Discussion :

[tralloc]

Bonjour,
Je suis assez désespéré.
Je n'ai pas trop l'habitude avec la sécurité des applis et je teste picketlink en REST sur un wildfly 9.0.0.FINal
Voici le problème :
j'arrive à me loguer une première fois avec mon login/password
je lance la déconnection qui à priori également fonctionne mais pas de message
lorsque je reviens me reconnecter j'ai une exception qui me dit que l'User existe déjà pour cet identifiant avec cette partition (il n'y en a qu'une de toutes manières)
A savoir que j'ai attribué des rôles à ce "User" comme on le verra dans le code.

Donc je me dis qu'il se comprte comme s'l n'avait pas viré l'User de quelque part...
Quelqu'un a une idée ?


voici mon pom
A priori pas de soucis à ce niveau là...

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?xml version="1.0"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>hystrial</groupId>
	<artifactId>arenapolis</artifactId>
	<version>0.1</version>
	<packaging>war</packaging>
 
	<name>Arena polis</name>
	<description>Jeu de gladiateurs</description>
 
	<properties>
		<!-- JBoss AS dependency versions -->
		<version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
		<!-- WildFly dependency versions -->
		<version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
		<!-- PicketLink dependency versions -->
		<version.picketlink.javaee.bom>2.7.0.Final</version.picketlink.javaee.bom>
		<!-- maven-war-plugin -->
		<version.war.plugin>2.1.1</version.war.plugin>
		<!-- maven-compiler-plugin -->
		<version.compiler.plugin>3.1</version.compiler.plugin>
		<maven.compiler.target>1.8</maven.compiler.target>
		<maven.compiler.source>1.8</maven.compiler.source>
	</properties>
 
	<dependencyManagement>
		<dependencies>
			<!-- Dependency Management for PicketLink and Java EE 6.0. -->
			<dependency>
				<groupId>org.picketlink</groupId>
				<artifactId>picketlink-javaee-7.0</artifactId>
				<version>${version.picketlink.javaee.bom}</version>
				<scope>import</scope>
				<type>pom</type>
			</dependency>
		</dependencies>
	</dependencyManagement>
 
	<dependencies>
 
		<!-- PicketLink Uber Dependency. It provides all PicketLink dependencies 
			from a single JAR. You still can define each module separately, if you want 
			to. -->
		<dependency>
			<groupId>org.picketlink</groupId>
			<artifactId>picketlink</artifactId>
			<scope>compile</scope>
		</dependency>
 
		<dependency>
			<groupId>org.hibernate.javax.persistence</groupId>
			<artifactId>hibernate-jpa-2.1-api</artifactId>
		</dependency>
 
		<!-- Import the EJB API, we use provided scope as the API is included in 
			JBoss AS 7 -->
		<dependency>
			<groupId>org.jboss.spec.javax.ejb</groupId>
			<artifactId>jboss-ejb-api_3.2_spec</artifactId>
		</dependency>
 
		<!-- Import the CDI API, we use provided scope as the API is included in 
			JBoss AS 7 -->
		<dependency>
			<groupId>javax.enterprise</groupId>
			<artifactId>cdi-api</artifactId>
			<scope>provided</scope>
		</dependency>
 
		<!-- Import the JAX-RS API, we use provided scope as the API is included 
			in JBoss AS 7 -->
		<dependency>
			<groupId>org.jboss.spec.javax.ws.rs</groupId>
			<artifactId>jboss-jaxrs-api_1.1_spec</artifactId>
			<version>1.0.1.Final</version>
		</dependency>
 
		<dependency>
			<groupId>com.thetransactioncompany</groupId>
			<artifactId>cors-filter</artifactId>
			<version>2.4</version>
		</dependency>
	</dependencies>
 
	<build>
		<!-- Set the name of the war, used as the context root when the app is 
			deployed -->
		<finalName>${project.artifactId}</finalName>
		<plugins>
			<plugin>
				<artifactId>maven-war-plugin</artifactId>
				<version>${version.war.plugin}</version>
				<configuration>
					<!-- Java EE 6 doesn't require web.xml, Maven needs to catch up! -->
					<failOnMissingWebXml>false</failOnMissingWebXml>
				</configuration>
			</plugin>
			<!-- JBoss AS plugin to deploy war -->
			<plugin>
				<groupId>org.jboss.as.plugins</groupId>
				<artifactId>jboss-as-maven-plugin</artifactId>
				<version>${version.jboss.maven.plugin}</version>
			</plugin>
		</plugins>
	</build>
 
