2 Replies Latest reply on May 23, 2014 1:26 PM by Victor Wjugow

    Errai security with PicketLink

    xybrek Newbie

      I have this CustomAuthenticator for user with Errai Security:



          public CustomAuthenticator extends BaseAuthenticator {


              public void authenticate() {

                  String userId = loginCredentials.getUserId();

                  String password = loginCredentials.getPassword();

                  User user = userDAO.fetchUserByName(userId);

                  if (!BCrypt.checkpw(password, user.getPasswordHash())) {


                  } else {

                      // Add to IDM

                      IdentityQuery<UserImpl> query

                              = partitionManager.createIdentityManager().createIdentityQuery(UserImpl.class);

                      query.setParameter(UserImpl.LOGIN_NAME, user.getUsername());

                      List<UserImpl> result = query.getResultList();

                      org.picketlink.idm.model.basic.Role trial = new org.picketlink.idm.model.basic.Role("TRIAL");

                      if (result.isEmpty()){

                          UserImpl account = new UserImpl(user);


                          partitionManager.createIdentityManager().updateCredential(account, new Password(password));


                         partitionManager.createRelationshipManager().add(new Grant(account, trial));

                          IdentityQuery<UserImpl> q

                                  = partitionManager.createIdentityManager().createIdentityQuery(UserImpl.class);

                          q.setParameter(UserImpl.LOGIN_NAME, user.getUsername());

                          UserImpl u = q.getResultList().iterator().next();



                      } else {










      Even I check the seAccount Account to be set is ok, I am not sure if the Roles is persisted at list at the Picketlink side; because the response of the call:



          Caller<AuthenticationService> authServiceCaller;



      The Errai Security User returned although not null, the names is "ANONYMOUS" and role is "NOBODY" I'm not sure what's happening here.


      The login(username, password) method returns the correct User and Role, but getUser() does not. This is the issue.

        • 1. Re: Errai security with PicketLink
          Max Barkley Expert

          Hi Xybrek,

          The Errai Security User returned although not null, the names is "ANONYMOUS" and role is "NOBODY" I'm not sure what's happening here.

          This is the user representing not being logged in by Errai Security. This is only returned by getUser when PicketLink's Identity.isLoggedIn() returns false. You can confirm this is the case by setting a breakpoint in line 133 of the PicketLinkAuthenticationService (in errai-security-picketlink).


          I'd suggest going to the PicketLink forum for help if you haven't tried that already.



          • 2. Re: Errai security with PicketLink
            Victor Wjugow Newbie


            we were experiencing this with jetty, but with jboss it seems to work, so I guess we can close this.