2 Replies Latest reply on May 31, 2016 12:28 PM by albeirobet

Path Redirection does not work

albeirobet Jul 30, 2015 5:24 PM

Good Afternoon

I am using picketlink version 2.7.0 with the following settings in the maven dependencies:

<!-- PicketLink dependency versions -->
  <version.picketlink.javaee.bom>2.7.0.Final</version.picketlink.javaee.bom>



<dependencyManagement>
  <dependencies>
  <!-- Dependency Management for PicketLink and Java EE 6.0. -->
  <dependency>
  <groupId>org.picketlink</groupId>
  <artifactId>picketlink-javaee-7.0</artifactId>
  <version>${version.picketlink.javaee.bom}</version>
  <scope>import</scope>
  <type>pom</type>
  </dependency>
  </dependencies>
  </dependencyManagement>

But when I set the HttpSecurityConfiguration not redirected to the error page or unauthorized page.

public class HttpSecurityConfiguration {

    public void configureHttpSecurity(@Observes SecurityConfigurationEvent event) {
        SecurityConfigurationBuilder builder = event.getBuilder();
  builder
  .http()
  .forPath("/app/*")
  .authenticateWith()
  .form()
  .loginPage("/login.jsf")
  .errorPage("/error.jsf")
  .forPath("/app/admin/*")
  .authorizeWith()
  .group("Administradores")
  .redirectTo("/prohibido.jsf").whenForbidden()
  .redirectTo("/error.jsf").whenError()
  .forPath("/app/admin/*")
  .authorizeWith()
  .group("Empleados")
  .redirectTo("/prohibido.jsf").whenForbidden()
  .redirectTo("/error.jsf").whenError();
  }
}

The given path [/app/admin/*] requires authentication.

16:19:25,467 INFO  [stdout] (default task-6) 2015-07-30 16:19:25 JRebel: Reloading class 'org.jboss.as.quickstarts.picketlink.authorization.idm.jpa.HttpSecurityConfiguration'.
16:19:27,612 INFO  [org.jboss.weld.deployer] (default task-6) JBAS016002: Processing weld deployment picketlink-authorization-idm-jpa.war
16:19:27,634 ERROR [org.picketlink.http] (default task-6) Exception thrown during processing for path [/picketlink-authorization-idm-jpa/app/admin/index.jsf]. Sending error with status code [401].: org.picketlink.http.AuthenticationRequiredException: The given path [/app/admin/*] requires authentication.
  at org.picketlink.http.internal.SecurityFilter.performAuthenticationIfRequired(SecurityFilter.java:445) [picketlink-2.7.0.Final.jar:]
  at org.picketlink.http.internal.SecurityFilter.doFilter(SecurityFilter.java:174) [picketlink-2.7.0.Final.jar:]
  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.ServletInitialHandler.jrHandle(ServletInitialHandler.java) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at org.zeroturnaround.javarebel.integration.servlet.undertow.cbp.ServletInitialHandlerCBP.handleRequest(ServletInitialHandlerCBP.java:76) [undertow-servlet-jr-plugin-6.0.2.jar:]
  at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]
  at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]

image.png 33.5 KB

1. Re: Path Redirection does not work

pcraveiro May 31, 2016 8:50 AM (in response to albeirobet)

Hi Eyder,

In this case you must create a group configuration, define the common requirements there and specify the same group to each path sharing a set of requirements. Something like:

builder
  .http()
      .forGroup("Authentication") // group definition
          .authenticateWith()
              .form()
                  .authenticationUri("/login.jsf")
                  .loginPage("/login.jsf")
                  .errorPage("/error.jsf")
     .forPath("/*", "Authentication")
      .forPath("/admin/*", "Authentication") // specify the group for the given path
          .authorizeWith()
              .role("Admin").redirectTo("/error.jsf").whenForbidden();

Above we are defining some authentication requirements to a path group "Authentication" and using this group when defining paths.

2. Re: Path Redirection does not work

albeirobet May 31, 2016 12:28 PM (in response to albeirobet)

Thank you very much for your help.
Actions

Go to original post