[seam-issues] [JBoss JIRA] Issue Comment Edited: (SEAMSECURITY-62) Using identity management to add user in group prevent user to login
wiktorowski maximilien (JIRA)
jira-events at lists.jboss.org
Wed May 11 03:43:19 EDT 2011
[ https://issues.jboss.org/browse/SEAMSECURITY-62?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12601227#comment-12601227 ]
wiktorowski maximilien edited comment on SEAMSECURITY-62 at 5/11/11 3:42 AM:
-----------------------------------------------------------------------------
More info on this, when we try to retrieve user's roles calling identitySession.getRoleManager().findUserRoleTypes(u) picketlink RoleManager call JpaIdentityStore.getRelationShipNames to retrieve role names.
The problem is that the function doesn't filter relationship entries with a null name (that correspond to a membership association).
Looking at HibernateIdentityStore shows they filter this using a "%" restriction on the query :
Path<String> rolesOnly = root.get(relationshipNameProperty.getName());
predicates.add(builder.like(rolesOnly, "%"));
That solves the roles loading, but then when we try to retrieves user's groups calling identitySession.getRelationshipManager().findAssociatedGroups(u) picketlink call this function :
public Collection<IdentityObject> findIdentityObject(
IdentityStoreInvocationContext invocationCxt, IdentityObject identity,
IdentityObjectRelationshipType relationshipType, boolean parent,
IdentityObjectSearchCriteria criteria) throws IdentityException
{
List<IdentityObject> objs = new ArrayList<IdentityObject>();
System.out.println("*** Invoked unimplemented method findIdentityObject()");
// TODO Auto-generated method stub
return objs;
}
was (Author: maximilien):
More info on this, when we try to retrieve user's roles calling identitySession.getRoleManager().findUserRoleTypes(u) picketlink RoleManager call JpaIdentityStore.getRelationShipNames to retrieves roleNames.
The problem is that the function doesn't filter relationship entries with a null name (that correspond to a membership association).
Looking at HibernateIdentityStore shows they filter this using a "%" restriction on the query :
Path<String> rolesOnly = root.get(relationshipNameProperty.getName());
predicates.add(builder.like(rolesOnly, "%"));
That solves the roles loading, but then when we try to retrieves user's groups calling identitySession.getRelationshipManager().findAssociatedGroups(u) picketlink call this function :
public Collection<IdentityObject> findIdentityObject(
IdentityStoreInvocationContext invocationCxt, IdentityObject identity,
IdentityObjectRelationshipType relationshipType, boolean parent,
IdentityObjectSearchCriteria criteria) throws IdentityException
{
List<IdentityObject> objs = new ArrayList<IdentityObject>();
System.out.println("*** Invoked unimplemented method findIdentityObject()");
// TODO Auto-generated method stub
return objs;
}
> Using identity management to add user in group prevent user to login
> --------------------------------------------------------------------
>
> Key: SEAMSECURITY-62
> URL: https://issues.jboss.org/browse/SEAMSECURITY-62
> Project: Seam Security
> Issue Type: Bug
> Affects Versions: 3.0.0.Final
> Reporter: wiktorowski maximilien
> Assignee: Shane Bryzak
>
> Hi,
> I'm using seam-security with JPAIdentityStore.
> When i use RelationshipManager to add a user in a group (as said in reference guide) i can not login anymore with this user.
> Indeed when i call associateUser the entry created in identityobjectrelationship table has a null name and when i call identity.login for this user i got :
> 10:03:27,292 ERROR [org.jboss.seam.security.IdentityImpl] Login failed: java.lang.RuntimeException: java.lang.IllegalArgumentException: name cannot be null
> at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:329) [:3.0.0.Final]
> at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:229) [:3.0.0.Final]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_20]
> at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
> at org.apache.el.parser.AstValue.invoke(AstValue.java:196) [:6.0.0.Final]
> at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) [:6.0.0.Final]
> at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43) [:6.0.0.Final]
> at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56) [:6.0.0.Final]
> at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43) [:6.0.0.Final]
> at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56) [:6.0.0.Final]
> at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:102) [:2.0.3-]
> at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:84) [:2.0.3-]
> at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:98) [:2.0.3-]
> at javax.faces.component.UICommand.broadcast(UICommand.java:311) [:2.0.3-]
> at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781) [:2.0.3-]
> at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246) [:2.0.3-]
> at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77) [:2.0.3-]
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) [:2.0.3-]
> at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) [:2.0.3-]
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) [:2.0.3-]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324) [:6.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
> at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67) [:6.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
> at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:118) [:]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [:6.0.0.Final]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [:6.0.0.Final]
> at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181) [:6.0.0.Final]
> at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285) [:1.1.0.Final]
> at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261) [:1.1.0.Final]
> at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]
> at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]
> at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]
> at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]
> at java.lang.Thread.run(Thread.java:619) [:1.6.0_20]
> Caused by: java.lang.IllegalArgumentException: name cannot be null
> at org.picketlink.idm.impl.api.model.SimpleRoleType.<init>(SimpleRoleType.java:41) [:1.5.0.Alpha02]
> at org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.findUserRoleTypes(RoleManagerImpl.java:580) [:1.5.0.Alpha02]
> at org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.findUserRoleTypes(RoleManagerImpl.java:552) [:1.5.0.Alpha02]
> at org.jboss.seam.security.management.IdmAuthenticator.authenticate(IdmAuthenticator.java:49) [:3.0.0.Final]
> at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:305) [:3.0.0.Final]
> ... 46 more
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list