<UserImpl> query

                              = partitionManager.createIdentityManager().createIdentityQuery(UserImpl.class);

                      query.setParameter(UserImpl.LOGIN_NAME, user.getUsername());

                      List<UserImpl> result = query.getResultList();

                      org.picketlink.idm.model.basic.Role trial = new org.picketlink.idm.model.basic.Role("TRIAL");

                      if (result.isEmpty()){

                          UserImpl account = new UserImpl(user);

                          partitionManager.createIdentityManager().add(account);

                          partitionManager.createIdentityManager().updateCredential(account, new Password(password));

                          partitionManager.createIdentityManager().add(trial);

                         partitionManager.createRelationshipManager().add(new Grant(account, trial));

                          IdentityQuery<UserImpl> q

                                  = partitionManager.createIdentityManager().createIdentityQuery(UserImpl.class);

                          q.setParameter(UserImpl.LOGIN_NAME, user.getUsername());

                          UserImpl u = q.getResultList().iterator().next();

                          setStatus(AuthenticationStatus.SUCCESS);

                          setAccount(u);

                      } else {

                          setStatus(AuthenticationStatus.SUCCESS);

                          setAccount(result.iterator().next());

        

                      }

                      userEvent.fire(user);

                  }

          }

       

       

      Even I check the seAccount Account to be set is ok, I am not sure if the Roles is persisted at list at the Picketlink side; because the response of the call:

       

       

          Caller<AuthenticationService> authServiceCaller;

       

       

      The Errai Security User returned although not null, the names is "ANONYMOUS" and role is "NOBODY" I'm not sure what's happening here.

       

      The login(username, password) method returns the correct User and Role, but getUser() does not. This is the issue.

        • 1. Re: Errai security with PicketLink
          mbarkley

          Hi Xybrek,

          The Errai Security User returned although not null, the names is "ANONYMOUS" and role is "NOBODY" I'm not sure what's happening here.

          This is the user representing not being logged in by Errai Security. This is only returned by getUser when PicketLink's Identity.isLoggedIn() returns false. You can confirm this is the case by setting a breakpoint in line 133 of the PicketLinkAuthenticationService (in errai-security-picketlink).

           

          I'd suggest going to the PicketLink forum for help if you haven't tried that already.

           

          Cheers.

          • 2. Re: Errai security with PicketLink
            vwjugow

            Hi,

            we were experiencing this with jetty, but with jboss it seems to work, so I guess we can close this.