7 Replies Latest reply on Feb 27, 2014 6:08 PM by Shane Bryzak

    Errai Security with Picketlink

    Victor Wjugow Newbie

      Hi everyone.

      I'm having an issue with PicketLink. I'm using Errai's Identity class to log in the users of my application, and I've provided an implementation of org.picketlink.authentication.Authenticator that gets called when I do Identity.login().. that works great, the login is successfully done.

      Debugging, I checked that PicketLinkAuthenticationService.getUser() returns the just-logged-in user, when watching that method while the login process hasn't finished yet.

      But when it finishes, I call Errai's Identity.getUser() and it returns null. I've debugged that as well, and confirmed that this happens because a new instance of org.picketlink.internal.DefaultIdentity (SessionScoped) is created inside PicketLinkAuthenticationService (ApplicationScoped).

       

      Can anyone confirm whether this is a bug ? Errai's or PicketLink's?

      The only workaround that I can think of is keeping track the User returned by Identity.login(), because, as mentioned, if I call Identity.getUser() after login, it returns null. Any other ideas?

       

      Oh, by the way, I'm using Errai 3.0-SNAPSHOT and PicketLink 2.5.0.Beta5

       

      I've posted this on the errai forum as well: Errai Security with PicketLink but it seems more of a picket link issue.

        • 1. Re: Errai Security with Picketlink
          Victor Wjugow Newbie

          EDIT:

          I've removed Errai Security, and the same is still happening..

          I get different instances of DefaultIdentity before and after a user logs in, and the later lacks the user information, is as it never logged in.

          • 2. Re: Errai Security with Picketlink
            Shane Bryzak Master

            Hi Victor,

             

            Can you confirm if other session-scoped beans are behaving in the same manner (i.e. losing their state)?

            • 3. Re: Errai Security with Picketlink
              Victor Wjugow Newbie

              Hi Shane. Thanks for answering. Mm I don't have the app right now, but we are migrating from Shiro and it was working ok.. we used their Session class.

              • 4. Re: Errai Security with Picketlink
                Shane Bryzak Master

                Is it a CDI @SessionScoped bean?  Confirming that other session-scoped beans are working is the first step in diagnosing this issue

                • 5. Re: Errai Security with Picketlink
                  Victor Wjugow Newbie

                  We use CDI, yes.

                  I've placed another SessionScoped bean in the same class that holds the Identity object, and its instance also changed but keeps the information I've set during login.

                   

                  EDIT: I've upgraded to Picketlink 2.6.0-SNAPSHOT. Now I use set/getAccount in my Authenticator, but still same issue

                  • 6. Re: Re: Errai Security with Picketlink
                    Victor Wjugow Newbie
                    @PicketLink
                    public class MagickAuthenticator extends BaseAuthenticator implements Authenticator {
                    
                    
                      private static final Logger log = Logger.getLogger(MagickAuthenticator.class);
                      @Inject
                      DefaultLoginCredentials loginCredentials;
                      @Inject
                      private UserDAO userDAO;
                      @Inject
                      private Event<User> userEvent;
                    
                    
                      @Override
                      public void authenticate() {
                      String username = loginCredentials.getUserId();
                      String password = loginCredentials.getPassword();
                      log.info("Logging in username=" + username);
                      User user = userDAO.fetchUserByName(username);
                      if (!BCrypt.checkpw(password, user.getPasswordHash())) {
                      setStatus(AuthenticationStatus.FAILURE);
                      log.info("Wrong password");
                      return;
                      // throw new AuthenticationException("Failure in authentication");
                      }
                      userEvent.fire(user);
                      log.info("Setting Status");
                      setStatus(AuthenticationStatus.SUCCESS);
                      log.info("Setting Account");
                      org.picketlink.idm.model.basic.User picketLinkUser = new org.picketlink.idm.model.basic.User(username);
                      setAccount(picketLinkUser);
                    

                     

                    @Portable
                    public class SessionHelperImpl implements SessionHelper {
                    
                    
                      private final static String SESSION_USER = "session.user";
                      private static final Logger log = Logger.getLogger(SessionHelperImpl.class);
                      @Inject
                      Identity identity;
                    
                    
                      @Inject
                      AppSessionContext sessionContext;
                    
                    
                      @Inject
                      DefaultLoginCredentials loginCredentials;
                    
                    
                      @Inject
                      UserDAO userDao;
                    
                    
                      @Override
                      public com.magick.models.shared.User getCurrentUser() throws MGSessionException {
                    
                    
                      User user = (User) identity.getAccount();
                      if (user != null && user.getLoginName() != null) {
                      return userDao.fetchUserByName(user.getLoginName());
                      }else{
                      return sessionContext.getCurrentUser();
                      }
                      }
                    
                    
                      @Override
                      public boolean login(String username, String password) throws MGSessionException {
                      try {
                      loginCredentials.setPassword(password);
                      loginCredentials.setUserId(username);
                      Identity.AuthenticationResult result = identity.login();
                      if (result.equals(Identity.AuthenticationResult.FAILED)) {
                      return false;
                      } else {
                      com.magick.models.shared.User u = new com.magick.models.shared.User();
                      u.setUsername(username);
                      sessionContext.setUser(u);//
                      return true;
                      }
                    
                    
                      } catch (SecurityException se) {
                      log.info("Not authenticated");
                      }
                      log.info("IsAuthenticated" + identity.isLoggedIn());
                      return false;
                      }
                    
                    
                      @Override
                      public void logout() throws MGSessionException {
                      identity.logout();
                    
                    
                      }
                    
                    • 7. Re: Re: Errai Security with Picketlink
                      Shane Bryzak Master

                      Your code looks ok as far as I can tell.  Could you confirm if the authentication quickstart works ok for you?

                       

                      https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authentication-jsf

                       

                      Otherwise I'd be happy to take a closer look if you could package up a minimal project for me that duplicates the issue.