使用JPA的PicketLink的基本HTTP身份验证失败

时间:2014-08-11 16:57:44

标签: jboss7.x jpa-2.0 picketlink

表单身份验证使用了正常运行的picketlink配置,没有任何问题。

我们现在正在尝试将HTTP身份验证添加到系统的另一部分,但它失败了 - 难以追踪错误。错误的堆栈跟踪:

  17:47:10,818 WARN  [org.picketlink.authentication] (http-ayodhya/127.0.0.1:8080-8) PLINK002100: Authentication failed for account [admin].: org.picketlink.authentication.AuthenticationException: Authentication failed.
        at org.picketlink.internal.AbstractIdentity.authenticate(AbstractIdentity.java:198) [picketlink-impl-2.6.0.Final.jar:]
        at org.picketlink.internal.AbstractIdentity.login(AbstractIdentity.java:105) [picketlink-impl-2.6.0.Final.jar:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
        at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
        at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:45) [weld-core-1.1.17.Final-redhat-1.jar:1.1.17.Final-redhat-1]
        at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105) [weld-core-1.1.17.Final-redhat-1.jar:1.1.17.Final-redhat-1]
        at org.jboss.weld.proxies.Identity$1509662680$Proxy$_$$_WeldClientProxy.login(Identity$1509662680$Proxy$_$$_WeldClientProxy.java)
        at org.picketlink.authentication.web.AuthenticationFilter.doFilter(AuthenticationFilter.java:144) [picketlink-api-2.6.0.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.jboss.modcluster.container.jbossweb.JBossWebContext$RequestListenerValve.event(JBossWebContext.java:91)
        at org.jboss.modcluster.container.jbossweb.JBossWebContext$RequestListenerValve.invoke(JBossWebContext.java:72)
        at org.jboss.as.web.session.ClusteredSessionValve.handleRequest(ClusteredSessionValve.java:134) [jboss-as-web-7.4.0.Final-redhat-4.jar:7.4.0.Final-redhat-4]
        at org.jboss.as.web.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:99) [jboss-as-web-7.4.0.Final-redhat-4.jar:7.4.0.Final-redhat-4]
        at org.jboss.as.web.session.JvmRouteValve.invoke(JvmRouteValve.java:92) [jboss-as-web-7.4.0.Final-redhat-4.jar:7.4.0.Final-redhat-4]
        at org.jboss.as.web.session.LockingValve.invoke(LockingValve.java:64) [jboss-as-web-7.4.0.Final-redhat-4.jar:7.4.0.Final-redhat-4]
        at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.4.0.Final-redhat-4.jar:7.4.0.Final-redhat-4]
        at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.4.0.Final-redhat-4.jar:7.4.0.Final-redhat-4]
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.4.0.Final-redhat-4.jar:7.4.0.Final-redhat-4]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:353) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:911) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at org.apache.tomcat.util.net.NioEndpoint$ChannelProcessor.run(NioEndpoint.java:920) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
        at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]

Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000200: Credential validation failed [org.picketlink.idm.credential.UsernamePasswordCredentials@7fda5ed6].
        at org.picketlink.idm.internal.ContextualIdentityManager.validateCredentials(ContextualIdentityManager.java:185) [picketlink-idm-impl-2.6.0.Final.jar:]
        at org.picketlink.internal.SecuredIdentityManager.validateCredentials(SecuredIdentityManager.java:76) [picketlink-impl-2.6.0.Final.jar:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
        at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
        at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:45) [weld-core-1.1.17.Final-redhat-1.jar:1.1.17.Final-redhat-1]
        at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105) [weld-core-1.1.17.Final-redhat-1.jar:1.1.17.Final-redhat-1]
        at org.jboss.weld.proxies.IdentityManager$-1462534089$Proxy$_$$_WeldClientProxy.validateCredentials(IdentityManager$-1462534089$Proxy$_$$_WeldClientProxy.java)
        at org.picketlink.authentication.internal.IdmAuthenticator.authenticate(IdmAuthenticator.java:54) [picketlink-impl-2.6.0.Final.jar:]
        at org.picketlink.internal.AbstractIdentity.authenticate(AbstractIdentity.java:185) [picketlink-impl-2.6.0.Final.jar:]
        ... 32 more
Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000501: Could not query IdentityType using query [org.picketlink.idm.query.internal.DefaultIdentityQuery@7c8ebfec].
        at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:148) [picketlink-idm-impl-2.6.0.Final.jar:]
        at org.picketlink.idm.credential.handler.AbstractCredentialHandler.getAccount(AbstractCredentialHandler.java:85) [picketlink-idm-api-2.6.0.Final.jar:]
        at org.picketlink.idm.credential.handler.PasswordCredentialHandler.getAccount(PasswordCredentialHandler.java:148) [picketlink-idm-api-2.6.0.Final.jar:]
        at org.picketlink.idm.credential.handler.PasswordCredentialHandler.getAccount(PasswordCredentialHandler.java:56) [picketlink-idm-api-2.6.0.Final.jar:]
        at org.picketlink.idm.credential.handler.AbstractCredentialHandler.validate(AbstractCredentialHandler.java:112) [picketlink-idm-api-2.6.0.Final.jar:]
        at org.picketlink.idm.credential.handler.AbstractCredentialHandler.validate(AbstractCredentialHandler.java:49) [picketlink-idm-api-2.6.0.Final.jar:]
        at org.picketlink.idm.internal.AbstractIdentityStore.validateCredentials(AbstractIdentityStore.java:139) [picketlink-idm-impl-2.6.0.Final.jar:]
        at org.picketlink.idm.internal.ContextualIdentityManager.validateCredentials(ContextualIdentityManager.java:183) [picketlink-idm-impl-2.6.0.Final.jar:]
        ... 42 more
Caused by: org.picketlink.idm.IdentityManagementException: Could not create [blah.blah.User@0 from entity [blah.blah.AdminUser@2bb4523d[username=admin,firstName=Test,lastName=<null>,email=admin@example.com,enabled=true,lastAccess=2013-10-11 14:37:32.419,defaultAccessLevel=<null>]].
        at org.picketlink.idm.jpa.internal.mappers.EntityMapper.createType(EntityMapper.java:209) [picketlink-idm-impl-2.6.0.Final.jar:]
        at org.picketlink.idm.jpa.internal.JPAIdentityStore.fetchQueryResults(JPAIdentityStore.java:524) [picketlink-idm-impl-2.6.0.Final.jar:]
        at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:137) [picketlink-idm-impl-2.6.0.Final.jar:]
        ... 49 more
Caused by: org.picketlink.idm.IdentityManagementException: No mapper for entity type [class blah.blah.RealmTypeEntity_$$_jvst83e_bc].
        at org.picketlink.idm.jpa.internal.JPAIdentityStore.getMapperForEntity(JPAIdentityStore.java:863) [picketlink-idm-impl-2.6.0.Final.jar:]
        at org.picketlink.idm.jpa.internal.mappers.EntityMapper.createType(EntityMapper.java:184) [picketlink-idm-impl-2.6.0.Final.jar:]
        ... 51 more

奇怪之处在于,尽管jvst部分保持不变,但每个部署的末尾类(blah.blah.RealmTypeEntity_$$_jvst83e_bc)的名称都会发生变化。

的web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

<distributable/>

  <filter>
    <filter-name>PicketLink Authentication Filter</filter-name>
    <filter-class>org.picketlink.authentication.web.AuthenticationFilter</filter-class>

    <!-- This parameter is required. Here you specify which authentication scheme you want to use. This quickstart
         uses HTTP Basic. -->
    <init-param>
      <param-name>authType</param-name>
      <param-value>BASIC</param-value>
    </init-param>

    <!-- You can also provide the realm name. If this parameter is not set, defaults to 'PicketLink Default Realm' -->
    <init-param>
      <param-name>realmName</param-name>
      <param-value>SECURE</param-value>
    </init-param>

  </filter>

  <filter-mapping>
    <filter-name>PicketLink Authentication Filter</filter-name>
    <url-pattern>/secure/*</url-pattern>
  </filter-mapping>
</web-app>

提供IdentityConfiguration并映射RealmTypeEntity.class。但是,它显然没有映射RealmTypeEntity_$$_jvst83e_bc变体,也不清楚它们来自哪里。

与很多东西的picketlink一样,google似乎没有什么帮助: - (

非常感谢任何帮助。

2 个答案:

答案 0 :(得分:1)

我有类似的问题。我将@Stateless注释添加到您调用identity.login()的类中。并且错误消失了。我有一个例子tested it

答案 1 :(得分:0)

什么&#34;其他&#34; HTTP auth是你添加到系统?您说您使用的是FORM安全性而没有问题,但您显示的代码中的param值表示BASIC。那是你的整个web.xml吗?我从来没有尝试过混合authType。