我一直在关注JBoss Picketlink 2.5.x documentation found here,试图创建一个自定义User模型来验证我的应用程序。我的应用程序是部署在JBoss EAP 6.2上的典型JavaEE 6应用程序。我已经能够成功创建自定义User模型类,并且能够毫无问题地保持用户。我看到我的自定义属性按预期反映在数据库中。我的自定义User模型如下所示:
public class ExtendedUser extends User {
private static final long serialVersionUID = -9132382669181464122L;
@AttributeProperty
private String uniqueIdentifier = null;
...
}
...创建新用户帐户的代码如下所示:
ExtendedUser u = new ExtendedUser(username);
u.setFirstName(firstName);
u.setLastName(lastName);
u.setEmail(emailAddress);
u.setUniqueIdentifier(UUID.randomUUID().toString());
idm.add(u);
idm.updateCredential(u, new Password(password));
此外,我有一个用户帐户的自定义实体模型,如下所示:
@Entity(name = "UserAccount")
@Table(name = "tbl_user_account", uniqueConstraints = {
@UniqueConstraint(columnNames = { "email" }) })
@IdentityManaged({ ExtendedUser.class, Agent.class })
public class UserAccountBean extends BaseAccountIdentityBean implements
IdentifiedDomainEntity {
private static final long serialVersionUID = -537779599507513418L;
<snip... irrelevant fields...>
@Column(length = ValidationConstants.UUID_LEN, unique = true)
@Unique
@Length(max = ValidationConstants.UUID_LEN)
@Index(name = "idx_user_account_uniqueid")
@AttributeValue(name = "uniqueIdentifier")
// @NotEmpty
private String uniqueIdentifier = null;
...
我看到正在按预期填充数据库表中的uniqueIdentifier属性。但是,每当我尝试使用以这种方式创建的用户进行身份验证时,身份验证都会失败。每次。我还需要做些什么才能使用我的自定义User对象吗?在创建Identity或IdentityManager个实例时,我是否必须在某处指定它?我的身份验证代码相对简单,如下所示:
@Inject
private DefaultLoginCredentials loginCredentials = null;
...
loginCredentials.setUserId(loginName);
loginCredentials.setPassword(password);
AuthenticationResult result = identity.login();
if (logger.isDebugEnabled()) {
logger.debug("authenticate(String, String, String) - AuthenticationResult result=" + result); //$NON-NLS-1$
}
正如我所提到的,这段代码每次都失败了。我已经完成了双重检查密码的完整性检查,我知道它们是正确的。我没有看到写入日志的任何异常或错误,所以我不确定问题是什么。如果我使用Picketlink库提供的标准User对象,即使我对后端数据库使用相同的实体,代码也能正常工作。只有在使用ExtendedUser时它才会失败,所以我确定我遗漏了一些东西。有什么建议吗?
更新:Picketlink 2.6.0似乎添加了更多日志记录。我已升级但仍然失败,但现在我看到以下错误消息:
14:41:23,133 DEBUG [org.picketlink.idm.credential] (http-localhost/127.0.0.1:9080-3) Starting validation for credentials [class org.picketlink.idm.credential.UsernamePasswordCredentials][org.picketlink.idm.credential.UsernamePasswordCredentials@56370e07] using identity store [org.picketlink.idm.jpa.internal.JPAIdentityStore@22ef0c6c] and credential handler [org.picketlink.idm.credential.handler.PasswordCredentialHandler@387a19c9].
14:41:23,134 DEBUG [org.picketlink.idm.credential] (http-localhost/127.0.0.1:9080-3) PLIDM001003: Trying to find account [user6_4] using default account type [class org.picketlink.idm.model.basic.User] with property [loginName].
14:41:23,136 DEBUG [org.picketlink.idm.credential] (http-localhost/127.0.0.1:9080-3) PLIDM001003: Trying to find account [user6_4] using default account type [class org.picketlink.idm.model.basic.Agent] with property [loginName].
14:41:23,138 DEBUG [org.picketlink.idm.credential] (http-localhost/127.0.0.1:9080-3) Account NOT FOUND for credentials [class org.picketlink.idm.credential.UsernamePasswordCredentials][org.picketlink.idm.credential.UsernamePasswordCredentials@56370e07].
因此,很明显Picketlink正在尝试使用标准User对象进行身份验证,而不是我的自定义对象。也就是说,我如何告诉Picketlink使用我的自定义ExtendedUser对象进行身份验证?
答案 0 :(得分:2)
我和你一样经历了同样的痛苦。我一直在尝试添加自己的用户帐户。我能够让它工作的唯一原因是你提到PicketLink试图找到用户和代理类型的帐户!这意味着您必须实现自己的PasswordCredentialHandler。别担心!您只需将this class和this class复制到您的项目即可。在AbstractCredentialHandler的“configureDefaultSupportedAccountTypes”方法中,您将看到以下内容:
if (!this.defaultAccountTypes.contains(User.class)) {
this.defaultAccountTypes.add(User.class);
}
if (!this.defaultAccountTypes.contains(Agent.class)) {
this.defaultAccountTypes.add(Agent.class);
}
只需将自定义帐户类添加到其中:
if (!this.defaultAccountTypes.contains(CustomUser.class)) {
this.defaultAccountTypes.add(CustomUser.class);
}
您要做的最后一件事是将PasswordCredentialHandler添加到IDMConfigurtion:
private void initConfig() {
IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();
builder
.named("default")
.stores()
.jpa()
.mappedEntity(
AccountTypeEntity.class,
RoleTypeEntity.class,
GroupTypeEntity.class,
IdentityTypeEntity.class,
RelationshipTypeEntity.class,
RelationshipIdentityTypeEntity.class,
PartitionTypeEntity.class,
PasswordCredentialTypeEntity.class,
AttributeTypeEntity.class,
CustomUserEntity.class
)
.supportGlobalRelationship(Relationship.class)
.addContextInitializer(this.contextInitializer)
.addCredentialHandler(PasswordCredentialHandler.class)
.supportAllFeatures();
identityConfig = builder.build();
我希望这有帮助!
答案 1 :(得分:1)
所以我用PicketLink 2.6.0.Final尝试了。也许您应该重新下载AbstractCredentialHandler并将您的类添加到defaultAccountTypes ArrayList,如下所示:
private void configureDefaultSupportedAccountTypes(final S store) {
this.defaultAccountTypes = new ArrayList<Class<? extends Account>>();
for (Class<? extends AttributedType> supportedType : store.getConfig().getSupportedTypes().keySet()) {
if (!Account.class.equals(supportedType) && Account.class.isAssignableFrom(supportedType)) {
this.defaultAccountTypes.add((Class<? extends Account>) supportedType);
}
}
//Add your CustomUser.class to the list
if (!this.defaultAccountTypes.contains(CustomUser.class)) {
this.defaultAccountTypes.add(CustomUser.class);
}
if (this.defaultAccountTypes.isEmpty()) {
throw MESSAGES.credentialNoAccountTypeProvided();
}
}
<强>替代: 如果你不想,我不认为你必须做上述事情。在配置IdentityConfig时,您只需添加支持的类型,如下所示:
IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();
builder
.named("default")
.stores()
.jpa()
.supportType(CustomUser.class)
.mappedEntity(
...