0 Replies Latest reply on Mar 5, 2013 2:23 PM by Roberto Requena

    JAAS + JSF + OAuth + RestEasy + JBOSS 7

    Roberto Requena Newbie

      Greetings, I'm trying to add security to my project .EAR,  I am try to use the new Servlet 3.0 HttpServletRequest#login() , when I use a form j_security_check this works correctly but when I use the following method I get an error:

       

       

      javax.servlet.ServletException: Failed to authenticate a principal
      11:25:53,951 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.connector.Request.login(Request.java:3257)
      11:25:53,952 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1082)
      11:25:53,952 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at ve.gob.oncop.sigecof.integracion.api.seguridad.SeguridadManageBeam.login(SeguridadManageBeam.java:92)
      11:25:53,953 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      11:25:53,953 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      11:25:53,954 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      11:25:53,954 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at java.lang.reflect.Method.invoke(Method.java:597)
      11:25:53,955 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.el.parser.AstValue.invoke(AstValue.java:262)
      11:25:53,955 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:278)
      11:25:53,955 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:39)
      11:25:53,956 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
      11:25:53,956 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
      11:25:53,957 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
      11:25:53,957 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
      11:25:53,958 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at javax.faces.component.UICommand.broadcast(UICommand.java:315)
      11:25:53,958 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:794)
      11:25:53,958 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1259)
      11:25:53,959 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
      11:25:53,959 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
      11:25:53,960 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
      11:25:53,960 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
      11:25:53,960 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
      11:25:53,961 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
      11:25:53,961 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62)
      11:25:53,962 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
      11:25:53,962 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
      11:25:53,963 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
      11:25:53,963 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
      11:25:53,964 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
      11:25:53,964 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397)
      11:25:53,965 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve.invoke(OAuthAuthenticationServerValve.java:424)
      11:25:53,965 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
      11:25:53,966 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
      11:25:53,966 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      11:25:53,966 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      11:25:53,967 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
      11:25:53,967 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
      11:25:53,968 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
      11:25:53,968 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
      11:25:53,969 ERROR [stderr] (http-localhost-127.0.0.1-8443-1)           at java.lang.Thread.run(Thread.java:662)
      11:25:53,987 INFO  [org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve] (http-localhost-127.0.0.1-8443-5) --- invoke: /SigecofIntegracionApi-web/resources/gfx/dualbrand_as7eap.png
      11:25:53,987 INFO  [org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve] (http-localhost-127.0.0.1-8443-1) --- invoke: /SigecofIntegracionApi-web/resources/gfx/dualbrand_logo.png
      

       

      The code used is as follows:

       

      This works

       

      <form method="post" action="j_security_check">
                   <h:panelGrid columns="2" >
                               Username<input type="text" name="j_username" size="25" /> 
                               Password<input type="password" size="15" name="j_password" />
                          </h:panelGrid>
                 <button type="submit" >Enviar</button>
      </form>
      


      This does not work

       

      <h:panelGrid columns="2">
                   <h:outputLabel for="usuario" value="Username" />
                   <h:inputText id="usuario" value="#{seguridadManageBeam.usuario}" />
                    <h:outputLabel for="password" value="Password" />
                  <h:inputSecret id="password" value="#{seguridadManageBeam.password}" />
                    <h:commandButton value="Iniciar Sesión" action="#{seguridadManageBeam.login()}" />
       </h:panelGrid>
      

       

      the login method is as follows

       

              FacesContext context = FacesContext.getCurrentInstance();
              ExternalContext externalContext = context.getExternalContext();
              HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
      
      
              try {
              
                        Principal userPrincipal = request.getUserPrincipal();
              
                        System.out.println(">>> userPrincipal = "+userPrincipal);
              
                  if (request.getUserPrincipal() != null) {
                      request.logout();
                  }
              
              
                  request.login(usuario, password);
                  externalContext.redirect(originalURL);
                  
              } catch (ServletException e) {
              
                        e.printStackTrace();
              
                  // Handle unknown username/password in request.login().
                  context.addMessage(null, new FacesMessage("ERROR")); 
      }
      

             

      when I first started the server I can see the following line to the console.

       

      ADVERTENCIA [org.jboss.resteasy.plugins.providers.RegisterBuiltin] (MSC service thread 1-3) NoClassDefFoundError: Unable to load builtin provider: org.jboss.resteasy.security.smime.MultipartSignedReader
      

       

      Thanks in advance for any help