2 Replies Latest reply on Aug 28, 2014 2:41 PM by sachindole

    REST login does not propagate to JSF by default?

    sachindole
    sachindole Aug 19, 2014 10:45 AM

      I have the BasicModel working for me and can authenticate users using a rest end point that is called via ajax from an HTML5 app. however, after having logged the user in, the EL #{identity.loggedIn} returns false. If I call a different REST @Stateless endpoint that is @Secured using a custom authorizer of @SecurityBindingType, I do get an identity passed in to the authorizer, but, here too, identity.getAccount returns null (isLoggedIn false). If I call the initial endpoint that i used to login again, here, identity is correctly setup and isLoggedIn returns true and getAccount returns the right account.

       

      My environment is wildfly 8.1.0 with picketlink 2.6.0 (not the 2.5.2)

       

      I must have missed some configuration. Here is my @ApplicationScoped config initialization class. What should I be doing in order to have the rest authentication to propagate to all layers?

       

      THANK YOU!

       

      @ApplicationScoped
public class PicketLinkConfiguration {
    @Inject
    private EEJPAContextInitializer eejpaContextInitializer;
    @Produces
    @PicketLink
    @PersistenceContext(unitName = "trelair")
    private EntityManager entityManager;


    @Produces
    @PicketLink
    public Partition createPartition() {
        return partitionManager.getPartition(Realm.class, "trelair");
    }


    @Inject
    private PartitionManager partitionManager;


    @Produces
    public IdentityConfiguration produceJPAConfiguration() {
        IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();


        builder
                .named("default")
                .stores()
                .jpa()
                .mappedEntity(AccountTypeEntity.class,
                        RoleTypeEntity.class,
                        GroupTypeEntity.class,
                        IdentityTypeEntity.class,
                        RelationshipTypeEntity.class,
                        RelationshipIdentityTypeEntity.class,
                        PartitionTypeEntity.class,
                        PasswordCredentialTypeEntity.class,
                        OTPCredentialTypeEntity.class,
                        AttributeTypeEntity.class,
                        PermissionsEntity.class)
                .supportAllFeatures()
                .addContextInitializer(eejpaContextInitializer);
        // configure the JPA store


        return builder.build();
    }


    public void observeIdentityConfigurationEvent(@Observes IdentityConfigurationEvent event) {
        IdentityConfigurationBuilder builder = event.getConfig();


        // use the builder to provide your own configuration
    }


    public void init(@Observes PartitionManagerCreateEvent event) {


        // retrieve the recently created partition manager instance
        PartitionManager partitionManager = event.getPartitionManager();
        // retrieve all the configuration used to build the instance
        Collection configurations = partitionManager.getConfigurations();
    }
}
        • 1. Re: REST login does not propagate to JSF by default?
          pcraveiro
          pcraveiro Aug 19, 2014 5:07 PM (in response to sachindole)

          This should not happen if you are using a stateful Identity bean. However, if you are configuring the Identity bean as stateless, on every single request you must re-authenticate the user in order to establish his security context.

           

          The stateless behavior is usually enabled by providing a configuration just like that:

           

          {code}

          SecurityConfigurationBuilder securityConfigurationBuilder = event.getBuilder();

           

          securityConfigurationBuilder

              .identity()

              .stateless();

          {code}

           

          The stateful behavior is basically using the JSESSIONID to track the user's session. Which is the default behavior.

           

          Btw, you don't need to provide that IDM configuration if you're using the Basic Identity Model. Everything is configured for you automatically. Also, in 2.7.0.Beta1 we're making config even easier.

           

          Regards.

            • Actions
          • 2. Re: REST login does not propagate to JSF by default?
            sachindole
            sachindole Aug 28, 2014 2:41 PM (in response to pcraveiro)

            I think I might have found my problem. When I first introduced picketlink into my system, it created a "default" partition for me. next, I changed configuration to create a custom partition for my product. At this point, I suspect, picketlink was confused with my configuration and was using a different partition in different parts of code. The fix was to delete the default partition from database. No code change was needed.

             

            It was not easy to debug this.

             

            Probably sounds strange, but is true.

              • Actions