2 Replies Latest reply on Aug 28, 2014 2:41 PM by Sachin Dole

    REST login does not propagate to JSF by default?

    Sachin Dole Newbie

      I have the BasicModel working for me and can authenticate users using a rest end point that is called via ajax from an HTML5 app. however, after having logged the user in, the EL #{identity.loggedIn} returns false. If I call a different REST @Stateless endpoint that is @Secured using a custom authorizer of @SecurityBindingType, I do get an identity passed in to the authorizer, but, here too, identity.getAccount returns null (isLoggedIn false). If I call the initial endpoint that i used to login again, here, identity is correctly setup and isLoggedIn returns true and getAccount returns the right account.

       

      My environment is wildfly 8.1.0 with picketlink 2.6.0 (not the 2.5.2)

       

      I must have missed some configuration. Here is my @ApplicationScoped config initialization class. What should I be doing in order to have the rest authentication to propagate to all layers?

       

      THANK YOU!

       

      @ApplicationScoped
      public class PicketLinkConfiguration {
          @Inject
          private EEJPAContextInitializer eejpaContextInitializer;
          @Produces
          @PicketLink
          @PersistenceContext(unitName = "trelair")
          private EntityManager entityManager;
      
      
          @Produces
          @PicketLink
          public Partition createPartition() {
              return partitionManager.getPartition(Realm.class, "trelair");
          }
      
      
          @Inject
          private PartitionManager partitionManager;
      
      
          @Produces
          public IdentityConfiguration produceJPAConfiguration() {
              IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();
      
      
              builder
                      .named("default")
                      .stores()
                      .jpa()
                      .mappedEntity(AccountTypeEntity.class,
                              RoleTypeEntity.class,
                              GroupTypeEntity.class,
                              IdentityTypeEntity.class,
                              RelationshipTypeEntity.class,
                              RelationshipIdentityTypeEntity.class,
                              PartitionTypeEntity.class,
                              PasswordCredentialTypeEntity.class,
                              OTPCredentialTypeEntity.class,
                              AttributeTypeEntity.class,
                              PermissionsEntity.class)
                      .supportAllFeatures()
                      .addContextInitializer(eejpaContextInitializer);
              // configure the JPA store
      
      
              return builder.build();
          }
      
      
          public void observeIdentityConfigurationEvent(@Observes IdentityConfigurationEvent event) {
              IdentityConfigurationBuilder builder = event.getConfig();
      
      
              // use the builder to provide your own configuration
          }
      
      
          public void init(@Observes PartitionManagerCreateEvent event) {
      
      
              // retrieve the recently created partition manager instance
              PartitionManager partitionManager = event.getPartitionManager();
              // retrieve all the configuration used to build the instance
              Collection configurations = partitionManager.getConfigurations();
          }
      }
      
        • 1. Re: REST login does not propagate to JSF by default?
          Pedro Igor Master

          This should not happen if you are using a stateful Identity bean. However, if you are configuring the Identity bean as stateless, on every single request you must re-authenticate the user in order to establish his security context.

           

          The stateless behavior is usually enabled by providing a configuration just like that:

           

          {code}

          SecurityConfigurationBuilder securityConfigurationBuilder = event.getBuilder();

           

          securityConfigurationBuilder

              .identity()

              .stateless();

          {code}

           

          The stateful behavior is basically using the JSESSIONID to track the user's session. Which is the default behavior.

           

          Btw, you don't need to provide that IDM configuration if you're using the Basic Identity Model. Everything is configured for you automatically. Also, in 2.7.0.Beta1 we're making config even easier.

           

          Regards.

          • 2. Re: REST login does not propagate to JSF by default?
            Sachin Dole Newbie

            I think I might have found my problem. When I first introduced picketlink into my system, it created a "default" partition for me. next, I changed configuration to create a custom partition for my product. At this point, I suspect, picketlink was confused with my configuration and was using a different partition in different parts of code. The fix was to delete the default partition from database. No code change was needed.

             

            It was not easy to debug this.

             

            Probably sounds strange, but is true.