1 2 Previous Next 18 Replies Latest reply on Apr 14, 2014 10:38 AM by Victor Wjugow

    Errai Security with PicketLink

    Victor Wjugow Newbie

      Hi everyone.

      I'm having an issue with PicketLink. I'm using Errai's Identity class to log in the users of my application, and I've provided an implementation of org.picketlink.authentication.Authenticator that gets called when I do Identity.login().. that works great, the login is successfully done.

      Debugging, I checked that PicketLinkAuthenticationService.getUser() returns the just-logged-in user, when watching that method while the login process hasn't finished yet.

      But when it finishes, I call Errai's Identity.getUser() and it returns null. I've debugged that as well, and confirmed that this happens because a new instance of org.picketlink.internal.DefaultIdentity (SessionScoped) is created inside PicketLinkAuthenticationService (ApplicationScoped).

       

      Can anyone confirm whether this is a bug ? Errai's or PicketLink's?

      The only workaround that I can think of is keeping track the User returned by Identity.login(), because, as mentioned, if I call Identity.getUser() after login, it returns null. Any other ideas?

       

      Oh, by the way, I'm using Errai 3.0-SNAPSHOT and PicketLink 2.5.0.Beta5

       

      mbarkley talked to you about this on the #errai irc channel.

       

      Thanks in advance.

        • 1. Re: Errai Security with PicketLink
          Max Barkley Expert

          Hi Victor,

           

          There are lots of changes happening with the Errai Security module right now. In fact, there were several changes published in the snapshot last night. Could you confirm whether your problem still occurs with the newest snapshots? (You may need to use the -U flag building with maven).

           

          If you still have the problem, could you please post a code sample where you call Identity.login() and Identity.getUser() ?

           

          Cheers.

          • 2. Re: Errai Security with PicketLink
            Victor Wjugow Newbie

            I've started the same discussion in PicketLink forum.

            Errai Security with Picketlink

             

            As I said there, I removed Errai Security and this is still happening, so I guess it has nothing to do with it. I'll post the sample code there.

            • 3. Re: Re: Errai Security with PicketLink
              Victor Wjugow Newbie

              Ok, so I'm starting again. I only want to try to make Errai Security manage the session. Is there any GOOD example about using Errai Security? I mean, an example that even tells what dependencies to add, shows import, because right now I'm basing on this page: errai/errai-security at master · errai/errai · GitHub and the sources there published.


              This is what I did so far:

              added these dependencies

              <dependencyManagement>
                      <dependencies>
                          <dependency>
                              <groupId>org.picketlink</groupId>
                              <artifactId>picketlink-javaee-6.0</artifactId>
                              <type>pom</type>
                              <scope>import</scope>
                              <version>${version.picketlink.javaee.bom}</version>
                          </dependency>
                      </dependencies>
                  </dependencyManagement>
              ....
              
                      <dependency>
                          <groupId>org.jboss.errai</groupId>
                          <artifactId>errai-security</artifactId>
                          <version>3.0-SNAPSHOT</version>
                      </dependency>
                      <dependency>
                          <groupId>org.picketlink</groupId>
                          <artifactId>picketlink-api</artifactId>
                          <version>2.6.0.CR1</version>
                          <scope>compile</scope>
                      </dependency>
                      <dependency>
                          <groupId>org.picketlink</groupId>
                          <artifactId>picketlink-impl</artifactId>
                          <version>2.6.0.CR1</version>
                          <scope>runtime</scope>
                      </dependency>
              
              
              

               

              Created this class

               

              package app.server.helper.impl;
              
              
              import app.client.shared.exception.AuthenticationException;
              import app.server.persistence.UserDAO;
              import com.magick.models.shared.User;
              import org.jboss.errai.bus.server.annotations.Service;
              import org.jboss.errai.common.client.PageRequest;
              import org.jboss.errai.security.shared.AuthenticationService;
              import org.jboss.errai.security.shared.Role;
              import org.mindrot.jbcrypt.BCrypt;
              import org.picketlink.Identity;
              import org.picketlink.credential.DefaultLoginCredentials;
              import org.picketlink.idm.credential.Password;
              
              
              import javax.enterprise.context.ApplicationScoped;
              import javax.enterprise.event.Event;
              import javax.inject.Inject;
              import java.util.ArrayList;
              import java.util.HashSet;
              import java.util.List;
              import java.util.Set;
              
              
              /**
              * @author Victor Wjugow :D
              * @since 2/24/14 2:47 PM
              */
              @Service
              @ApplicationScoped
              class MagickAuthenticationServiceImple implements AuthenticationService {
              