	<profiles>
		<profile>
			<id>wildfly</id>
			<properties>
				<target.container>wildfly</target.container>
			</properties>
			<build>
				<plugins>
					<plugin>
						<groupId>org.wildfly.plugins</groupId>
						<artifactId>wildfly-maven-plugin</artifactId>
						<version>${version.wildfly.maven.plugin}</version>
					</plugin>
				</plugins>
			</build>
		</profile>
	</profiles>
 
</project>

Bon, j'ai voulu créer une authentification en utilisant picketlink, je me suis basé sur un tuto.

voici mon service d'ahthentification (qui a l'air de marcher correctement)

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
@Path("/authentification")
public class ServiceAuthentification {
 
	public static final String USERNAME_PASSWORD_CREDENTIAL_CONTENT_TYPE = "application/x-authc-username-password+json";
	public static final String TOKEN_CONTENT_CREDENTIAL_TYPE = "application/x-authc-token";
 
	@Inject
	private Identity identity;
 
	@Inject
	private DefaultLoginCredentials credentials;
 
	@POST
	@Produces("application/json")
	@Consumes({ USERNAME_PASSWORD_CREDENTIAL_CONTENT_TYPE })
	public Response authenticate(DefaultLoginCredentials credential) {
		if (!this.identity.isLoggedIn()) {
			this.credentials.setUserId(credential.getUserId());
			this.credentials.setPassword(credential.getPassword());
			this.identity.login();
		}
 
		Account account = this.identity.getAccount();
 
		if (account != null) {
			//AccordeDroit(credential.getUserId());
			return Response.ok().entity(account).type(MediaType.APPLICATION_JSON_TYPE).build();
		}
		return Response.status(Status.UNAUTHORIZED).build();
	}
 
	@POST
	@Consumes({ "*/*" })
	public Response unsupportedCredentialType() {
		return Response.status(Response.Status.UNSUPPORTED_MEDIA_TYPE).build();
	}

l'authenticator qui va avec

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
@RequestScoped
@PicketLink
public class Authentifieur extends BaseAuthenticator {
 
    @Inject
    private DefaultLoginCredentials credentials;
 
    @Inject IndividuFacade individuFacade;
 
    @Inject
    private PartitionManager partitionManager;
 
    @Override
    public void authenticate() {
        if (this.credentials.getCredential() == null) {
            return;
        }
 
        if (isUsernamePasswordCredential()) {
            String userId = this.credentials.getUserId();
            Password password = (Password) this.credentials.getCredential();
 
            Individu ind=individuFacade.getIndividuRole(userId, String.copyValueOf(password.getValue()));
            if(ind!=null)
            {
            	setStatus(AuthenticationStatus.SUCCESS);
            	User user = new User(userId);
            	user.setFirstName(ind.getPseudo());
            	user.setEmail(ind.geteMail());
            	user.setId(ind.getId().toString());
            	user.setEnabled(true);
            	setAccount(user);
            	IdentityManager identityManager = this.partitionManager.createIdentityManager();
            	identityManager.add(user);
            	RelationshipManager relationshipManager = this.partitionManager.createRelationshipManager();
            	for(Role role :  ind.getEnsembleRole()){
            		org.picketlink.idm.model.basic.Role roleTemp = BasicModel.getRole(identityManager, role.getCode());
                    BasicModel.grantRole(relationshipManager, user, roleTemp );
 
            	}
            }
            else
            {
            	setStatus(AuthenticationStatus.FAILURE);
            }
        }
    }
 
    private boolean isUsernamePasswordCredential() {
        return Password.class.equals(credentials.getCredential().getClass()) && credentials.getUserId() != null;
    }
}

et enfin mon code de déconnexion

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
/**
 package hystrial.security.authentification;
 
import javax.inject.Inject;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
 
import org.picketlink.Identity;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.model.basic.User;
 
 
/**
 * <p>Simple logout service.</p>
 */
@Path("/deconnexion")
public class ServiceDeconnexion {
	@Inject private IdentityManager identityManager;
    @Inject private Identity identity;
 
