TomEE 7.0.1 で開発している JEE 7 webapp のセキュリティ ニーズのために PicketLink を統合しようとしています。PicketLink サイトの基本的な例を実装しました。ただし、PicketLink はフォーム入力の認証に失敗し、「資格情報にアカウントが見つかりません ...」というログが記録されます。これが私の実装です:
public class SecurityConfiguration {
public void onInit(@Observes org.picketlink.event.SecurityConfigurationEvent event) {
org.picketlink.config.SecurityConfigurationBuilder builder = event.getBuilder();
builder
.http()
.allPaths()
.authenticateWith()
.form()
.authenticationUri("/login.xhtml")
.loginPage("/") // Invokes a servlet which forwards to login.xhtml
.errorPage("/")
.redirectTo("/index.xhtml")
// .restoreOriginalRequest()
.forPath("/javax.faces.resource/*")
.unprotected()
.forPath("/logout")
.logout()
.redirectTo("/")
.forPath("/register.xhtml")
.unprotected();
}
}
@Singleton
@Startup
public class SecurityInitializer {
@Inject
private PartitionManager partitionManager;
//@Inject
//private IdentityManager identityManager; // This didn't work either
@PostConstruct
public void create() {
IdentityManager identityManager = this.partitionManager.createIdentityManager();
User user = new User("jane");
user.setEmail("jane@doe.com");
user.setFirstName("Jane");
user.setLastName("Doe");
identityManager.add(user);
identityManager.updateCredential(user, new Password("1234"));
}
}
login.xhtml
<body id="loginform">
<h:panelGroup layout="block" styleClass="login">
<h:form prependId="false">
<h:inputText id="j_username" value="#{loginCredentials.userId}" required="true" pt:placeholder="Username" />
<h:inputSecret id="j_password" value="#{loginCredentials.password}" required="true" pt:placeholder="Password" />
<h:commandButton value="Sign In" action="#{identity.login}"/>
</h:form>
</h:panelGroup>
</body>
ログ出力:
Performing authentication using credentials [org.picketlink.idm.credential.Password@55f9cac7]. User id is [jane].
10:17:09.161 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.authentication.event.PreAuthenticateEvent@164f832e].
10:17:09.163 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Authentication is going to be performed by authenticator [org.picketlink.authentication.internal.IdmAuthenticator@3a946b61]
10:17:09.163 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Validating credentials [org.picketlink.idm.credential.UsernamePasswordCredentials@5028d9ee] using PicketLink IDM.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Initializing Identity Management Subsystem.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Creating PartitionManager.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Building identity management configuration.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - IdentityConfiguration not provided by the application, creating a default IdentityConfigurationBuilder.
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.IdentityConfigurationEvent@465bebd2].
10:17:09.176 [http-nio-8080-exec-7] DEBUG org.picketlink - No configuration provided by the application. Configuring defaults.
10:17:09.181 [http-nio-8080-exec-7] DEBUG org.picketlink.common - Using logger implementation: org.picketlink.common.DefaultPicketLinkLogger
10:17:09.181 [http-nio-8080-exec-7] DEBUG org.picketlink - Auto configuring File Identity Store.
10:17:09.191 [http-nio-8080-exec-7] INFO org.picketlink.idm - PLIDM001000: Bootstrapping PicketLink IDM Partition Manager
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Identity Management Configuration: [
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Name: default
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Identity Store Configuration: [org.picketlink.idm.config.FileIdentityStoreConfiguration@f1f99fd]
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supports Partition: true
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supports Attribute: true
10:17:09.196 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supports Credential: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supports Permission: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - Supported Types: [interface org.picketlink.idm.model.IdentityType, interface org.picketlink.idm.model.Relationship, class org.picketlink.idm.model.basic.GroupMembership, class org.picketlink.idm.model.basic.Agent, class org.picketlink.idm.model.basic.Group, interface org.picketlink.idm.model.Partition, class org.picketlink.idm.model.basic.GroupRole, class org.picketlink.idm.model.basic.Realm, class org.picketlink.idm.model.basic.Grant, class org.picketlink.idm.model.basic.User, class org.picketlink.idm.model.basic.Role]
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm - ]
10:17:09.198 [http-nio-8080-exec-7] INFO org.picketlink.idm.identity.store - PLIDM001001: Initializing Identity Store [class org.picketlink.idm.file.internal.FileIdentityStore]
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - [org.picketlink.idm.config.FileIdentityStoreConfiguration@f1f99fd]: [
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Type: class org.picketlink.idm.file.internal.FileIdentityStore
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Supports partition: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Supports attribute: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Supports credential: true
