[seam-issues] [JBoss JIRA] Commented: (SEAMSECURITY-62) Using identity management to add user in group prevent user to login
wiktorowski maximilien (JIRA)
jira-events at lists.jboss.org
Wed May 11 03:41:18 EDT 2011
[ https://issues.jboss.org/browse/SEAMSECURITY-62?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12601227#comment-12601227 ]
wiktorowski maximilien commented on SEAMSECURITY-62:
----------------------------------------------------
More info on this, when we try to retrieves user's roles calling identitySession.getRoleManager() .findUserRoleTypes(u) picketlink RoleManager call JpaIdentityStore.getRelationShipNames to retrieves roleNames.
The problem is that the function doesn't filter relationship entries with a null name (that correspond to a membership association).
Looking at HibernateIdentityStore shows they filter this using a "%" restriction on the query :
Path<String> rolesOnly = root.get(relationshipNameProperty.getName());
predicates.add(builder.like(rolesOnly, "%"));
That solves the roles loading, but then when try to retrieves user's groups calling identitySession.getRelationshipManager().findAssociatedGroups(u) picketlink call this function :
public Collection<IdentityObject> findIdentityObject(
IdentityStoreInvocationContext invocationCxt, IdentityObject identity,
IdentityObjectRelationshipType relationshipType, boolean parent,
IdentityObjectSearchCriteria criteria) throws IdentityException
{
List<IdentityObject> objs = new ArrayList<IdentityObject>();
System.out.println("*** Invoked unimplemented method findIdentityObject()");
// TODO Auto-generated method stub
return objs;
}
> Using identity management to add user in group prevent user to login
> --------------------------------------------------------------------
>
> Key: SEAMSECURITY-62
> URL: https://issues.jboss.org/browse/SEAMSECURITY-62
> Project: Seam Security
> Issue Type: Bug
> Affects Versions: 3.0.0.Final
> Reporter: wiktorowski maximilien
> Assignee: Shane Bryzak
>
> Hi,
> I'm using seam-security with JPAIdentityStore.
> When i use RelationshipManager to add a user in a group (as said in reference guide) i can not login anymore with this user.
> Indeed when i call associateUser the entry created in identityobjectrelationship table has a null name and when i call identity.login for this user i got :
> 10:03:27,292 ERROR [org.jboss.seam.security.IdentityImpl] Login failed: java.lang.RuntimeException: java.lang.IllegalArgumentException: name cannot be null
> at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:329) [:3.0.0.Final]
> at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:229) [:3.0.0.Final]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_20]
> at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
> at org.apache.el.parser.AstValue.invoke(AstValue.java:196) [:6.0.0.Final]
> at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) [:6.0.0.Final]
> at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43) [:6.0.0.Final]
> at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56) [:6.0.0.Final]
> at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43) [:6.0.0.Final]
> at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56) [:6.0.0.Final]
> at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:102) [:2.0.3-]
> at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:84) [:2.0.3-]
> at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:98) [:2.0.3-]
> at javax.faces.component.UICommand.broadcast(UICommand.java:311) [:2.0.3-]
> at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781) [:2.0.3-]
> at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246) [:2.0.3-]
> at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77) [:2.0.3-]
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) [:2.0.3-]
> at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) [:2.0.3-]
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) [:2.0.3-]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324) [:6.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
> at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67) [:6.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
> at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:118) [:]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [:6.0.0.Final]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [:6.0.0.Final]
> at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181) [:6.0.0.Final]
> at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285) [:1.1.0.Final]
> at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261) [:1.1.0.Final]
> at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]
> at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]
> at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]
> at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]
> at java.lang.Thread.run(Thread.java:619) [:1.6.0_20]
> Caused by: java.lang.IllegalArgumentException: name cannot be null
> at org.picketlink.idm.impl.api.model.SimpleRoleType.<init>(SimpleRoleType.java:41) [:1.5.0.Alpha02]
> at org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.findUserRoleTypes(RoleManagerImpl.java:580) [:1.5.0.Alpha02]
> at org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.findUserRoleTypes(RoleManagerImpl.java:552) [:1.5.0.Alpha02]
> at org.jboss.seam.security.management.IdmAuthenticator.authenticate(IdmAuthenticator.java:49) [:3.0.0.Final]
> at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:305) [:3.0.0.Final]
> ... 46 more
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list