0
TomEE 7.0.1で開発しているJEE 7 Webアプリケーションのセキュリティニーズに合わせてPicketLinkを統合しようとしています。私はPicketLinkサイトから基本的な例を実装しました。ただし、PicketLinkはフォーム入力の認証に失敗し、「アカウントは資格情報を見つけられません...」と記録します。ここに私の実装です:PicketLinkとTomEEの統合
public class SecurityConfiguration {
public void onInit(@Observes org.picketlink.event.SecurityConfigurationEvent event) {
org.picketlink.config.SecurityConfigurationBuilder builder = event.getBuilder();
builder
.http()
.allPaths()
.authenticateWith()
.form()
.authenticationUri("/login.xhtml")
.loginPage("/") // Invokes a servlet which forwards to login.xhtml
.errorPage("/")
.redirectTo("/index.xhtml")
// .restoreOriginalRequest()
.forPath("/javax.faces.resource/*")
.unprotected()
.forPath("/logout")
.logout()
.redirectTo("/")
.forPath("/register.xhtml")
.unprotected();
}
}
@Singleton
@Startup
public class SecurityInitializer {
@Inject
private PartitionManager partitionManager;
//@Inject
//private IdentityManager identityManager; // This didn't work either
@PostConstruct
public void create() {
IdentityManager identityManager = this.partitionManager.createIdentityManager();
User user = new User("jane");
user.setEmail("[email protected]");
user.setFirstName("Jane");
user.setLastName("Doe");
identityManager.add(user);
identityManager.updateCredential(user, new Password("1234"));
}
}
はlogin.xhtml
<body id="loginform">
<h:panelGroup layout="block" styleClass="login">
<h:form prependId="false">
<h:inputText id="j_username" value="#{loginCredentials.userId}" required="true" pt:placeholder="Username" />
<h:inputSecret id="j_password" value="#{loginCredentials.password}" required="true" pt:placeholder="Password" />
<h:commandButton value="Sign In" action="#{identity.login}"/>
</h:form>
</h:panelGroup>
</body>
ログ出力:
Performing authentication using credentials [[email protected]]. User id is [jane].
10:17:09.161 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [[email protected]e].
10:17:09.163 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Authentication is going to be performed by authenticator [[email protected]]
10:17:09.163 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Validating credentials [[email protected]ee] using PicketLink IDM.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Initializing Identity Management Subsystem.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Creating PartitionManager.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Building identity management configuration.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - IdentityConfiguration not provided by the application, creating a default IdentityConfigurationBuilder.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [[email protected]].
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - No configuration provided by the application. Configuring defaults.
10:17:09.181 [http-nio-8080-exec-7] DEBUG org.picketlink.common - Using logger implementation: org.picketlink.common.DefaultPicketLinkLogger
10:17:09.181 [http-nio-8080-exec-7] DEBUG org.picketlink - Auto configuring File Identity Store.
10:17:09.191 [http-nio-8080-exec-7] INFO org.picketlink.idm - PLIDM001000: Bootstrapping PicketLink IDM Partition Manager
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Identity Management Configuration: [
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Name: default
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Identity Store Configuration: [[email protected]]
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supports Partition: true
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supports Attribute: true
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supports Credential: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supports Permission: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supported Types: [interface org.picketlink.idm.model.IdentityType, interface org.picketlink.idm.model.Relationship, class org.picketlink.idm.model.basic.GroupMembership, class org.picketlink.idm.model.basic.Agent, class org.picketlink.idm.model.basic.Group, interface org.picketlink.idm.model.Partition, class org.picketlink.idm.model.basic.GroupRole, class org.picketlink.idm.model.basic.Realm, class org.picketlink.idm.model.basic.Grant, class org.picketlink.idm.model.basic.User, class org.picketlink.idm.model.basic.Role]
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - ]
10:17:09.198 [http-nio-8080-exec-7] INFO org.picketlink.idm.identity.store - PLIDM001001: Initializing Identity Store [class org.picketlink.idm.file.internal.FileIdentityStore]
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - [[email protected]]: [
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Type: class org.picketlink.idm.file.internal.FileIdentityStore
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Supports partition: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Supports attribute: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Supports credential: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Credential Handlers: [class org.picketlink.idm.credential.handler.PasswordCredentialHandler, class org.picketlink.idm.credential.handler.X509CertificateCredentialHandler, class org.picketlink.idm.credential.handler.DigestCredentialHandler, class org.picketlink.idm.credential.handler.TOTPCredentialHandler, class org.picketlink.idm.credential.handler.TokenCredentialHandler]
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Supported types: [interface org.picketlink.idm.model.IdentityType, interface org.picketlink.idm.model.Relationship, class org.picketlink.idm.model.basic.GroupMembership, class org.picketlink.idm.model.basic.Agent, class org.picketlink.idm.model.basic.Group, interface org.picketlink.idm.model.Partition, class org.picketlink.idm.model.basic.GroupRole, class org.picketlink.idm.model.basic.Realm, class org.picketlink.idm.model.basic.Grant, class org.picketlink.idm.model.basic.User, class org.picketlink.idm.model.basic.Role]
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Unsupported types: []
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Context Initializers: [[email protected]a402a5]
10:17:09.256 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - ]
10:17:09.276 [http-nio-8080-exec-7] WARN o.picketlink.idm.identity.store.file - PLIDM001101: Working directory [C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm] is marked to be always created. All your existing data will be lost.
10:17:09.328 [http-nio-8080-exec-7] INFO o.picketlink.idm.identity.store.file - PLIDM001100: Using working directory [C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm].
10:17:09.331 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - No partitions to load from C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm\pl-idm-partitions.db
10:17:09.333 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [[email protected]].
10:17:09.336 [http-nio-8080-exec-7] DEBUG org.picketlink - Creating default partition using [class org.picketlink.idm.model.basic.Realm] and name [default].
10:17:09.343 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Initializing Partition [default] with id [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.346 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Identity Types [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.348 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Credentials [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.351 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Permissions [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.378 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [[email protected]].
10:17:09.381 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Starting validation for credentials [class org.picketlink.idm.credential.UsernamePasswordCredentials][[email protected]9ee] using identity store [[email protected]] and credential handler [[email protected]35ecbf5c].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - PLIDM001003: Trying to find account [jane] using default account type [class org.picketlink.idm.model.basic.Agent] with property [loginName].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - PLIDM001003: Trying to find account [jane] using default account type [class org.picketlink.idm.model.basic.User] with property [loginName].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Account NOT FOUND for credentials [class org.picketlink.idm.credential.UsernamePasswordCredentials][[email protected]ee].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Finishing validation for credential [class org.picketlink.idm.credential.UsernamePasswordCredentials][[email protected]ee] validated using identity store [[email protected]] and credential handler [[email protected]35ecbf5c]. Status [INVALID]. Validated Account [null]
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Credential status is [INVALID] and validated account [null]
10:17:09.386 [http-nio-8080-exec-7] WARN org.picketlink.authentication - PLINK002100: Authentication failed for account [jane].
10:17:09.386 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [[email protected]].
10:17:09.386 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Authentication is finished using credentials [[email protected]]. User id is [jane].
私は私が始める手助けするために、任意の有用な文書を見つけることができませんよ。あなたの誰かがこれらの2つを統合する経験を持っていますか? TomcatベースのJSFアプリケーションとPicketLinkを統合するためには何が必要ですか?代わりに、私はKeyCloakも見てきましたが、それもTomEEとの統合に関する指針はありません。