0

我正在尝试集成 PicketLink 以满足我正在使用 TomEE 7.0.1 开发的 JEE 7 webapp 的安全需求。我已经实现了来自 PicketLink 站点的基本示例。但是,PicketLink 无法验证表单输入并记录“未找到凭据的帐户...”。这是我的实现:

public class SecurityConfiguration {
    public void onInit(@Observes org.picketlink.event.SecurityConfigurationEvent event) {
        org.picketlink.config.SecurityConfigurationBuilder builder = event.getBuilder();

        builder
            .http()
                .allPaths()
                    .authenticateWith()
                        .form()
                            .authenticationUri("/login.xhtml")
                            .loginPage("/") // Invokes a servlet which forwards to login.xhtml
                            .errorPage("/")
                            .redirectTo("/index.xhtml")
//                            .restoreOriginalRequest()
                .forPath("/javax.faces.resource/*")
                    .unprotected()
                .forPath("/logout")
                    .logout()
                    .redirectTo("/")
                .forPath("/register.xhtml")
                    .unprotected();
    }
}

@Singleton
@Startup
public class SecurityInitializer {
    @Inject
    private PartitionManager partitionManager;

    //@Inject
    //private IdentityManager identityManager; // This didn't work either

    @PostConstruct
    public void create() {
        IdentityManager identityManager = this.partitionManager.createIdentityManager();

        User user = new User("jane");

        user.setEmail("jane@doe.com");
        user.setFirstName("Jane");
        user.setLastName("Doe");

        identityManager.add(user);
        identityManager.updateCredential(user, new Password("1234"));
    }
}

登录.xhtml

<body id="loginform">
        <h:panelGroup layout="block" styleClass="login"> 
            <h:form prependId="false">
                <h:inputText id="j_username" value="#{loginCredentials.userId}" required="true" pt:placeholder="Username" />
                <h:inputSecret id="j_password" value="#{loginCredentials.password}" required="true" pt:placeholder="Password" />
                <h:commandButton value="Sign In" action="#{identity.login}"/>
            </h:form>
        </h:panelGroup>
    </body>

日志输出:

