2 Replies Latest reply on May 31, 2016 12:28 PM by Eyder Albeiro Ascuntár Rosales

    Path Redirection does not work

    Eyder Albeiro Ascuntár Rosales Newbie

      Good Afternoon

      I am using picketlink version 2.7.0 with the following settings in the maven dependencies:

       

       

      <!-- PicketLink dependency versions -->
        <version.picketlink.javaee.bom>2.7.0.Final</version.picketlink.javaee.bom>
      
      
      
      <dependencyManagement>
        <dependencies>
        <!-- Dependency Management for PicketLink and Java EE 6.0. -->
        <dependency>
        <groupId>org.picketlink</groupId>
        <artifactId>picketlink-javaee-7.0</artifactId>
        <version>${version.picketlink.javaee.bom}</version>
        <scope>import</scope>
        <type>pom</type>
        </dependency>
        </dependencies>
        </dependencyManagement>
      

       

      But when I set the HttpSecurityConfiguration not redirected to the error page or unauthorized page.

      public class HttpSecurityConfiguration {

       

       

          public void configureHttpSecurity(@Observes SecurityConfigurationEvent event) {
              SecurityConfigurationBuilder builder = event.getBuilder();
        builder
        .http()
        .forPath("/app/*")
        .authenticateWith()
        .form()
        .loginPage("/login.jsf")
        .errorPage("/error.jsf")
        .forPath("/app/admin/*")
        .authorizeWith()
        .group("Administradores")
        .redirectTo("/prohibido.jsf").whenForbidden()
        .redirectTo("/error.jsf").whenError()
        .forPath("/app/admin/*")
        .authorizeWith()
        .group("Empleados")
        .redirectTo("/prohibido.jsf").whenForbidden()
        .redirectTo("/error.jsf").whenError();
        }
      }
      

       

      The given path [/app/admin/*] requires authentication.

       

      16:19:25,467 INFO  [stdout] (default task-6) 2015-07-30 16:19:25 JRebel: Reloading class 'org.jboss.as.quickstarts.picketlink.authorization.idm.jpa.HttpSecurityConfiguration'.
      16:19:27,612 INFO  [org.jboss.weld.deployer] (default task-6) JBAS016002: Processing weld deployment picketlink-authorization-idm-jpa.war
      16:19:27,634 ERROR [org.picketlink.http] (default task-6) Exception thrown during processing for path [/picketlink-authorization-idm-jpa/app/admin/index.jsf]. Sending error with status code [401].: org.picketlink.http.AuthenticationRequiredException: The given path [/app/admin/*] requires authentication.
        at org.picketlink.http.internal.SecurityFilter.performAuthenticationIfRequired(SecurityFilter.java:445) [picketlink-2.7.0.Final.jar:]
        at org.picketlink.http.internal.SecurityFilter.doFilter(SecurityFilter.java:174) [picketlink-2.7.0.Final.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.ServletInitialHandler.jrHandle(ServletInitialHandler.java) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at org.zeroturnaround.javarebel.integration.servlet.undertow.cbp.ServletInitialHandlerCBP.handleRequest(ServletInitialHandlerCBP.java:76) [undertow-servlet-jr-plugin-6.0.2.jar:]
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
      
        • 1. Re: Path Redirection does not work
          Pedro Igor Master

          Hi Eyder,

           

          In this case you must create a group configuration, define the common requirements there and specify the same group to each path sharing a set of requirements. Something like:

           

          builder
            .http()
                .forGroup("Authentication") // group definition
                    .authenticateWith()
                        .form()
                            .authenticationUri("/login.jsf")
                            .loginPage("/login.jsf")
                            .errorPage("/error.jsf")
               .forPath("/*", "Authentication")
                .forPath("/admin/*", "Authentication") // specify the group for the given path
                    .authorizeWith()
                        .role("Admin").redirectTo("/error.jsf").whenForbidden();
          

           

          Above we are defining some authentication requirements to a path group "Authentication" and using this group when defining paths.