1 2 Previous Next 27 Replies Latest reply on Mar 30, 2016 10:58 AM by Assistenza BSS

    JWT example for Picketlink 2.6.0

    Esteve Aviles Newbie

      Hi,

       

      We  are interested in using picketlink-json package to implenent JWT. We have seen that the documentation is not ready. Is there any example out there showing how to use this package?

       

      Does this package implements the filter to allow Stateless Rest Web services?

       

      Thanks in advance,

       

      Regards,

      Esteve

        • 1. Re: JWT example for Picketlink 2.6.0
          Jan Gurda Newbie

          Please check AngularJS quick start under https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-angularjs-rest

          After I digged into details I understand that initial authentication request is performed with BASIC authentication (check servlet filter class defined in web.xml) and then token is generated. That token is exchanged between client and servier in HTTP header. For your use case it would be good to use stateless Identity which also is available in Picketlink 2.6.0.Final.

           

          I have spent some time recently to find out how JWT is implemented in Picketlink and realized that JWT and JWS (signed token) is implemented but there are still some things to implement for example JWE (check class JsonWebEncryption).

           

          I'm currently working on stateless token-based authentication for REST services too. Will put some code later.

           

          I encourage you to check Picketlink source code. It's well written and easy to understand.

          • 2. Re: JWT example for Picketlink 2.6.0
            Pedro Igor Master

            Hi Esteve,

             

                There is not docs for PicketLink JSON, yet. We're working to support JWE and JWK. Once we finish that we're going to provide more docs.

             

                For now, I would suggest you to take a look at the test cases provided by this module. I think they are a useful source to understand and see how to use it.

             

            Thanks.

            • 3. Re: JWT example for Picketlink 2.6.0
              Pedro Igor Master

              Hey Esteve,

               

                  You can check an initial documentation for the PicketLink JSON API here.

               

                  It still need a review before push that to our official documentation. But it can help you meanwhile.

               

              Regards.

              • 4. Re: JWT example for Picketlink 2.6.0
                MikeLove Newbie

                Hi,

                The picketlink-angularjs-rest quickstart has provided good insights to the JSON implementation and usage. During signin, a POST to <contextRoot>/authc is sent from the angular app using the LoginResource

                 

                I have been selectively adding components from the quickstart to ensure understanding of implementation in the quickstart and where likely to enhance, etc within my add. Registration and activation services are working as expected. /authc returns a 404 in my app

                No such endpoint in the quickstart, so can only assume it is being contributed by picketlink-json. Initial investigation of source has not made me any the wiser.

                 

                My question is what is contributing this REST endpoint.

                 

                Thanks

                • 5. Re: JWT example for Picketlink 2.6.0
                  Pedro Igor Master

                  Hey Mike,

                   

                      The "/authc/" does not exists. You may notice that the security filter is intercepting every single URL from "/rest/private/*.

                   

                      What the filter does is check if the request is authenticated, if not try to extract credentials from it. In this case, BASIC credentials. Once the user provides valid credentials, the filter will validate them and issue a token accordingly. The token is written to the response. All that is done by a specific authentication scheme, the TokenAuthenticationScheme.

                   

                  Regards.

                  Pedro Igor

                  • 6. Re: JWT example for Picketlink 2.6.0
                    andrea lagomarsini Newbie

                    Dear Pedro,

                     

                    I have a problem that i don't understand... when i try to use your code for picketlink-angularjs app i'm aple to register and autentichate the token..

                    but if i try to log in.. i have this error :

                    16:48:50,540 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /A3iuNxt-web/rest/private/authc: org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: java.util.HashMap of media type: application/octet-stream

                        at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157) [resteasy-jaxrs-3.0.8.Final.jar:]

                        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:176) [resteasy-jaxrs-3.0.8.Final.jar:]

                        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) [resteasy-jaxrs-3.0.8.Final.jar:]

                        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.8.Final.jar:]

                        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.8.Final.jar:]

                        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]

                        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

                        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

                        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

                        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_20]

                        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_20]

                        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_20]

                    Caused by: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: java.util.HashMap of media type: application/octet-stream

                        at org.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67) [resteasy-jaxrs-3.0.8.Final.jar:]

                        at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153) [resteasy-jaxrs-3.0.8.Final.jar:]

                        ... 33 more

                     

                    i'm going mad... do you have any idea ?

                     

                    i tryed to debug all the steps and i noticed that the security listners seem not be called !

                     

                    and

                    • 7. Re: JWT example for Picketlink 2.6.0
                      Pedro Igor Master

                      Hey,

                       

                           Which version of WildFly are you using ?

                      • 8. Re: JWT example for Picketlink 2.6.0
                        andrea lagomarsini Newbie

                        Hi Pedro,

                         

                        I found the problem, i'm using an  EAR application  derived from your example picketlink-angularjs-rest 2.7.0 CR1.

