我正在尝试使用JWT令牌保护RESTful Web服务;它基本上是picketlink-angularjs-rest: PicketLink AngularJS and REST Security快速启动,但使用LDAP(AD)标识存储。
当客户端尝试获取令牌时,LDAP授权正常,但在JWSTokenProvider attempts to update the account with the token时会出现NullPointerException。
14:18:51,463 ERROR [org.picketlink.http] (default task-1) Exception thrown during processing for path [/web/rest/authenticate]. Sending error with status code [500].: javax.ejb.EJBException: org.picketlink.idm.IdentityManagementException: PLIDM000201: Credential update failed for account [org.picketlink.idm.model.basic.User@bd0f05c0] and type [app.security.jws.JWSToken@7abd2a33].
(...)
at org.picketlink.http.internal.authentication.schemes.TokenAuthenticationScheme.issueToken(TokenAuthenticationScheme.java:222) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.authentication.schemes.TokenAuthenticationScheme.onPostAuthentication(TokenAuthenticationScheme.java:128) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.SecurityFilter.performAuthenticationIfRequired(SecurityFilter.java:437) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.SecurityFilter.doFilter(SecurityFilter.java:174) [picketlink-impl-2.7.0.Final.jar:]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
(...)
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]
Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000201: Credential update failed for account [org.picketlink.idm.model.basic.User@bd0f05c0] and type [app.security.jws.JWSToken@7abd2a33].
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:235) [picketlink-idm-impl-2.7.0.Final.jar:]
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:217) [picketlink-idm-impl-2.7.0.Final.jar:]
at app.security.jws.JWSTokenProvider.issue(JWSTokenProvider.java:50) [app-1.0-SNAPSHOT.jar:]
(...)
... 75 more
Caused by: java.lang.NullPointerException
at org.picketlink.idm.internal.DefaultStoreSelector.getStoreForCredentialOperation(DefaultStoreSelector.java:221) [picketlink-idm-impl-2.7.0.Final.jar:]
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:231) [picketlink-idm-impl-2.7.0.Final.jar:]
... 112 more
(完整的堆栈跟踪是here)
如何使此方案有效?或者如果在PicketLink中不可能,那么替代方案是什么?“我正在使用Java EE 7和WildFly应用服务器。
答案 0 :(得分:2)
可能不支持此配置?检查Picketlink文档:http://docs.jboss.org/picketlink/2/latest/reference/html/sect-Built-in_Credential_Handlers.html
org.picketlink.idm.credential.TokenCredential JPAIdentityStore和FileBasedIdentityStore