Performing authentication using credentials [org.picketlink.idm.credential.Password@55f9cac7]. User id is [jane].
10:17:09.161 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.authentication.event.PreAuthenticateEvent@164f832e].
10:17:09.163 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Authentication is going to be performed by authenticator [org.picketlink.authentication.internal.IdmAuthenticator@3a946b61]
10:17:09.163 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Validating credentials [org.picketlink.idm.credential.UsernamePasswordCredentials@5028d9ee] using PicketLink IDM.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Initializing Identity Management Subsystem.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Creating PartitionManager.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Building identity management configuration.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - IdentityConfiguration not provided by the application, creating a default IdentityConfigurationBuilder.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.IdentityConfigurationEvent@465bebd2].
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - No configuration provided by the application. Configuring defaults.
10:17:09.181 [http-nio-8080-exec-7] DEBUG org.picketlink.common - Using logger implementation: org.picketlink.common.DefaultPicketLinkLogger
10:17:09.181 [http-nio-8080-exec-7] DEBUG org.picketlink - Auto configuring File Identity Store.
10:17:09.191 [http-nio-8080-exec-7] INFO  org.picketlink.idm - PLIDM001000: Bootstrapping PicketLink IDM Partition Manager
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -   Identity Management Configuration: [
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -     Name: default
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -     Identity Store Configuration: [org.picketlink.idm.config.FileIdentityStoreConfiguration@f1f99fd]
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -     Supports Partition: true
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -     Supports Attribute: true
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -     Supports Credential: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -     Supports Permission: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -     Supported Types: [interface org.picketlink.idm.model.IdentityType, interface org.picketlink.idm.model.Relationship, class org.picketlink.idm.model.basic.GroupMembership, class org.picketlink.idm.model.basic.Agent, class org.picketlink.idm.model.basic.Group, interface org.picketlink.idm.model.Partition, class org.picketlink.idm.model.basic.GroupRole, class org.picketlink.idm.model.basic.Realm, class org.picketlink.idm.model.basic.Grant, class org.picketlink.idm.model.basic.User, class org.picketlink.idm.model.basic.Role]
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm -   ]
10:17:09.198 [http-nio-8080-exec-7] INFO  org.picketlink.idm.identity.store - PLIDM001001: Initializing Identity Store [class org.picketlink.idm.file.internal.FileIdentityStore]
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - [org.picketlink.idm.config.FileIdentityStoreConfiguration@f1f99fd]: [
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store -   Type: class org.picketlink.idm.file.internal.FileIdentityStore
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store -   Supports partition: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store -   Supports attribute: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store -   Supports credential: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store -   Credential Handlers: [class org.picketlink.idm.credential.handler.PasswordCredentialHandler, class org.picketlink.idm.credential.handler.X509CertificateCredentialHandler, class org.picketlink.idm.credential.handler.DigestCredentialHandler, class org.picketlink.idm.credential.handler.TOTPCredentialHandler, class org.picketlink.idm.credential.handler.TokenCredentialHandler]
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store -   Supported types: [interface org.picketlink.idm.model.IdentityType, interface org.picketlink.idm.model.Relationship, class org.picketlink.idm.model.basic.GroupMembership, class org.picketlink.idm.model.basic.Agent, class org.picketlink.idm.model.basic.Group, interface org.picketlink.idm.model.Partition, class org.picketlink.idm.model.basic.GroupRole, class org.picketlink.idm.model.basic.Realm, class org.picketlink.idm.model.basic.Grant, class org.picketlink.idm.model.basic.User, class org.picketlink.idm.model.basic.Role]
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store -   Unsupported types: []
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store -   Context Initializers: [org.picketlink.internal.AuthenticatedAccountContextInitializer@1a402a5]
10:17:09.256 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - ]
10:17:09.276 [http-nio-8080-exec-7] WARN  o.picketlink.idm.identity.store.file - PLIDM001101: Working directory [C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm] is marked to be always created. All your existing data will be lost.
10:17:09.328 [http-nio-8080-exec-7] INFO  o.picketlink.idm.identity.store.file - PLIDM001100: Using working directory [C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm].
10:17:09.331 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - No partitions to load from C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm\pl-idm-partitions.db
10:17:09.333 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.PartitionManagerCreateEvent@27bddd38].
10:17:09.336 [http-nio-8080-exec-7] DEBUG org.picketlink - Creating default partition using [class org.picketlink.idm.model.basic.Realm] and name [default].
10:17:09.343 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Initializing Partition [default] with id [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.346 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Identity Types [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.348 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Credentials [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.351 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Permissions [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.378 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.idm.event.PartitionCreatedEvent@6313ddb9].
10:17:09.381 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Starting validation for credentials [class org.picketlink.idm.credential.UsernamePasswordCredentials][org.picketlink.idm.credential.UsernamePasswordCredentials@5028d9ee] using identity store [org.picketlink.idm.file.internal.FileIdentityStore@20439b63] and credential handler [org.picketlink.idm.credential.handler.PasswordCredentialHandler@35ecbf5c].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - PLIDM001003: Trying to find account [jane] using default account type [class org.picketlink.idm.model.basic.Agent] with property [loginName].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - PLIDM001003: Trying to find account [jane] using default account type [class org.picketlink.idm.model.basic.User] with property [loginName].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Account NOT FOUND for credentials [class org.picketlink.idm.credential.UsernamePasswordCredentials][org.picketlink.idm.credential.UsernamePasswordCredentials@5028d9ee].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Finishing validation for credential [class org.picketlink.idm.credential.UsernamePasswordCredentials][org.picketlink.idm.credential.UsernamePasswordCredentials@5028d9ee] validated using identity store [org.picketlink.idm.file.internal.FileIdentityStore@20439b63] and credential handler [org.picketlink.idm.credential.handler.PasswordCredentialHandler@35ecbf5c]. Status [INVALID]. Validated Account [null]
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Credential status is [INVALID] and validated account [null]
10:17:09.386 [http-nio-8080-exec-7] WARN  org.picketlink.authentication - PLINK002100: Authentication failed for account [jane].
10:17:09.386 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.authentication.event.LoginFailedEvent@13834ca3].
10:17:09.386 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Authentication is finished using credentials [org.picketlink.idm.credential.Password@55f9cac7]. User id is [jane].

我找不到任何有用的文件来帮助我开始。有没有人有任何整合这两者的经验。我需要做什么才能将 PicketLink 与基于 TomEE 的 JSF 应用程序集成?或者,我也查看了 KeyCloak,但它也没有与 TomEE 集成的任何指示。

4

1 回答 1

0

由 picketlink 提供的 picketlink-authentication-form-with-jsf 示例在 tomee 上运行。

以下是所需的依赖项:

<dependency>
  <groupId>org.picketlink</groupId>
  <artifactId>picketlink-api</artifactId>
  <version>${version.picketlink}</version>
</dependency>
<dependency>
  <groupId>org.picketlink</groupId>
  <artifactId>picketlink-impl</artifactId>
  <version>${version.picketlink}</version>
</dependency>
<dependency>
  <groupId>org.jboss.logging</groupId>
  <artifactId>jboss-logging</artifactId>
  <version>3.2.1.Final</version>
</dependency>

(不要忘记不会传递的 jboss-logging)

要运行该示例,您还需要 javaee-api 和 myfaces-api 来获取 EE 依赖项,但这两个应该在提供的范围内。

于 2016-09-23T11:01:11.597 回答