10:17:09.198 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Credential Handlers: [class org.picketlink.idm.credential.handler.PasswordCredentialHandler, class org.picketlink.idm.credential.handler.X509CertificateCredentialHandler, class org.picketlink.idm.credential.handler.DigestCredentialHandler, class org.picketlink.idm.credential.handler.TOTPCredentialHandler, class org.picketlink.idm.credential.handler.TokenCredentialHandler]
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Supported types: [interface org.picketlink.idm.model.IdentityType, interface org.picketlink.idm.model.Relationship, class org.picketlink.idm.model.basic.GroupMembership, class org.picketlink.idm.model.basic.Agent, class org.picketlink.idm.model.basic.Group, interface org.picketlink.idm.model.Partition, class org.picketlink.idm.model.basic.GroupRole, class org.picketlink.idm.model.basic.Realm, class org.picketlink.idm.model.basic.Grant, class org.picketlink.idm.model.basic.User, class org.picketlink.idm.model.basic.Role]
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Unsupported types: []
10:17:09.248 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - Context Initializers: [org.picketlink.internal.AuthenticatedAccountContextInitializer@1a402a5]
10:17:09.256 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.identity.store - ]
10:17:09.276 [http-nio-8080-exec-7] WARN o.picketlink.idm.identity.store.file - PLIDM001101: Working directory [C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm] is marked to be always created. All your existing data will be lost.
10:17:09.328 [http-nio-8080-exec-7] INFO o.picketlink.idm.identity.store.file - PLIDM001100: Using working directory [C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm].
10:17:09.331 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - No partitions to load from C:\Everything Mine\bin\TomEE\apache-tomee-webprofile-7.0.1\temp\pl-idm\pl-idm-partitions.db
10:17:09.333 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.PartitionManagerCreateEvent@27bddd38].
10:17:09.336 [http-nio-8080-exec-7] DEBUG org.picketlink - Creating default partition using [class org.picketlink.idm.model.basic.Realm] and name [default].
10:17:09.343 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Initializing Partition [default] with id [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.346 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Identity Types [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.348 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Credentials [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.351 [http-nio-8080-exec-7] DEBUG o.picketlink.idm.identity.store.file - Loaded Permissions [0] for Partition [f1dec0b1-f9b2-4f34-b638-2d174dd5a475].
10:17:09.378 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.idm.event.PartitionCreatedEvent@6313ddb9].
10:17:09.381 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Starting validation for credentials [class org.picketlink.idm.credential.UsernamePasswordCredentials][org.picketlink.idm.credential.UsernamePasswordCredentials@5028d9ee] using identity store [org.picketlink.idm.file.internal.FileIdentityStore@20439b63] and credential handler [org.picketlink.idm.credential.handler.PasswordCredentialHandler@35ecbf5c].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - PLIDM001003: Trying to find account [jane] using default account type [class org.picketlink.idm.model.basic.Agent] with property [loginName].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - PLIDM001003: Trying to find account [jane] using default account type [class org.picketlink.idm.model.basic.User] with property [loginName].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Account NOT FOUND for credentials [class org.picketlink.idm.credential.UsernamePasswordCredentials][org.picketlink.idm.credential.UsernamePasswordCredentials@5028d9ee].
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.idm.credential - Finishing validation for credential [class org.picketlink.idm.credential.UsernamePasswordCredentials][org.picketlink.idm.credential.UsernamePasswordCredentials@5028d9ee] validated using identity store [org.picketlink.idm.file.internal.FileIdentityStore@20439b63] and credential handler [org.picketlink.idm.credential.handler.PasswordCredentialHandler@35ecbf5c]. Status [INVALID]. Validated Account [null]
10:17:09.383 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Credential status is [INVALID] and validated account [null]
10:17:09.386 [http-nio-8080-exec-7] WARN org.picketlink.authentication - PLINK002100: Authentication failed for account [jane].
10:17:09.386 [http-nio-8080-exec-7] DEBUG org.picketlink - Firing event [org.picketlink.authentication.event.LoginFailedEvent@13834ca3].
10:17:09.386 [http-nio-8080-exec-7] DEBUG org.picketlink.authentication - Authentication is finished using credentials [org.picketlink.idm.credential.Password@55f9cac7]. User id is [jane].
始めるのに役立つドキュメントが見つかりません。これらの 2 つを統合した経験がある人はいますか。PicketLink を TomEE ベースの JSF アプリと統合するには、何をする必要がありますか? または、KeyCloak も調べましたが、TomEE との統合に関する指針はありません。