    @POST
    public void logout() {
    	if (this.identity.isLoggedIn()) {
 
            this.identity.logout();
        }
    }
 
}

et voici l'erreur

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
13:05:08,830 INFO  [stdout] (default task-14) Hibernate: select individu0_.id_individu as id_indiv1_0_0_, ensemblero1_.code_role as code_rol1_1_1_, ensemblero1_.id_individu as id_indiv2_1_1_, individu0_.e_mail as e_mail2_0_0_, individu0_.mot_passe as mot_pass3_0_0_, individu0_.pseudo as pseudo4_0_0_, ensemblero1_.id_individu as id_indiv2_0_0__, ensemblero1_.code_role as code_rol1_1_0__, ensemblero1_.id_individu as id_indiv2_1_0__ from individu individu0_ left outer join role ensemblero1_ on individu0_.id_individu=ensemblero1_.id_individu where individu0_.e_mail=? and individu0_.mot_passe=?
13:05:08,834 ERROR [io.undertow.request] (default task-14) UT005023: Exception handling request to /arenapolis/rs/authentification: org.jboss.resteasy.spi.UnhandledException: org.picketlink.authentication.AuthenticationException: Authentication failed.
	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
	at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:208)
	at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:274)
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.picketlink.authentication.AuthenticationException: Authentication failed.
	at org.picketlink.internal.AbstractIdentity.authenticate(AbstractIdentity.java:234)
	at org.picketlink.internal.AbstractIdentity.login(AbstractIdentity.java:145)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38)
	at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:100)
	at org.jboss.weld.proxies.Identity$1509662680$Proxy$_$$_WeldClientProxy.login(Unknown Source)
	at hystrial.security.authentification.ServiceAuthentification.authenticate(ServiceAuthentification.java:41)
	at hystrial.security.authentification.ServiceAuthentification$Proxy$_$$_WeldClientProxy.authenticate(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
	... 38 more
Caused by: org.picketlink.idm.IdentityManagementException: IdentityType [class org.picketlink.idm.model.basic.User] already exists with the given identifier [1] for the given Partition [null].
	at org.picketlink.idm.internal.ContextualIdentityManager.checkUniqueness(ContextualIdentityManager.java:358)
	at org.picketlink.idm.internal.ContextualIdentityManager.checkUniqueness(ContextualIdentityManager.java:70)
	at org.picketlink.idm.internal.AbstractAttributedTypeManager.add(AbstractAttributedTypeManager.java:69)
	at hystrial.security.authentification.Authentifieur.authenticate(Authentifieur.java:59)
	at hystrial.security.authentification.Authentifieur$Proxy$_$$_WeldClientProxy.authenticate(Unknown Source)
	at org.picketlink.internal.AbstractIdentity.authenticate(AbstractIdentity.java:221)
	... 57 more

[tralloc]

Il fallait rechercher si l'user se trouvait déjà dans le pool !
Ainsi voilà le code que j'ai produit, je ne sais pas s'il est parfait mais c'est déjà ça !

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
@RequestScoped
@PicketLink
public class Authentifieur extends BaseAuthenticator {
 
	@Inject
	private DefaultLoginCredentials credentials;
 
	@Inject
	IndividuFacade individuFacade;
 
	@Inject
	private PartitionManager partitionManager;
 
	@Override
	public void authenticate() {
		if (this.credentials.getCredential() == null) {
			return;
		}
 
		if (isUsernamePasswordCredential()) {
			String userId = this.credentials.getUserId();
			Password password = (Password) this.credentials.getCredential();
 
			Individu ind = individuFacade.getIndividuRole(userId, String.copyValueOf(password.getValue()));
			if (ind != null) {
				User user;
				IdentityManager identityManager = partitionManager.createIdentityManager();
				user = BasicModel.getUser(identityManager, userId);
				if (user == null) {
					user = new User(userId);
					user.setFirstName(ind.getPseudo());
					user.setEmail(ind.geteMail());
					user.setId(ind.getId().toString());
					identityManager.add(user);
				}
				user.setEnabled(true);
				setAccount(user);
				RelationshipManager relationshipManager = this.partitionManager.createRelationshipManager();
				for (Role role : ind.getEnsembleRole()) {
					org.picketlink.idm.model.basic.Role roleTemp = BasicModel.getRole(identityManager, role.getCode());
					BasicModel.grantRole(relationshipManager, user, roleTemp);
 
				}
				setStatus(AuthenticationStatus.SUCCESS);
			}
			else{
				setStatus(AuthenticationStatus.FAILURE);
			}
 
		} else {
			setStatus(AuthenticationStatus.FAILURE);
		}
	}
 
	private boolean isUsernamePasswordCredential() {
		return Password.class.equals(credentials.getCredential().getClass()) && credentials.getUserId() != null;
	}