              
                @Inject
                private Identity identity;
              
              
                @Inject
                DefaultLoginCredentials credentials;
              
              
                @Inject
                UserDAO userDAO;
              
              
                @Inject
                private Event<User> userEvent;
              
              
                @Override
                public org.jboss.errai.security.shared.User login(String username, String password) {
                credentials.setUserId(username);
                credentials.setCredential(new Password(password));
              
              
                User user = userDAO.fetchUserByName(credentials.getUserId());
                if (!BCrypt.checkpw(credentials.getPassword(), user.getPasswordHash())) {
                throw new AuthenticationException("Failure in authentication");
                }
                if (identity.login() != Identity.AuthenticationResult.SUCCESS) {
                throw new AuthenticationException("ASDASDASDASDASD");
                }
                userEvent.fire(user);
                return new org.jboss.errai.security.shared.User(username);
                }
              
              
                @Override
                public boolean isLoggedIn() {
                return identity.isLoggedIn();
                }
              
              
                @Override
                public void logout() {
              
              
                identity.logout();
                }
              
              
                @Override
                public org.jboss.errai.security.shared.User getUser() {
                return createUser((org.picketlink.idm.model.basic.User) identity.getAccount(), new HashSet<Role>());
                }
              
              
                private org.jboss.errai.security.shared.User createUser(org.picketlink.idm.model.basic.User picketLinkUser, Set<Role> roles) {
                org.jboss.errai.security.shared.User user = new org.jboss.errai.security.shared.User();
                user.setLoginName(picketLinkUser.getLoginName());
              // user.setLastName(picketLinkUser.getLastName());
              // user.setFirstName(picketLinkUser.getFirstName());
                user.setEmail(picketLinkUser.getEmail());
              // user.setRoles(roles);
                return user;
                }
              
              
                @Override
                public List<Role> getRoles() {
                return new ArrayList<>();
                }
              
              
                @Override
                public boolean hasPermission(PageRequest pageRequest) {
                return true;
                }
              }
              
              
              

               

              copied the login page from this example errai/errai-security at master · errai/errai · GitHub

               

              Added

              <inherits name="org.jboss.errai.security.Security"/>

              to App.gwt.xml

               

              And that's it. When I compile with mvn install I get http://pastebin.com/AXQYBEZX

              • 4. Re: Re: Errai Security with PicketLink
                Max Barkley Expert

                The error message you posted suggests that you are referencing picketlink's PermissionResolver from client-side code. Errai Security doesn't allow you to reference picketlink classes from client-code. It is meant to be a thin wrapper, where you would use the Errai Security classes in your client and shared code.

                 

                Regarding more guidance, you should check out the security sections in the documentation. The last section on configuration explains what you need to add to your pom.xml and beans.xml to make Errai Security work.

                • 5. Re: Errai Security with PicketLink
                  Victor Wjugow Newbie

                  Thanks Max. I wasn't referencing any Picketlink class from the client. The problem was fixed when I copied the right dependencies from the documentation you provided, so it compiles now. I coulnd't make it run yet because of having 2 implementations for AuthenticatorService (Errai's and one of my own) I'll get back to you as soon as I have a little more time to work on this.

                  • 6. Re: Errai Security with PicketLink
                    Victor Wjugow Newbie

                    Hi Max, I'm testing with everything just like in the documentation. App compiles and runs, but it's throwing AuthenticationException when trying to login with john:123

                    I debugged and the create() method in the @Startup PicketLinkDefaultUsers class isn't being called although it's a @Postconstruct method. So no instance of this class is being created. Why can this be happening? My @Startup classes don't get instantiated. 

                    EDIT: Could it be that Jetty doesn't support @Startup since it's a EJB annotation?

                    • 7. Re: Errai Security with PicketLink
                      Max Barkley Expert
                      EDIT: Could it be that Jetty doesn't support @Startup since it's a EJB annotation?

                      That seems like a viable cause. I'm not sure what the best solution on Jetty would be.

                      • 8. Re: Errai Security with PicketLink
                        Victor Wjugow Newbie

                        If I try on Jboss I get:

                        Caused by: java.lang.ClassNotFoundException: org.jboss.errai.security.client.local.identity.Identity from [Module "deployment.webapp.war:main" from Service Module Loader]

                          at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)

                          at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)

                          at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)

                          at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)

                          at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)

                          ... 30 more

                         

                        I tried adding the modules (client, server, picketlink) to jboss but still get this. Although I haven't set the dependencies for each one inside the module.xml .. Is there any help guide on doing this? Or should this be working without configuring any modules ?