                        i have the ejb part with the logic into the jar and all the web in war.

                        i'm using wildfly 8.1 final.

                         

                        I think there are some problems in the listener, so if i put all the jars into the war, everything is correctly running, if i move the picketlink jars

                        and the code from web to ejb jar, i have that problem...

                         

                        any ideas?

                         

                        and

                        • 9. Re: JWT example for Picketlink 2.6.0
                          Pedro Igor Master

                          I know Resteasy provides some default provider implementation to transform basic types such as Map and List. Maybe you are missing some resteasy dependency in your EAR's jboss-deployment-structure.xml.

                          • 10. Re: JWT example for Picketlink 2.6.0
                            andrea lagomarsini Newbie

                            Pedro,

                             

                            i'm using maven insted jboss-deployment-structure.xml

                             

                            this is the maven ear plugin congif

                             

                            <plugins>
                            <plugin>
                            <artifactId>maven-ear-plugin</artifactId>
                            <version>${version.ear.plugin}</version>

                             

                             

                             

                             

                            <configuration>
                            <!-- Java EE 7 doesn't require web.xml, Maven needs to catch up! -->
                            <failOnMissingWebXml>false</failOnMissingWebXml>
                            <archive>
                            <manifestEntries>
                            <!--<Dependencies>org.jboss.resteasy.resteasy-jaxrs meta-inf,org.slf4j,org.infinispan,org.picketlink meta-inf,org.picketlink.idm meta-inf,org.picketlink.core meta-inf,org.picketlink.core.api meta-inf,org.picketlink.idm.api meta-inf,org.picketlink.idm.schema meta-inf</Dependencies> -->
                            <Dependencies>org.picketlink.config meta-inf,org.picketlink.idm.api meta-inf,org.picketlink.idm meta-inf,org.picketlink.core meta-inf,org.picketlink.core.api meta-inf,org.picketlink.common meta-inf,org.picketlink.idm.schema meta-inf,org.jboss.resteasy.jose-jwt meta-inf,org.jboss.resteasy.resteasy-atom-provider meta-inf,org.jboss.resteasy.resteasy-cdi meta-inf,org.jboss.resteasy.resteasy-crypto meta-inf,org.jboss.resteasy.resteasy-jettison-provider meta-inf,org.jboss.resteasy.resteasy-multipart-provider meta-inf,org.jboss.resteasy.resteasy-jaxb-provider meta-inf,org.jboss.resteasy.resteasy-jackson-provider meta-inf,org.glassfish.javax.json meta-inf,org.jboss.resteasy.resteasy-json-p-provider meta-inf,org.jboss.resteasy.resteasy-jaxrs meta-inf,org.slf4j,org.infinispan</Dependencies>

                             

                             

                            </manifestEntries>
                            </archive>
                            </configuration>

                            </plugin>

                            I put inside all the possible modules.. but there is no possibility to solve this problem, in Ear configuration, the security in not catch...

                             

                            i think is a problem on the listenrs is it possible?

                             

                            andrea

                            • 11. Re: JWT example for Picketlink 2.6.0
                              andrea lagomarsini Newbie

                              Dear Pedro

                              Unfortunally, this kind of application ONLY works if you put all the requestet jars into WEB-INF/lib folder... if you try to migrate from Uber picketlink jar to Wildfly/picketlink/module and import it with jboss-deployment-structure.xml or maven manifest import, simply you receive back the problem that i have...

                               

                              I tryed to debug a lot wildfly and picketlink to find the problem but is too deep ..

                               

                              did you never try to migrate Rest Picketlink security into and EAR project with module dependencies?

                               

                              andrea

                              • 12. Re: JWT example for Picketlink 2.6.0
                                Pedro Igor Master

                                Hey Andrea,

                                 

                                   I have reproduced your issue. You are not alone

                                 

                                   However, I don't have a solution for that yet. I'm trying to get some feedback from Resteasy team and check if we're missing something when using dependencies from modules.

                                 

                                   This is probably a classloader issue when using modules, not sure if it is related with PL.

                                 

                                Regards.

                                • 13. Re: JWT example for Picketlink 2.6.0
                                  Rodrigo Silva Newbie

                                  I'm facing the same problem on JBoss EAP 6.3.

                                   

                                  Caused by: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: java.util.HashMap of media type: application/octet-stream

                                   

                                  In my case it occurs when a REST method that return a List is accessed .

                                   

                                  pcraveiro I think is related to picketlink because before setup Picketlink token authentication on my project all rest resources are ok.

                                  • 14. Re: JWT example for Picketlink 2.6.0
                                    Pedro Igor Master

                                    Are you using PL from modules as well ?

                                    1 2 Previous Next