                        • 9. Re: Errai Security with PicketLink
                          Max Barkley Expert
                          Caused by: java.lang.ClassNotFoundException: org.jboss.errai.security.client.local.identity.Identity from [Module "deployment.webapp.war:main" from Service Module Loader]

                          The Identity class is client-only. Basically any class in errai-security-client should not be referenced from shared code.

                           

                          Although I haven't set the dependencies for each one inside the module.xml

                          The problem is likely unrelated. Focus on making sure that your client-only classes are not inadvertently referenced from server-side or shared code.

                          • 10. Re: Errai Security with PicketLink
                            Victor Wjugow Newbie

                            Max, unfortunately I haven't found any usage of Identity in Shared code.

                            I've uploaded a demo project that reproduces the issue to git@bitbucket.org:vwjugow/errar-security-issue.git / https://vwjugow@bitbucket.org/vwjugow/errar-security-issue.git

                            steps after import:

                            configure your jboss credentials in pom.xml (in the properties)

                            mvn clean

                            mvn install -Dmaven.test.skip=true -Derrai.compile.perf.perform_reachability_analysis=true -Pjboss7

                            run jboss (I'm running a 7.1.1 wildfly)

                            mvn gwt:run -Denvironment=dev -Pjboss7

                             

                            After this, you can see in the jboss console that it throws

                             

                            Caused by: java.lang.NoClassDefFoundError: Lorg/jboss/errai/security/client/local/identity/Identity;

                            • 11. Re: Errai Security with PicketLink
                              Max Barkley Expert

                              Victor,

                               

                              I can't compile your demo because maven can't resolve this dependency: com.magick:models:jar:0.2.0-Final

                              • 12. Re: Errai Security with PicketLink
                                Victor Wjugow Newbie

                                Oh I'm really sorry. Completely forgot about that.

                                You can pull again now, it should compile just fine.

                                Before compiling thought, if you are not using chrome check the App.gwt.xml  because I've set it to only compile for Chrome's agent (safari)

                                And, instead of running mvn gwt:run -Denvironment=dev -Pjboss7 you can just deploy the generated war (it should be in target folder inside project) from the Jboss console page usually at http://localhost:9990/ guess you already knew this though haha.

                                Thanks for helping me with this !

                                • 13. Re: Re: Errai Security with PicketLink
                                  Max Barkley Expert

                                  Victor,

                                   

                                  The class that wasn't loading (Login) was in a client.local package, so it shouldn't be deployed to the server in the first place. Here's a maven-war-plugin configuration that excludes classes in a client.local package from packaged war files:

                                        <plugin>
                                          <artifactId>maven-war-plugin</artifactId>
                                          <configuration>
                                            <failOnMissingWebXml>false</failOnMissingWebXml>
                                            <warName>${project.artifactId}</warName>
                                            <packagingExcludes>**/javax/**/*.*,**/client/local/**/*.class</packagingExcludes>
                                            <warSourceExcludes>WEB-INF/web.xml</warSourceExcludes>
                                          </configuration>
                                        </plugin>
                                  
                                  1 of 1 people found this helpful
                                  • 14. Re: Errai Security with PicketLink
                                    Victor Wjugow Newbie

                                    Thanks Max, that seems to have helped.

                                    I'm now getting http://pastebin.com/WAAaB2Fb . I googled and found http://stackoverflow.com/questions/7068148/resteasy-cdi-getting-duplicate-context-initialization-parameter-resteasy-inje , tried solutions there but couldn't make it work. If you pull again you'll see the changes.

                                    I tried removing errai-security and picketlink dependencies and the app starts (with an error http://pastebin.com/0WeU2v8Q but starts) .. so my guess is that picketlink uses resteasy and breaks the deployment to jboss any ideas on this ?

                                    I'm using these dep:

                                            <dependency>

                                                <groupId>org.jboss.errai</groupId>

                                                <artifactId>errai-security-server</artifactId>

                                                <version>${errai.version}</version>

                                            </dependency>

                                            <dependency>

                                                <groupId>org.jboss.errai</groupId>

                                                <artifactId>errai-security-client</artifactId>

                                                <scope>provided</scope>

                                                <version>${errai.version}</version>

                                            </dependency>

                                          <dependency>

                                                <groupId>org.jboss.errai</groupId>

                                                <artifactId>errai-security-picketlink</artifactId>

                                                <version>${errai.version}</version>

                                            </dependency>

                                    1 2 Previous Next